Choosing and Managing Your Medical Device Suppliers

July 9, 2021

Choosing and Managing Your Medical Device Suppliers

Managing your medical device suppliers is a core responsibility of manufacturers.

Under FDA 21 CFR 820.50 and ISO 13485:2016 Section 7.4, you will find detailed requirements for your purchasing controls and evaluation of suppliers. It’s important to fully understand the extent to which suppliers can impact your overall operational and safety risks as well as how you as the manufacturer remain ultimately responsible for managing that risk.

This makes the task of choosing and managing your suppliers something that’s worthy of close scrutiny. It’s not just about meeting a requirement, but about good business practices, too. The reliability of a supplier can impact the supply chain operations for your medical device and frankly, your own bottom line.

What can you do to choose and manage suppliers wisely? Here’s a closer look at how the supplier process works in the medical device industry and the steps manufacturers need to follow:

FREE DOWNLOAD: Click here for an Approved Supplier List Form Template to help you easily manage supplier records and relationships.

New medical device supplier evaluation

One of the first things you should do when choosing a medical device supplier is to build an approved supplier list. You should have a way to clearly state what each supplier is approved to supply - just because one supplier is approved for one thing doesn’t mean they’re automatically qualified to provide others.

One way to meet this requirement is by having a designated column for your approved supplier list. Just remember to keep this list up-to-date if you are using a spreadsheet tool to manage this. Any purchases of products or materials from outside your company should only come from these approved suppliers.

Additionally, you are required to have documented procedures in your quality system for the evaluation, selection and management of suppliers. The following purchasing process found in ISO 13485:2016, Section 7.4.1 is outlined below:

7.4.1 Purchasing process. The organization shall document procedures (see 4.2.4) to ensure that purchased product conforms to specified purchasing information. The organization shall establish criteria for the evaluation and selection of suppliers. The criteria shall be:

a) based on the supplier’s ability to provide product that meets the organization’s requirements;

b) based on the performance of the supplier;

c) based on the effect of the purchased product on the quality of the medical device;

d) proportionate to the risk associated with the medical device.

The first step in the purchasing process is that you must have a formal procedure to evaluate potential suppliers and effectively select your approved choices. You need to identify appropriate selection criteria commensurate with what the supplier(s) will be doing for your medical device company. Much of this process comes down to due diligence and a risk-based approach.

For example, you should identify risk levels for each supplier. “Low risk” might be for standard items that you can otherwise purchase off the shelf. “Medium risk” might be for custom, device-specific components that don’t directly impact device safety. “High risk” could be for any integral component of the device that directly impacts safety.

Next, you would create supplier surveys that identify different areas of your QMS that the supplier should be evaluated against. For example, CAPA procedures, training, testing and validation.

Other supplier selection criteria could involve the cleanliness or sterilization procedures in their facility, their labor practices and their standards of current good manufacturing practices. Minimum qualifications or certifications also belong with this set of criteria.

Here are some examples of questions you can ask your team when coming up with your own supplier selection criteria:

  • Will you require an on-site audit? 

  • Do you need evidence of their QMS and documentation of their processes? 

  • Will you require copies of their certifications? 

  • If the products they make require biocompatibility testing, how can you be sure that those products will be consistent from one batch to the next?

Another important consideration is, how will you collect objective evidence to prove the supplier meets your criteria? This is when due diligence will be particularly important and serve as an integral piece of your final approved supplier list.

Medical device supplier quality management

Once a supplier has met all of your necessary selection criteria and provided all objective evidence needed, what happens next before they can officially be added to your approved supplier list? You need to put some formal agreements in place first.

The three key documented agreements that are usually used are: quality agreement, supply agreement specification, and material or component specification. You may use some combination of the three that makes sense for the relationship.

An important note here is that your quality agreement also defines your responsibilities as the manufacturer when it comes to the acceptance of any incoming products or materials. These documents form the basis of how you will manage the overall supplier relationship.

You need both parties, the supplier and the manufacturer, to have a formal agreement in place that outlines expectations and requirements. At a minimum, this should include preferred test methods, properties required, and any critical process controls for ensuring the production of safe, effective products that are of a consistent standard.

It’s strongly recommended for your agreement to include a statement requiring the supplier to notify you of all changes to the purchased product prior to implementation of those changes.

In addition, we suggest including requirements for keeping a robust, up-to-date quality management system as part of this supplier agreement. It’s part of that due diligence piece and it will simplify and streamline the overall supplier management process to have a check-in system for ensuring policies and procedures are being followed.

Your supplier agreement should also contain some requirements around communication, especially in the event of deviations or nonconformances. There should be easily accessible CAPA procedures in place that can be followed to rectify quality events as needed.

Supplier performance monitoring and management

Once a supplier has made it onto your approved list and actual supplies are in flight, your next task is to be vigilant about monitoring their performance. This is an area where many manufacturers have been burned before - either because of poor due diligence earlier in the process or simply because it can be difficult to predict supplier performance until it’s happening in real-time.

It is your responsibility (and a requirement) as the manufacturer to regularly evaluate your suppliers. The rigor of these evaluations should, again, be risk-based, with your criteria dependent on the specific role of that supplier.

Evaluations should be a continuous activity rather than a single arbitrary event. In addition, your suppliers should know exactly how you are evaluating them through metrics that have been mutually agreed upon.

What sort of supplier performance data might you monitor? Here are some examples:

  • Inspection data

  • Delivery dates and quantities

  • Any nonconformances that involve their product

  • Customer complaints related to their product

  • Supplier communication and responsiveness

  • On-site audits

  • Your supplier’s third-party audits

  • Any regulatory notices or recalls.

Many medical device manufacturers manage supplier performance by devising a weighted scorecard for monitoring criteria. This helps to establish a consistent approach to measuring performance.

You may also find that it’s helpful to establish a cross-functional internal team, with members involved with the supplier, responsible for conducting these evaluations. If you do this, it’s important to have a mutual understanding and approach to the scoring for consistency.

Lastly, if your evaluations ever determine that a supplier needs to be removed from your list, make sure you do it right away! One common pitfall is when manufacturers continue using a supplier who is no longer on the approved list, simply because the documentation was never updated and they still appear on the list.

FREE DOWNLOAD: Click here for an Approved Supplier List Form Template to help you easily manage supplier records and relationships.

Greenlight Guru facilitates optimal supplier management and performance

With your supplier agreements and monitoring procedures in place, your organization needs a robust quality system for managing and storing all of your supplier management records. It’s something you will be audited for - supplier management has always been a frequent source of audit findings and continues to be closely looked at by auditors and inspectors.

Greenlight Guru facilitates the best possible supplier management experience with full traceability in the only quality management software designed specifically for medical devices. You can keep your approved supplier list, your documented procedures and evidence of your evaluations easily accessible and always up-to-date to ensure the most optimal supplier management with little to no effort on your part.

Get your free demo of Greenlight Guru now →

Looking for a design control solution to help you bring safer medical devices to market faster with less risk? Click here to take a quick tour of Greenlight Guru's Medical Device QMS software


Sara Adams is a Medical Device Guru at Greenlight Guru and a Certified ISO 13485 Lead Auditor who began her career in the medical device industry in the post-manufacturing world. As an experienced Quality Engineer, she has been responsible for leading Corrective and Preventive Action (CAPA) investigations and...

Approved Supplier List Form
Download Now →
Approved Supplier List Form Template - slide-in cover-1
Search Results for:
    Load More Results