Revamping Supplier Qualification, Re-evaluation, and Monitoring Requirements

#1
My current SOPs for supplier qual, re-eval, and monitoring are good but can be a bit confusing at times. We find that there are special examples of certain types of suppliers (translation for example) that do not fall under specific supplier type/impact due to being classified as a service supplier. In this scenario, the translation supplier is much higher risk than say one that provides pest control activity. In another example, sterile barrier suppliers are lumped under another category to ensure they are looked at in more detail.

Currently, suppliers are classified by risk level, business type (service, tangible good), and supplier impact (lab, contract mfg, custom mfg, etc).

Can anyone share some examples of how they classify suppliers as a risk-tiered process that accounts for different types of supplier impacts?

Thanks
 
Elsmar Forum Sponsor

Enternationalist

Involved In Discussions
#2
I always found risk tiers unhelpful in smaller organisations. There's nothing to stop you evaluating the risk on a more fluid case-by-case basis and implementing controls that just make sense.
 

ChrisM

Involved In Discussions
#3
Risk level for your translation company: Are you concerned about the risk due to incorrect translation, or risk if they cease trading that you have no alternative supplier?

One previous employer I worked for classified supplier risk along the lines of:
Are they a supplier of off-the-shelf items?
Are they a supplier of a commonly used process (eg sheet metal parts) making items to our drawings/specifications?
Are they a supplier using a specific "proprietary" process, eg a special material coating, where finding an alternative supplier would be next-to-impossible, especially at short notice?

... plus, is the supplier "critical"?

The risk level increases as you go down the above list. The company's risk management procedures should ensure that you do have a contingency plan for any key supplier suddenly becoming unable to supply
 

ThatSinc

Involved In Discussions
#4
I'm currently putting in place a 2D matrix of "Supplier Risk" and "Scope of Supply Risk" for the exact same reasons - the current SOP puts various suppliers in bizarre categories and will disallow some suppliers based on the supplier themselves when the product/service they are supplying is adequate.

The scope of supply risk is much like you have above, but the method of categorisation is based on the risk management files for the devices and any dFMEA that would define the risk of the item.
So a supplier that is plating a purely cosmetic part of a device would have a different scope of supply risk than a supplier plating parts that go into a patients mouth - despite them both performing the same activity.

After this you have the Supplier Risk factor, which factors in their quality systems, process capabilities, and certifications.
With a 13485 certified company (theoretically) having a lower risk factor than a man in his shed with no procedures/processes/paperwork.

Between the two you have your evaluation criteria, and links to verification of purchased product requirements and monitoring requirements.
Do you need to frequently audit the supplier, do you need to perform batch analysis on parts received, do you need to review their performance annually, biennially, or perhaps not at all?
It doesn't automatically exclude any supplier, but puts the onus on the manufacturer to ensure that the supplier is capable of providing material that meets requirements.
 

ChrisM

Involved In Discussions
#5
Another thing to add, whilst I remember..... irrespective of how good a supplier may appear from certification, assessment audit, awards from "prestigious" customers etc, formal approval should also be based on, for example, their first 3 deliveries being problem-free (or as close to problem-free as possible). I've known cases where a new supplier looks excellent, on paper and from a site visit/audit, but the first order placed results in a load of issues from late delivery to nonconforming parts. The reaction to this can also tell you much about the supplier and their attitude to "getting it right". On one occasion the new supplier was struck off after just one delivery
 
#6
My current SOPs for supplier qual, re-eval, and monitoring are good but can be a bit confusing at times. We find that there are special examples of certain types of suppliers (translation for example) that do not fall under specific supplier type/impact due to being classified as a service supplier. In this scenario, the translation supplier is much higher risk than say one that provides pest control activity. In another example, sterile barrier suppliers are lumped under another category to ensure they are looked at in more detail.

Currently, suppliers are classified by risk level, business type (service, tangible good), and supplier impact (lab, contract mfg, custom mfg, etc).

Can anyone share some examples of how they classify suppliers as a risk-tiered process that accounts for different types of supplier impacts?

