Outsourced Purchasing for Contract Manufacturing vs more typical/simple Supplier Management

#1
A medical device company (A) decides to utilize contract manufacturing to produce their medical device.
The services that the contract manufacturer (B) will perform include: Purchasing components (some with specific suppliers or subspecifications specified by A and some not), Incoming Parts Inspection, Assembly, In Process and Final Acceptance Testing, Distribution, and Production Process Monitoring and Control.

Company A will purchase the medical device from contract manufacturer B, and so will need an in-house Purchasing process within their QMS, but this will only handle internal business needs, Product Design, and the purchasing of finished systems from contract manufacturer B.

The manufacturing tasks seem to clearly include outsourced service/processes for Incoming Parts Inspection, Assembly, In Process and Final Acceptance Testing, Distribution, and Production Process Monitoring and Control.

The manufacturing tasks seem to also include an outsourced service/process for the Purchasing of components required for the manufacturing of the medical device, but it is not clear to me how or why this is different from similar issues in an otherwise typical n-tier supply chain that didn't outsource manufacturing.

Questions:
1) Wouldn't outsourcing of manufacturing typically include outsourcing of purchasing for the parts needed for manufacturing? (I understand that you could supply the parts directly or hire a separate company to purchase and supply the manufacturer, but I am thinking of a more typical case.)

2) How is this outsourcing of purchasing process for contract manufacturing different from the purchasing process (conducted by various suppliers) of sub-components in the normal n-tier supply chain of individual parts (regardless of who manufactures the final medical device or the individual parts at any level)?

I ask, as I am not sure how to define/limit the scope of activities in a QMS for the purchasing activities at the contract manufacturer. It seems like we need to define the outsourcing of purchasing process to the contract manufacturer (because the purchasing of production parts needs to be controlled by some form of purchasing process), but if this is the case, it also seems like we would do the same all the way down our supply chain for every part (which seems ludicrous / inappropriate). I am not understanding the rationale/principle for justifying that one of these is not an outsourced process (or when to stop saying it is), while one of them is.

I know that 13485 expects QMS process effort to be identified and implemented proportional to Risk (Product Safety, Product Quality, Product Compliance, Process Compliance), but it does not otherwise provide guidance on when the Outsourcing of purchasing process is needed vs simple ordinary supply chain purchasing.

3) Does the subsequent provision of the product make the difference (product will next be distributed/released to customer/market vs component just supplied to next level in normal supply chain)?

4) Does the level of the product make the difference (final medical device, vs components)?

5) Does the level of part specification make the difference (outsource purchasing as far down as you identify part specifications)?

6) Does the level of supplier specification make the difference (outsource as far down as you identify part suppliers)?

7) Any combination of the above or some completely different distinction?

Thanks in advance for any wisdom!
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Leader
Admin
#2
I know that 13485 expects QMS process effort to be identified and implemented proportional to Risk (Product Safety, Product Quality, Product Compliance, Process Compliance), but it does not otherwise provide guidance on when the Outsourcing of purchasing process is needed vs simple ordinary supply chain purchasing.
I moved the thread to the ISO 13485 Forum. In this day and age of disrupted supply chains, I see a HUGE risk that would require mitigation, in my point of view: Despite your organization providing the components specifications for the contract manufacturer (CM) to purchase against, I can almost guarantee that due to shortages and pricing fluctuations, the CM's buyers would be enticed to accept "slight" different componentry for your assemblies and, chances are, you as the legal manufacturer would have no idea of what is happening. How do you mitigate that risk?
 
#3
Hmmm, where to start?

4.1.5 When the organization chooses to outsource any process that affects product conformity to
requirements, it shall monitor and ensure control over such processes. The organization shall retain
responsibility of conformity to this International Standard...


This may be best explained in examples.

Example 1
Company A is the legal manufacturer of an implantable medical device. Company B is the contract manufacturer. Company A selects, evaluates, and approves suppliers and performs all purchasing of medical device components. Company A sends all components to Company B. There is a written agreement that Company B will only use the components that Company A provides.

