Outsourcing Processes within the Same Company (ISO 13485)

[gretzles]

I am working with a company that has several manufacturing locations, but other support processes are localized in a single location.
One manufacturing site manufactures medical devices and requires ISO 13485. So I'm trying to work out how to deal with the support processes that affect this site, but aren't specific for this site and aren't located at this site. Eg Purchasing is done centrally for all sites.

Does anyone have any suggestions of things I need to consider when deciding whether these processes are being outsourced or whether they are just remotely located internal processes.
Either way they need to understand their requirements and how it impacts on the other quality system processes and the risks will determine the monitoring requirements.

Will external auditors want to visit the other sites to audit if they are not listed as outsourced, or would it be enough to have the records available?

 

[Jen Kirley]

I often visit sites that have centrally managed sales, customer service, purchasing, design, human resources and/or IT processes. If these corporate/ support sites are themselves currently registered under good standing, it is usually possible to audit the "interfaces." For purchasing that means how supplier information collected and communicated between your sites in order to help make sure the supplied material/services support your customers' satisfaction and standard's requirements are met.

 

[somashekar]

I am working with a company that has several manufacturing locations, but other support processes are localized in a single location.
One manufacturing site manufactures medical devices and requires ISO 13485. So I'm trying to work out how to deal with the support processes that affect this site, but aren't specific for this site and aren't located at this site. Eg Purchasing is done centrally for all sites.

Does anyone have any suggestions of things I need to consider when deciding whether these processes are being outsourced or whether they are just remotely located internal processes.
Either way they need to understand their requirements and how it impacts on the other quality system processes and the risks will determine the monitoring requirements.

Will external auditors want to visit the other sites to audit if they are not listed as outsourced, or would it be enough to have the records available?

If you want these locations to be listed on your cert, and have more audit man-days based on the head count at these locations., then consider it as remotely located internal process. >> Not recommended

Manage them as out-sourced processes and have your good risk based controls established.

 

[SpinDr99]

Along an off-shoot thought:

If a customer has a process outsourced, am I responsible for maintaining control over the outsource supplier or is the customer responsible for that, as they have the contract with the outsource supplier?

It has been posed to me by my CB auditor that I must maintain control over that supplier and this makes no sense to me. First, because as previously mentioned, the customer has the contract with the supplier, and the item receiving the outsourced process is going into the customer's product.

I'd appreciate some input on this PLEASE!!

 

[Ajit Basrur]

I would have this documented in the contractual document with your customer as who "owns" the supplier. Your organization, as a Contract Manufacturer can maintain the supplier but is ultimately the customer's responsibility. As part of your "maintain", you will escalate any issues to the customer to take appropriate actions.