What determines a Critical Subcontractor?



I've been reviewing some opinions as to the definition of a "critical" subcontractor, but am still a bit fuzzy here.

One person suggested that it is only "critical" if it's the only company that can supply the item/service?

Or, more often used is the phrase "anything that would affect product quality or risk". I'm guessing this is the definition to go by, but it's still pretty vague, as pretty much ANY company supplying components to us would "affect product quality".

Here is an example:
- We have sourced a company to supply the custom-made (based on our CAD models) plastic components.
- If this company were to, for example, leave prodruding burrs in the plastic components, this would certainly affect the end-product quality, and pose a potential (albeit minor) risk to end users.
- So, would such a component supplier be deemed "critical"?

....if so, then really, ALL of our component suppliers would be considered critical.

The reason this is so important to clarify is that our NB is requesting that the critical subcontractors be ISO13485 certified. This would be very difficult, as most of the components are generic (not MD specific), and so most of the companies have ISO9001, but not ISO13485.

I hope someone can set me straight here... :eek:

P.S. There was an older thread (2001) on this topic, but there didn't seem to be any concensus reached. Also, when I replied to it the system suggested I create a new thread seeing as that one was so old...


I see it as critical subcontractors produce critical parts. A critical part to me is one that if it was defective, would keep the end product from performing to its intended use.


i would say that you need to define what a critical contractor is to you. a few ideas might be a contractor that is a sole source of supply, a contractor that makes assempblies or details that you cannot confirm meet requirements (similar to special processes or ESD sensative) and maybe include subcontractors who supply items which are considered state of the art technologies.

sorry if this didnt help, i just wanted to get my first post on this board.


Yes, but wouldn't that encompass EVERY component? (...unless there are some vestigial or purely esthetic components).

Some examples of components:
- a plastic enclosure: if it's flimly and cracks it ceases to hold what's inside.
- a screw: if it breaks, it ceases to secure what it's supposed to hold.
- a garment: if the snaps/velcro/zipper etc. break, the user cannot wear it.
- a power-adaptor: if it doesn't work, device won't get power.
- other electronics (wires, connectors...): if they break the device might not work.

In all of the above cases, these are fairly generic components that apply to many different industries (not just medical devices). As such, if they were to be considered "critical" it'd be pretty tough to source suppliers that are ISO13485 certified (as most have no just have ISO9001).


Mr Mike,

Since you seem to be in the medical device industry...

GHTF defines a critical supplier as "a supplier delivering materials, components, services, which may influence the safety and performance of the product." (SG4N33R13) (Note it does not say "influence the QUALITY").

While this seems still vague, another GHTF document, SG3N17, describes some aspects to be considered when doing sourcing planning. It may help you. You may be able to use the info to bargain with the NB that asks for ISO 13485 for your suppliers.

If possible at all try to control the number of critical suppliers (reasonably of course). For sure you will (be asked to) spend more resources to managing them.
NBOG BPG 2010-1 - Guidance for Notified Bodies auditing suppliers to medical device manufacturers says this:

2.2 Critical supplier A critical supplier is a supplier delivering materials, components, or services that may influence the safety and performance of the device [2].
Note: In the context of the audit of medical device manufacturers, a critical supplier is a supplier of a product or service, the failure of which to meet specified requirements could cause unreasonable risk to the patient, clinician or others, or could cause a significant degradation in performance. This can include suppliers of services, which are needed for compliance with QMS or regulatory requirements, e.g. internal audit contractors or Authorised Representatives.

Top Bottom