Root cause for outsourced pest control service not in approved supplier list


Starting to get Involved
During our most recent ISO 13485:2016 audit, our finding was
Currently Pest Control is performed on a monthly basis. However, there is no procedure or process in this critical contamination control noted. In addition, the outsourced supplier is not on the approved supplier list.

We do have a procedure but there was no reference in the quality manual.
Not having the pest control supplier on the approved list was just an oversight.

Any suggestions on how to do a root cause for this?


Trusted Information Resource
I would go down the 5-why road for the root cause, and as part of the correction check there are no other suppliers missing from the list.


Quite Involved in Discussions
I suspect it will probably be due to the classic "lack of training/awareness" situation. Whoever placed the order on the pest control company probably thought that as it was non-product related but more of a "business need" they did not need to go though the QA/supplier approval loop. Your investigation into the root cause should consider this, and what other services may have been similarly purchased (maintenance/breakdown support, packaging suppliers, waste disposal etc). Everyone in the organisation needs to be made aware of the relevant requirements of ISO13485, and giving examples that directly relate to their work is beneficial

Bev D

Heretical Statistician
Super Moderator
Is this type of ‘oversight’ a one time event or does it happen regularly?
I don’t think that the frequency matters to the solution (although it might matter to your leadership accepting it).

If this is really the first time this has happened an extensive ‘root cause’ deep dive is not really warranted. There is really nothing mysterious about these situations. It is like gravity: I KNOW that if I drop an object from my hand it will fall to the ground every time. Because of gravity. I don’t need to prove it each and every time something falls to the ground.

Everyone commits an error now and then. You just need to think thru the situation. The appropriate solution is to error-proof the process. This can be done simply if you use an ERP system. There are settings that won’t allow POs to be issued to suppliers who are not on the approved list (within the ERP system). Of course this will require that the people who make the approved list be knowledgable in the requirements. This will lead you to putting the appropriate training in place for all of those who are involved in procurement and ERP settings. If you don’t have an ERP system capable of this you will need an oversight committee to review and approve new suppliers. and again training is required to be qualified for this ‘committee’. (Or some other review and approval method.).

This will also be applicable for multiple incidents of ‘oversight’. Of course in this case the solutions will not be limited to only the procurement dept.

Almost every incidence of human ‘oversight’ or error will be solved by error proofing and training/knowledge. While training is necessary it is never sufficient. The only real exceptions to this are deliberate actions where the person thinks they are smarter than the system or where they are trying to deliberately sabotage the company. The former case will be impervious to training and only error proofing can help but termination may be necessary. Only termination can be effective in the latter case.

Ed Panek

QA RA Small Med Dev Company
Super Moderator
Our QMS only requires an investigation and CAPA on MAJOR findings. OFI and minors are not systemic problems and depending on your own QMS SOPs you may or may not root cause this.

From 13485 8.5.2 Corrective action The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence. Any necessary corrective actions shall be taken without undue delay. Corrective actions shall be proportionate to the effects of the nonconformities encountered.

When I received auditor training when we found a non-conformance, we asked for more records of similar nature. If there was a pattern it could be systemic and then it major finding. If just a single record was non conforming it could be a minor.
Top Bottom