Carrying out a supplier audit: when and how to audit your suppliers

Written by: Etienne Nichols
July 9, 2025 ░░░░░░

Carrying out a supplier audit when and how to audit your suppliers

Good supplier management is one of the single most important methods of building a safe and effective medical device. A single device may be made up of dozens of parts and components coming from several different suppliers, and many medical device companies outsource the manufacturing of their device to a contractor. 

However, just because the manufacturing of parts and components, or the entire device, may be outsourced, the responsibility for the device still lies with the legal manufacturer. That’s why good supplier management is critical not only to the safety and effectiveness of your devices, but also to your ability to meet regulatory requirements on purchasing controls. 

Every supplier is different, but critically important suppliers will need a higher level of management. And one of the ways in which you can manage that supplier relationship is through a supplier audit.

BONUS RESOURCE: Click here to download your free copy of this Approved Supplier List Form Template.

What is a supplier audit?

A supplier audit is one of the methods medical device companies may use to evaluate a potential supplier or ensure ongoing regulatory compliance and production quality. A supplier audit may include a review of the supplier’s facilities, production processes, quality control, and quality system.

Why do you need to carry out supplier audits?

From a business standpoint, it’s always a good idea to understand where your parts and components are coming from, and to have confidence in the ability of your suppliers to meet your exact specifications. 

However, in MedTech, there are also regulatory requirements for supplier management that your company is obliged to follow. Both the FDA’s 21 CFR Part 820 and ISO 13485:2016 require all medical device companies to implement purchasing controls. 

  • Part. 820.50 states that, “Each manufacturer shall establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements.”

  • And clause 7.4.1 of ISO 13485:2016 likewise directs companies to “document procedures to ensure that purchased product conforms to specified purchasing information.”

While supplier audits are not the only tool medical device companies have to meet these requirements, they are one of the most important. For example, both Part 820 and ISO 13485 require companies to evaluate suppliers on the basis of their ability to meet specified requirements. For some suppliers, an initial supplier audit of their facilities and quality system will be necessary to meet the evaluation requirement.

When do you audit your suppliers?

Typically, supplier audits will occur during the supplier evaluation process and then at specified intervals, known as scheduled supplier audits. 

The schedule will be determined by your supplier agreement, and these scheduled audits are a good way to ensure your suppliers are still adhering to the standards or regulations you expect them to. The goal of these audits is to determine whether your process and quality management requirements are being carried out. 

For example, that may mean an inspection of the supplier’s facility to ensure their clean room areas are actually sterilized and not being contaminated in any way. But you may also want to see their process for handling nonconforming products or ensuring the traceability of their products from raw material to final product. 

Your scheduled audits are also a good opportunity to follow up on any Supplier Corrective Action Requests (SCARs) you’ve raised in the past, especially if you’ve raised the same one multiple times. It’s a chance for visual confirmation that your supplier has taken action to fix the issue. 

Which suppliers must be audited?

Medical device companies should be taking a risk-based approach to supplier management, which means determining the risk involved for each supplier and tailoring supplier management activities based on that risk. 

For instance, many companies will begin with a  critical vs. non-critical framework for suppliers:

  • Non-critical suppliers have no direct or indirect relationship with the product or manufacturing processes, such as a business that supplies your stationary or caters meals for you. These are still suppliers, but they don’t have to go on your Approved Supplier List (ASL).

  • Critical suppliers have a direct or indirect relationship with the product or process and they must be qualified and placed on your ASL if you want to order anything from them.

Critical suppliers are then broken down into more categories based on their potential impact on product safety. I like to use the following three tiers:

  • Tier 1 - Highest Risk: Includes any integral component of the device that impacts safety. Also includes contract manufacturers assembling the device. This would also include services like sterilization that impact the safety of the device.

  • Tier 2 - Medium Risk: Includes custom, device-specific components that don’t directly impact device safety. This tier also includes services like pest control and your logistics and shipping provider.

  • Tier 3 - Lowest Risk: Standard, “off-the-shelf” items. Any consultants you use that provide a service related to the product or processes would also fall under this tier.

This framework allows companies to choose their monitoring activities based on risk. You would not audit non-critical suppliers, for example. However, for critical suppliers, you would likely need to regularly perform scheduled audits on your Tier One and Tier Two suppliers.

BONUS RESOURCE: Click here to download your free copy of this Approved Supplier List Form Template.

Greenlight Guru makes it simple to manage all your supplier relationships, all in one place

MedTech companies with a single device can easily need dozens of suppliers—larger businesses may have hundreds of them. Managing all of those relationships, especially when you’re taking an individualized, risk-based approach, can be a headache for even the most organized company. 

But with the right supplier management solution, you can bring all your suppliers into a single system and navigate all your relationships with ease. With Greenlight Guru Quality, you’ll have a dedicated Supplier Management workspace that’s connected to the rest of your QMS software. You’ll be able to see all your suppliers in a single view, search by name or ID number, filter by criticality or status, and quickly find what you’re looking for.

You’ll also be able to attach supporting documents to individual suppliers, add contact information, and set reminders for upcoming events like audits, scorecards, or renewals. And you can do it all in the same QMS software you use for risk management, product development, and all your other related QMS processes. 

If you’re ready to see how a connected supplier management solution can take the hassle out of your supplier relationships, then get your free demo of Greenlight Guru today!

Etienne Nichols

Etienne Nichols is the Head of Industry Insights & Education at Greenlight Guru. As a Mechanical Engineer and Medical Device Guru, he specializes in simplifying complex ideas, teaching system integration, and connecting industry leaders. While hosting the Global Medical Device Podcast, Etienne has led over 200...

Related Posts

Post-Market Surveillance

Approved Supplier List: How To Add Suppliers to Your ASL in 7 Steps

Ben Bancroft
October 23, 2022
Your approved supplier list (ASL) is one of the critical components of medical device supplier management. The ASL is an in-house record of all the suppliers you’ve... Read More
Product Development

Creating a Supplier Scorecard for Medical Device Supplier Management

Ben Bancroft
September 6, 2023
A supplier scorecard is one of the most effective tools medical device manufacturers have for assessing the performance of their suppliers. Read More
Product Development

Ultimate Guide to Supplier Management for Medical Device Companies

Ben Bancroft
November 8, 2023
A medical device is only as good as its parts. Read More
FREE RESOURCE:
Approved Supplier List Form Template
Download Now →
Approved Supplier List Form Template - slide-in cover-1
Subscribe Request a Demo
Search Results for:
    Load More Results
    Clinical Login Support
    Products

    More than a Quality Management System: Tools for the entire MedTech Lifecycle.

    Learn More

    Featured Capabilities:

    Document Management Training Management Product Development Design Control Risk Management CAPA Management Audit Management Supplier Management

    Experience the #1 QMS software for medical device companies first-hand. Click through an interactive demo.

    View Product Tour

    Data collection and management designed for MedTech clinical trials.

    Learn More

    Featured Capabilities:

    Electronic Data Capture (EDC) Electronic Patient Reported Outcomes (ePRO) Ad-Hoc Data Collection (Cases) Post-Market Surveys Product Add-Ons

    Get a personalized demo of Greenlight Guru Clinical today.

    Request a Demo
    Solutions
    Why Us
    Customers
    Partners
    Company
    Resources
    BestQMS-book-mockup-01

    Ultimate Guide to Comparing Quality Management System Solutions

    This eBook compares the best QMS software solutions to help medical device companies make an informed decision when investing in a quality management system.

    View Now
    Pricing
    Contact Sales Get a Demo
    Contact Sales
    Get a Demo