Combination products are some of the most heavily scrutinized healthcare products on the market, and often involve numerous subcontractors and suppliers. For the legal manufacturers of combination products, the selection of suppliers is fraught with risk. A problem with a single component supplier can have serious implications for patient safety, supply continuity, and the manufacturer’s bottom line!
US FDA and the EU require combination products manufacturers to evaluate potential suppliers and document the process of doing so. In this article, we focus on the nuts and bolts of supplier evaluation and selection.
Supplier quality management is a subset of your overall quality management system (QMS). If you were to separate your QMS into three buckets, it might look like this:
Aspects of supplier evaluation and selection fall into all three buckets. As the legal manufacturer, you are responsible for all aspects of safety and efficacy, even those activities that might be performed or provided by the supplier. As such, you must have documented procedures for overall supplier management, including but not limited to supplier evaluation, selection approval, and verification of purchased products. In this article we focus specifically on the evaluation and selection of suppliers. The ultimate goal is to plan and implement a consistent risk-based approach to engaging with new suppliers.
Combination products fall into one of the following categories. If you’d like to see examples of products from each of these four categories, read our article “Drug, Device, or Both? Overview of FDA Premarket Regulation of Combination Products.”
|
Your purchased product requirements feed directly into supplier requirements. Once you know what you want to purchase, you can determine who could supply it. The supplier requirements define exactly how you need the supplier to meet your purchased product requirements:
The need to establish supplier selection criteria applies equally to medical device and pharmaceutical manufacturers. Inputs to establishing supplier criteria include:
Your focus should be on a supplier’s capability and suitability to meet the requirements. You can think of those requirements as falling into two categories:
You Can’t Outsource Risk! When you take on a new combination products supplier, they introduce new risks to your product and company. Some of those risks may be known ahead of time and deemed acceptable, while others are obviously unknown. You – the legal manufacturer – assume all risks for your device. Learn more with our Managing Risks in Combination Products and Drug Delivery Systems course. |
Before you start an evaluation, set yourself up for success (and compliance) by treating it like a mini-project with appropriate project controls:
You must have specific objectives and consistent criteria against which to evaluate each supplier. There are two specific types of criteria that should be defined:
1. Supplier-focused criteria
2. Product- / service-focused criteria
You decide how many criteria to create and what to name them. Purchased products/services for combination products may include:
Regulations and standards will define which purchased products fall within the scope of your organization. As a general rule, if the product/service could affect the safety or efficacy of your product or combination device – or your compliance with regulatory requirements – then it falls within the scope of your supplier’s QMS.
Once you’ve determined your criteria, create a spreadsheet to keep track of each supplier score in the individual criteria. A simple template is shown below. Because some individual criteria will be more important than others, we recommend that you weigh each evaluation criterion. For instance, take all criteria below and assign each one a value so the combined score adds up to 100. Then adjust each one to assign a higher value to some (e.g., previous supplier relationship, incoming inspection results) and perhaps a lower value to others (e.g., on-time delivery, access to records). Don’t overthink it. The key is to be consistent in how you evaluate each supplier.
Start this evaluation with a list of potential suppliers, even if that list includes just one company! Why would you do a full evaluation if there’s only one supplier (perhaps an internal division) to choose from? That’s easy – because it’s required. You need to document that you have gone through the full evaluation process, applied all criteria, and examined all risks associated with the purchased product and the supplier. This will allow you to demonstrate that you established appropriate controls by gathering the information needed to make an informed, risk-based decision.
Section 7.4.1 of ISO 13485:2016 clearly states that you “…shall establish criteria for the evaluation and selection of suppliers.” In reality, these activities are two distinct steps, each with its own risk-based criteria:
1. Evaluation – focus on purchased product risk
2. Selection – combine purchased product and supplier risk
There are, of course, many ways to evaluate suppliers. Some are simple, others far more intensive. The depth with which you evaluate a potential supplier has a lot to do with the potential impact that supplier could have on your company and finished product, as noted below:
Potential Impact | Work Performed | Examples | Potential Evaluation Criteria |
CRITICAL | Finished device manufacturer Critical subassembly Contract sterilization Primary packaging | Original equipment manufacturer (OEM) Contract manufacturer of device part, inactive or active drug Critical service or material providers | Full QMS audit Quality agreement Capability study Measurement system analysis Product sample Evidence of qualification (e.g., QMS certification) |
MAJOR | Secondary packaging Calibration services Warehouse services | Catalog / off-the-shelf material supplier Routine service provider | Documentation audit Licenses, certificates, or other evidence of qualification |
MINOR | QMS consulting | Distributors Pest control provider | Evidence of qualification (e.g., CV or license) |
Here are different ways to evaluate suppliers and when to use them:
Remember, do not provide any confidential information to a potential supplier until a confidentiality agreement has been signed. Also, take steps to ensure that submissions and assessment data gathered during the organization’s evaluation phase are not communicated outside the evaluation team.
Single Source or Multiple Suppliers? Having two suppliers for a particular component can be a good way to mitigate supply risk. However, a single supplier may be able to lower your overall costs. Each has pros and cons.
|
The goal of supplier selection is to document why you chose a specific supplier and add them to your approved supplier list (ASL). ISO 13485:2016, FDA 21 CFR 820.50, and ICH Q7 all require you to maintain records concerning results of supplier selection activities.
Once a supplier is chosen, you’ll need to go through a qualification process. That process may be quite simple for low-risk suppliers who may be added to your ASL with a status of “approved.” High-risk suppliers will require a more involved qualification process before they can be added to your ASL with “conditional” approval status.
Qualifying the supplier provides a structured way to communicate expectations and ensure the supplier’s understanding of them. It can also be used to generate evidence to justify the application of varying levels of control to suppliers (e.g., approval levels). You should use a risk-based approach to choose the qualification tools for each supplier. You define the qualification requirements, but many of the activities will be completed by the supplier. For example, you may require process validation studies for a critical manufacturing process, but the supplier conducts the studies and presents the results to you. Or, you may choose to begin receipt of purchased product from the supplier while conducting qualification activities in parallel (e.g., conditional supplier approval). Conditional approval is OK as long as you have proper controls in place, such as tighter sampling / inspection plans, more direct oversight (service suppliers), etc. Always make sure that supplier and quality agreements are in place.
Who needs to sign off on supplier selection approvals? At a minimum, members of the selection team or the selection project leader need to approve the selection, but it is highly recommended that you get management-level review and approval signatures for higher-risk purchased product suppliers.
Oriel STAT A MATRIX offers a wide variety of training on medical devices and pharmaceutical compliance, including combination products. To advance your knowledge on this topic, consider our in-depth class on supplier qualification for combination products. Our consulting team is also available to help you with specific issues.
US OfficeWashington DC
EU OfficeCork, Ireland
UNITED STATES
1055 Thomas Jefferson St. NW
Suite 304
Washington, DC 20007
Phone: 1.800.472.6477
EUROPE
4 Emmet House, Barrack Square
Ballincollig
Cork, Ireland
Phone: +353 21 212 8530