Thanks
Take this all to your risk management process. Here you evaluate the risks associated with your medical device , risks associated with regulatory requirements as well as risks in meeting your organization requirements. To the result of the risk assessment, give considerations on the performance of the suppliers.
A very general supplier risk level classification may not fit to all your suppliers if you do not assess from the above three areas and club it along with the ongoing performance of the supplier.
In fact, I have just told you how to do a process interaction between clause 7.1 and 7.4.1. This should be your approach, the process approch to supplier qual. re-eval, and monitoring...
 

Tidge

Trusted Information Resource
#7
This is a rich area for discussion. It is common (in Medical Device manufacturing of complex devices, at least) to have suppliers assigned one of (a small number of) classifications "tiers", based on something. From "first principles" found in something like 13485, this is often based on the possible contribution of the provide items' (or services') contribution to the risk profile of the finished goods. This is commonly done for MD manufacturers because eventually someone (a regulator, a NB) is going to come along and ask questions about how certain elements of a QMS are satisfied, and supplier control processes are a straightforward mechanism for addressing elements of 13485, 21 CFR 820, etc.

In practical terms, the tiers approach can be more difficult to implement. Some possible reasons may be that the supplier of very low risk components or services may need a lot of hand-holding because of their importance for profitability, there could be unreasonable (from the supplier side) expectations because the manufacturer is pushing for them to implement risk controls instead of addressing the risks themselves, or a "higher tier" supplier (that is, one with some high level of 'criticality') may be the "only game in town" and just not willing to play with you. Often, I've seen problems when the Supplier Control process is assumed to be controlling risks (14971-risks, business risks) in some area that ultimately belongs to a different group.

I can offer and example of a service provider, in a case where it would be theoretically ideal to rely on a tiered approach and simply rely on "first-in-class customer service" (verified through audits, assessments) for a "mission critical" service, yet can fall apart quickly. There exist many software service companies that offer hosted implementations of software systems which implement activities that most of us would recognize as serving a purpose in a QMS. I'll pick something obvious: Corrective and Preventive Action process... this is one area that the FDA will always hit during any audit, and NBs will do the same. It is easy to find any number of software service providers who offer some sort of CAPA workflow and records retention system.

If (and when) something goes wrong with the software system, usually there is some sort of "support" line to contact... but mileage will vary as to how well the helpdesk actually addresses the issue. For those of us with Software project experience, it is usually the case that an issue is not handled in any manner that looks anything like how a medical device manufacturer would treat a non-conformance. Usually the supplier controls processes for a medical device manufacturer echo the non-conformance process at the manufacture. Imagine if there was a non-conformance on the manufacturing floor, and the second step was to find out it was closed, with no other information... this is what it is like to deal with software service suppliers. Many such suppliers have been eliminating their own technical experts, so even getting defects evaluated is a black box (often more like a black hole). I only mention this because if such a service provider is in the "top tier", good luck having them live up to the expectations you would theoretically have for them. They aren't going to respond to Supplier-NCRs, and they aren't suddenly going to change their service approach just for you, when it was some VPs plan to fire their entire development team and outsource their helpdesk.
 