Example 2
Company A is the legal manufacturer of an implantable medical device. Company B is the contract manufacturer. Company A selects, evaluates, and approves suppliers. Company B orders components from the suppliers approved by Company A. There is a written agreement that Company B will only purchase components from the suppliers that Company A has approved.

Example 3
Company A is the legal manufacturer of an implantable medical device. Company B is the contract manufacturer. Company B selects and evaluates suppliers and sends this information to Company A for approval. There is a written agreement that Company B will only purchase components from the suppliers that Company A has approved. The written agreement is periodically amended to list new approved suppliers.

Example 4
Company A is the legal manufacturer of a medium-risk medical device. Company B is the contract manufacturer. There is a written agreement that Company B will only use suppliers that meet certain criteria. There is also an agreement that each lot history record contain full traceability to the material level and supplier information. Company A reviews each history record to confirm that all material and supplier requirements have been met.

Example 5
Company A is the legal manufacturer of a low-risk medical device. Company B is the contract manufacturer. There is a written agreement that Company B will only use suppliers that have a quality system. Periodically, Company A will audit Company B, and during this time, Company A will assess whether the requirements listed in the agreement continue to be met.
 

somashekar

Leader
Admin
#4
A medical device company (A) decides to utilize contract manufacturing to produce their medical device.
The services that the contract manufacturer (B) will perform include: Purchasing components (some with specific suppliers or subspecifications specified by A and some not), Incoming Parts Inspection, Assembly, In Process and Final Acceptance Testing, Distribution, and Production Process Monitoring and Control.

Company A will purchase the medical device from contract manufacturer B, and so will need an in-house Purchasing process within their QMS, but this will only handle internal business needs, Product Design, and the purchasing of finished systems from contract manufacturer B.

The manufacturing tasks seem to clearly include outsourced service/processes for Incoming Parts Inspection, Assembly, In Process and Final Acceptance Testing, Distribution, and Production Process Monitoring and Control.

The manufacturing tasks seem to also include an outsourced service/process for the Purchasing of components required for the manufacturing of the medical device, but it is not clear to me how or why this is different from similar issues in an otherwise typical n-tier supply chain that didn't outsource manufacturing.

Questions:
1) Wouldn't outsourcing of manufacturing typically include outsourcing of purchasing for the parts needed for manufacturing? (I understand that you could supply the parts directly or hire a separate company to purchase and supply the manufacturer, but I am thinking of a more typical case.)

2) How is this outsourcing of purchasing process for contract manufacturing different from the purchasing process (conducted by various suppliers) of sub-components in the normal n-tier supply chain of individual parts (regardless of who manufactures the final medical device or the individual parts at any level)?

I ask, as I am not sure how to define/limit the scope of activities in a QMS for the purchasing activities at the contract manufacturer. It seems like we need to define the outsourcing of purchasing process to the contract manufacturer (because the purchasing of production parts needs to be controlled by some form of purchasing process), but if this is the case, it also seems like we would do the same all the way down our supply chain for every part (which seems ludicrous / inappropriate). I am not understanding the rationale/principle for justifying that one of these is not an outsourced process (or when to stop saying it is), while one of them is.

I know that 13485 expects QMS process effort to be identified and implemented proportional to Risk (Product Safety, Product Quality, Product Compliance, Process Compliance), but it does not otherwise provide guidance on when the Outsourcing of purchasing process is needed vs simple ordinary supply chain purchasing.

3) Does the subsequent provision of the product make the difference (product will next be distributed/released to customer/market vs component just supplied to next level in normal supply chain)?

4) Does the level of the product make the difference (final medical device, vs components)?

5) Does the level of part specification make the difference (outsource purchasing as far down as you identify part specifications)?

6) Does the level of supplier specification make the difference (outsource as far down as you identify part suppliers)?

7) Any combination of the above or some completely different distinction?

