How important is this regarding our own regulatory conformity?
Hi Jenna; and welcome to The Cove.
Because you can not divulge a lot of information (understandably) we have to do a little speculation. For the sake of this response, I will assume (with all risks of doing that) that your organization markets a medical device, which is regulated. You use a subcontractor to assemble the product for you.
I am not aware of any regulatory requirement (FDA, Health Canada, EU, etc.) that mandates your subcontractor to be certified to ISO 13485. However, the regulations have requirements for you to effectively control product quality and that can (obviously) extend to suppliers of critical goods and services.
If your product is CE-marked for the European market, chances are your Notified Body MIGHT have required you demonstrate HIGH levels of control of suppliers of critical goods and services and some NB's will demand such suppliers to be certified to relevant standards. If that were the case for you, your NB should be also scrutinizing the scope of certification of your suppliers and, in case they find out that the subcontractor ISO 13485 does not include in it's scope the products related to YOUR device, they might do something concerning your Notification status. If you were to lose your Notification status and, your product CE-Mark was no longer valid, by Regulation, you would not be able to place the product in the European market.
Again, there were several assumptions in the scenario offered above. But I hope this helps you understanding potential consequences of the concern you described.