Thread starter Similar threads Forum Replies Date
J Creating an Audit Schedule & Revamping QMS Internal Auditing 18
J Tasked with revamping our Website using Dreamweaver 8 After Work and Weekend Discussion Topics 7
I SPC Training - Revamping our current SPC course which I teach - Suggestions? Training - Internal, External, Online and Distance Learning 4
R Establishing/Revamping Training system ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
C Supplier Audit - Looking for a quality audit checklist General Auditing Discussions 3
L Supplier Performance when your supplier is also the customer ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
L Supplier performance evaluation Supplier Quality Assurance and other Supplier Issues 8
D Definition of Sub-supplier in chemicals IATF 16949 - Automotive Quality Systems Standard 3
A Supplier File info for large (Microsoft) companies. Medical Device and FDA Regulations and Standards News 2
J Outsourced Purchasing for Contract Manufacturing vs more typical/simple Supplier Management ISO 13485:2016 - Medical Device Quality Management Systems 5
D "FAI" Requirements/Process for New Supplier Materials Design and Development of Products and Processes 3
T Stellantis supplier quality manual Supplier Quality Assurance and other Supplier Issues 5
G Use of Supplier's Corrective Action Form vs. Corporate Form Supplier Quality Assurance and other Supplier Issues 4
Stefan Mundt AS9100D Engineering sample purchases - Supplier not approved AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
G Audit & Agreements for "Test Laboratory" Supplier? US Medical Device Regulations 4
S Supplier performance required to be reported to supplier? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
P Homologation responsibilities as OEM supplier Manufacturing and Related Processes 0
S Non-approved supplier? Supplier Quality Assurance and other Supplier Issues 3
Q 8.4.2.4 supplier monitoring IATF 16949 - Automotive Quality Systems Standard 3
Q IATF 16949 8.4.2.4 Supplier Monitoring IATF 16949 - Automotive Quality Systems Standard 2
G Control of Approved Supplier List (ASL) When Employees Make Purchases Supplier Quality Assurance and other Supplier Issues 6
V Prototype for chemical supplier IATF 16949 - Automotive Quality Systems Standard 0
Sortinghat Locating Customer Supplier Manuals Customer and Company Specific Requirements 5
Q BMW Supplied Parts Quality Management -> Is there any new supplier quality manual? Customer and Company Specific Requirements 0
M Supplier Control for Unique Product ISO 13485:2016 - Medical Device Quality Management Systems 6
C Process owner for Supplier Controls ISO 13485:2016 - Medical Device Quality Management Systems 11
L Unique Supplier Control Issue AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Supplier OTD Slip Due to Shipping Delays or Natural Disaster AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
D Re-labeler - audit the supplier EU Medical Device Regulations 2
Evelyn7E The fastest way to get supplier to ship good parts to you Supplier Quality Assurance and other Supplier Issues 10
J Verification of purchased product / supplier questionnaires ISO 13485:2016 - Medical Device Quality Management Systems 2
D Question on Supplier Quality (SCAR) ISO 13485:2016 - Medical Device Quality Management Systems 6
Z REACH: contradictory statement from supplier? REACH and RoHS Conversations 4
G How to implement H&S and Quality Control Requirements in Contract for Potential Supplier? Contract Review Process 6
R Select the 1 Supplier based on the Parts Durability from 6 Supplier Samples using Minitab Using Minitab Software 11
K Why does load cell supplier requires force verification General Measurement Device and Calibration Topics 3
D Question and advice for a supplier self audit questionnaire ISO 13485:2016 - Medical Device Quality Management Systems 6
D Special IATF audit of sub-supplier IATF 16949 - Automotive Quality Systems Standard 18
S IATF 16949 Supplier selection criteria 8.4.1.2 IATF 16949 - Automotive Quality Systems Standard 5
M Supplier approved list - Notified body, regulatory body Supply Chain Security Management Systems 4
N Making improvements in supplier relationship last? Supplier Quality Assurance and other Supplier Issues 6
K Supplier Qualification for Engineering Consultant? Supplier Quality Assurance and other Supplier Issues 3
M Supplier evaluation Supplier Quality Assurance and other Supplier Issues 5
briteme4 ASL - AS9100 / Supplier Survey Supplier Quality Assurance and other Supplier Issues 3
A System for Supplier Documents Quality Assurance and Compliance Software Tools and Solutions 7
T IMDS submission without supplier's input? RoHS, REACH, ELV, IMDS and Restricted Substances 5
J Supplier not responding to PPAP request APQP and PPAP 5
D Supplier audit Medical Device and FDA Regulations and Standards News 2
lanley liao Does all of the suppliers need to integrated into the supplier list qualified of the company? Oil and Gas Industry Standards and Regulations 2
S Distinction between a critical supplier and a Virtual manufacturer EU Medical Device Regulations 3

Similar threads

Top Bottom