Thanks in advance for any wisdom!
All of your above questions and any more has to be thought, brainstormed and documented in detail in the quality agreement, about which it is mentioned in Clause 4.1.5. What ever are the type and extent of controls decided has to be agreed with your contract manufacturer (B) and such records have to be maintained.
 

somashekar

Leader
Admin
#5
I moved the thread to the ISO 13485 Forum. In this day and age of disrupted supply chains, I see a HUGE risk that would require mitigation, in my point of view: Despite your organization providing the components specifications for the contract manufacturer (CM) to purchase against, I can almost guarantee that due to shortages and pricing fluctuations, the CM's buyers would be enticed to accept "slight" different componentry for your assemblies and, chances are, you as the legal manufacturer would have no idea of what is happening. How do you mitigate that risk?
A very valid point.
ISO 13485 has covered this within the Clause 7.4.2 by way of written agreement about Change control notification. This can effectively be brought within the quality agreement as required in the Clause 4.1.5. Design and development outputs must also consider such risks in the design review activities and cover them by provision of alternatives within the Bill of Materials. What ever happens dynamically the organization shall retain the responsibility to medical device safety and performance, customer requirement and regulatory requirement. Therefore, the interaction between the organization and the CM must be periodically reviewed and necessary changes must be bought into the quality agreement by way of amendments.
 

Hi_Its_Matt

Involved In Discussions
#6
I think @indubioush hit the nail on the head with his examples. I have worked for OEMs, contract design companies, and contract manufacturers, and in my experience, Example 2 is probably the most common (but I am also biased towards higher risk devices).

Example 1, to me, seems like a logistical nightmare. There are a dozen reasons I can think of why it would better to have the contract manufacturer purchase components, instead of the legal manufacturer. (Improved inventory control, strong existing relationships with sub-tier suppliers, and pricing discounts from those suppliers are just three reasons.)

Examples 3-5 would be a bit non-standard, because supplier evaluation and approval is really part of the design process. The legal manufacturer should definitely involve its contract manufacturer in the supplier selection and evaluation process, but the legal manufacturer should be leading the activity (primarily because they know more about the risks involved with the device and individual components).

Wouldn't outsourcing of manufacturing typically include outsourcing of purchasing for the parts needed for manufacturing
Yes.
The legal manufacturer/device designer specifies the parts and assemblies that make up the design, and the suppliers of those parts/assemblies. The CM then just purchases those parts and assemblies when they build the final device.

The level of control and specification diverges when you start talking about off-the-shelf versus custom assemblies.

For an off-the-shelf assembly, the designer simply specifies the manufacturer/provider of that assembly. He doesn't go deeper and specify the individual components and suppliers for the parts that make up the assembly.
(Take for example an ethernet cable. If your device has a standard CAT-5 ethernet cable within it, then the legal manufacturer/designer will likely just specify the supplier of the CAT-5 cable. They likely wouldn't specify the sub-tier suppliers of the bare copper wire, the wire insulation, the support element, the foil shield, the outer sheath, and the terminal connectors. Let alone the sub-sub-tier supplier of the plastic beads from which the wire insulation is made.)

For a custom assembly, the legal manufacturer will likely specify both (1) the supplier that builds the assembly, and (2) the specific parts and sometimes the sub-tier suppliers that the assembly supplier is allowed to use.
(For example, for a custom cable harness, the designer will likely specify the supplier of the cable harness, fully specify the harness itself - the wire gauge, wire length, insulation requirements, terminal connectors, etc, and possibly even who can provide those wires/connectors, etc).
 
