What level of control should be exercised on distributors?

[Mark Meer]

Question for discussion: What level of control/requirements do you exercise on distributors?

Do you treat them as suppliers (providing distribution service) or customers (they issue an order, you fill it, no additional control necessary).

If the former, what qualification requirements do you impose? For example, do you:

• Require that they maintain distribution records though simple supplier agreement?
• Ensure they maintain distribution records by periodically auditing their records to ensure that sufficient information is being maintained in case recall is necessary?

Just curious what are the typical agreements/requirements between manufacturers and distributors (e.g. for medical devices).

MM

 

[Access2hc]

sometimes both as a supplier and as a customer. first of all gain clarity over the ownership of the stock - (from finance, supply chain, commercial) to understand when products are shipped, who owns the stock when it clears customs and reaches the warehouse. of course when the product is shipped to the end customer, that's customer property...

but as a supplier, the distributor must fulfill all of it's quality and regulatory obligations (QMS, traceability, document control, post market activities in collaboration with the manufacturer). all to be embedded in the written agreement with them. Now this written agreement is a requirement in the 2016 version of ISO13485

Cheers,
Ee Bin
Access2hc

 

[Mark Meer]

Thanks Access2hc!

Curious: how are such agreements typically worded?
I realize it varies depending on the relationship, but in general, is it sufficient to just have a line item such as:

"(distributor) agrees to maintain distribution records, and fulfill any applicable regional record keeping and post-market regulations."

...or does the level of scrutiny have to be much more specific: e.g. specifying exactly what information is to be maintained, and allowing for the manufacturer to perform quality audits as necessary?

 

[Access2hc]

Hi Mark - the latter is preferable as it needs to be specific and especially if you're a US/EU based manufacturer, and that the distributor is in a regulated country.

you may receive some push back from the legal/purchasing department that owns the Agreement and either have you come up with a separate Quality Agreement, or be asked to keep the details to the 'bare essentials'. But it is indeed a long term benefit for specificity in this area.

hope it helps.

Cheers,
Ee Bin
Access2hc

 

[pkost]

The control of distributors should be risk based. What do you need/require from them, what is the consequence of their failure to comply? A class I product should be treated differently from Class III implantables, similarly traditional products vs innovative

Things to consider:
1. Storage requirements/compliance
2. vigilance and complaint handling and other post marketing surveillance activities
3. Batch control and traceability
4. Information and document control - do they "sell" your product, do they produce marketing literature...how do you control the claims they make

In addition to the regulatory considerations, your business may want to consider the brand/commercial aspects. If they are distributing your brand, they are a face of your product, the service they offer their customers will impact your brand, you may want to monitor and control this


As mentioned, there are various ways to provide assurance, everything should be documented in an agreement that clearly indicates obligations and responsibilities, along with methods of control/oversight and consequences of breach

Within the agreement you may want to
1. enable site audit (planned and unannounced)
2. Enforce the distributor maintains certification...ISO/GDP
4. Include control points (written into the contracts) e.g. you sign off and approve all marketing materials relating to your product, you train and control the sales force etc.

 

[Mark Meer]

...but as a supplier, the distributor must fulfill all of it's quality and regulatory obligations (QMS, traceability, document control, post market activities in collaboration with the manufacturer). all to be embedded in the written agreement with them. Now this written agreement is a requirement in the 2016 version of ISO13485

This is only the case for implantable medical devices though, no?

7.5.9.2. requires that "...suppliers of distribution services or distributors maintain records of the distribution of medical devices to allow traceability and that these records are available for inspection." but this is a particular requirement that applies only to implantable devices.

 

[BoardGuy]

7.5.9.2. requires that "...suppliers of distribution services or distributors maintain records of the distribution of medical devices to allow traceability and that these records are available for inspection." but this is a particular requirement that applies only to implantable devices.

[FONT=&quot]I would take a step back and look at [/FONT]7.5.9.1 because you need to look at the applicable regulatory requirements for the product produced in addition to just the requirements of 13485.

 

[YellowQCPro]

Don't forget to include record retention requirements!

 

[Randy]

Level of control? So simple nobody will agree with me.

$$$$$, that's the answer, $$$$$.

If a distributor doesn't do as they they are legally or contracturally bound to do, toss their fanny and get someone else.

Everything boils down to MONEY! And until quality professionals understand that and take it to heart, none of that 7.5.9.1 or any other number means diddly squat.

 

[pkost]

Level of control? So simple nobody will agree with me.

$$$$$, that's the answer, $$$$$.

If a distributor doesn't do as they they are legally or contracturally bound to do, toss their fanny and get someone else.

Everything boils down to MONEY! And until quality professionals understand that and take it to heart, none of that 7.5.9.1 or any other number means diddly squat.

Absolutely, but how do you know they are not doing as they are legally or contractually bound to do? There will always be some bad eggs, but I don't want to waste effort supervising everyone to a high level just to find the few...Therefore a risk based approach helps here