Thread starter Similar threads Forum Replies Date
K Can Purchasing be Outsourced? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
G Does TPI agencies comes under outsourced process as per Q1 Oil and Gas Industry Standards and Regulations 11
ernieto Outsourced Processes Quality Agreements ISO 13485:2016 - Medical Device Quality Management Systems 4
E Business Continuity Plan Exercise for Outsourced Services Business Continuity & Resiliency Planning (BCRP) 5
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
S Can outsourced processes be excluded from QMS scope? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
J Definition Outsourced process - Clear definition - 13485 Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 5
S Outsourced storage Quality Agreement ISO 13485:2016 - Medical Device Quality Management Systems 7
Q Process description for outsourced processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
T Outsourced process in ISO 45001 Occupational Health & Safety Management Standards 4
optomist1 Design Exclusion, but now we might have an outsourced Product Design ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
L Significant change notice for outsourced warehouse Medical Device and FDA Regulations and Standards News 2
S Outsourced processes how to interact with projects - We are an governmental department with 2 persons ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
C Updates on Documentation for outsourced OEM from ISO 13485:2003 to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
K ISO 14001:2015 clause 8.1 on outsourced processes ISO 14001:2015 Specific Discussions 1
Q Control of outsourced processes - drop shipped products ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
G Risk Mitigation Through Outsourced Manufacturing EU Medical Device Regulations 7
Q ISO 9001:2015 Outsourced Process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
N API Q2 clause 6.2.2.1 Auditing Outsourced Suppliers Oil and Gas Industry Standards and Regulations 5
K Outsourced Major Processes - Working for Two Sister Companies AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
D Clear definition of Outsourced Processes (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 6
R Scope of Certification for a Design Organization with Outsourced Mfg. - ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 10
C ISO 13485:2016 Cl. 6.3 - Infrastructure - Almost Everything is Outsourced ISO 13485:2016 - Medical Device Quality Management Systems 2
J ITAR flow down to Processors (Outsourced Processes) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
E Non Conformity due to Outsourced Internal Audit Error ISO 14001:2015 Specific Discussions 2
R Outsourced Plating Supplier Responsibilities Service Industry Specific Topics 8
KyloDen Checking Threads - Discrepancy in threads that are machined In-House vs. Outsourced General Measurement Device and Calibration Topics 11
N Neutral Code Requirement - Medical Devices Outsourced from India ISO 13485:2016 - Medical Device Quality Management Systems 4
J ISO 13485:2016 QMS: Outsourced Processes ISO 13485:2016 - Medical Device Quality Management Systems 11
Y Outsourced aerospace work quality assurance? Supplier Quality Assurance and other Supplier Issues 6
P Records for outsourced special processes AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
J Outsourced CMM Measurement Inspection Service and ISO 17025 ISO 17025 related Discussions 14
I Vehicles (Outsourced Process) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
R When is a new AS9102 report required for Outsourced Processing? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
I Control of Outsourced Process - Shipping ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
A Company that manages Outsourced Recycling ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
K NPI (New Product Introduction) Quality Plan Outsourced Manufacturer/Supplier APQP and PPAP 3
J RA (Regulatory) Requirements for Outsourced Call Centers Supplier Quality Assurance and other Supplier Issues 3
Q Need Outsourced ISO 13485/FDA Internal Auditor for a Medical Device Company Internal Auditing 3
A Outsourced Processes Control (Finished Medical Device Delivery, Storage) ISO 13485:2016 - Medical Device Quality Management Systems 10
M Outsourced Audits - Career Question Career and Occupation Discussions 19
K Supplier or outsourced? Medical Device installation, sales, training Other ISO and International Standards and European Regulations 7
T What is the difference between Supplier and Outsourced Process? Supplier Quality Assurance and other Supplier Issues 8
P Tier 2 Part Approval where Painting is Outsourced APQP and PPAP 2
D Need to include Premise of Outsourced Call Center in ISMS Surveillance Audit? IEC 27001 - Information Security Management Systems (ISMS) 4
N Internal Auditor Selection (Outsourced Internal Audits) Document Control Systems, Procedures, Forms and Templates 3
C 7.2 Customer Related Processes - Everything we do is Outsourced ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
GStough "Outsourced Processes" in a Government Contract Service Provider Company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
C How to Define and Document Controls of Outsourced Processes Food Safety - ISO 22000, HACCP (21 CFR 120) 5

Similar threads

Top Bottom