QA/RA Consulting, Auditing & Training
Suppliers are obviously a critical component of your business. Thus, when things start to go poorly, it’s not just their problem it’s your problem.
There are a variety of reasons why medical device suppliers could get booted from your Approved Supplier List but, quite often, the manufacturer-supplier relationship goes south over issues involving product quality and missed delivery time frames. That’s why ongoing monitoring is so important as a tool to head off serious supply issues.
Regardless of how many suppliers you have, its vital (and required by ISO 13485) that you monitor their performance and conduct regular evaluations. Supplier monitoring is not a periodic activity that happens a few times each year effective monitoring begins with the receipt of your first shipment, and the depth and frequency of your monitoring will be determined by the suppliers ongoing performance and product risk. The most effective supplier monitoring programs share six characteristics:
1 – They are risk-based.
All monitoring activities should be proportionate to the product being purchased and supplier risk. It seems obvious, but a critical supplier of a circuit board that drives your device should be much more closely monitored than the supplier of the screws that hold the circuit board in place.
2 – They are continuous.
The monitoring process must be continual and integrated into your company’s business processes. It is not simply a once and done annual activity you perform before your Notified Body audit.
3 – They are cross-functional.
Managing supplier risk requires participation from many departments throughout your organization, including your procurement team, logistics, engineering, manufacturing, RA/QA, etc.
4 – Expectations and metrics are clearly delineated.
It is important that your supplier know exactly how you are monitoring their performance. There should be no surprises. Metrics should be specific and mutually agreed upon.
5 – Accountability is specified.
Its important to set clear, measurable expectations with your supplier (e.g., set consequences) and follow through on them if requirements are not met.
6 – Information is shared. Supplier performance information should be communicated to internal stakeholders and, more importantly, with your supplier on a regular basis and during performance reviews.
The monitoring of suppliers is required in ISO 13485:2016 section 7.4.1: The organization shall plan the monitoring and re-evaluation of suppliers. It is also spelled out in US FDA 21 CFR Part 820.50. Compliance aside, ongoing monitoring and reevaluation make good business sense as they allow you to:
Now that we’ve established that you must monitor your suppliers, the question becomes how. What information should you collect and what sources should you use’
The what to collect question should be easy to answer, because that should already be documented in your supplier approval process. This is where you specify appropriate methods for collecting, managing, analyzing, and communicating supplier monitoring data.
As for the actual data sources, they may include a mix of the following:
In addition, the following scheduled or ad hoc activities can yield excellent information:
The more specific you are about your data collection and analysis, the more likely you are to stay on top of monitoring activities.
Many medical device manufacturers use scorecards to consistently track and measure supplier performance, and these scorecards can be an effective tool. However, like anything else, the approach has pros and cons. One of the big pros is that scorecards establish a consistent approach for demonstrating supplier performance in a concise manner. Rather than reading a narrative about supplier performance, scorecards make it easier to see performance at a glance and plot trends over time. This makes scorecards preferable over subjective evaluation. A well-designed scorecard can highlight issues for quick resolution and trigger changes in the frequency of audits, reevaluation, and extent of sampling/testing.
On the flip side, assigning numerical scores for specific attributes (e.g., supplier response times) does introduce an element of subjectivity. Depending on the complexity of the scorecard, the amount of data being collected can lead to analysis paralysis and unnecessary testing.
You’ll notice that the monitoring criteria in the sample scorecard are weighted. This is an important factor in building a scorecard. Using the risk-based approach, you should assign far more importance to the products being within spec and delivered on time than to the accuracy of invoices.
While the collection of supplier data is on ongoing process, generating a scorecard is not. It is important that you define the intervals for generating a scorecard. Many medical device manufacturers will base this interval on the current status of the supplier or the risk posed by the component being supplied. Newer suppliers (or new products made by an established supplier) should obviously be scored more often and vigorously than, for example, a contractor that has supplied the same part without problems for five years. Just because you utilize a scorecard for one supplier does not mean you need to do so for all suppliers.
Some manufacturers place their suppliers into two categories and have different scorecards for different types of suppliers (e.g., critical and standard suppliers). The scorecard for a critical supplier may have more criteria or different weighting.
TIP: While we rely on email for just about everything, critical supplier reviews should always be done by phone or in person. If there is bad news to convey, don’t lob a grenade via email. While it is a convenient way to document your dissatisfaction, you’ll get better results by having a real, live adult conversation. Your supplier will appreciate hearing positive reinforcement from you verbally and, conversely, will be glad of the opportunity to explain how problem areas will be addressed. Like employee performance reviews, these discussions will sometimes be uncomfortable, but it is essential that you not rely solely on email, especially with critical suppliers. Having live discussions and adopting the personal touch will avoid misunderstandings and forge a stronger working relationship with your supplier.
Finally, remember that the elegant scorecard you created will be worthless if it sits hidden on your hard drive. You need to establish methods to share the information with all internal stakeholders and your suppliers as well. An evaluation of critical supplier performance could also be part of your management review meetings.
If you want to learn more (a lot more!) about this topic, consider our in-depth medical device supplier quality management training class. Not only will you learn best practices, this course also explores all of the mandates found in ISO 13485:2016, FDA QSR, MDSAP, and the EU Medical Device Regulation (MDR 2017/745). Available in-person or online.
Need help auditing a supplier or developing your supplier network’ Our experienced auditors can help you verify that your suppliers are meeting relevant requirements.
US OfficeWashington DC
EU OfficeCork, Ireland
UNITED STATES
1055 Thomas Jefferson St. NW
Suite 304
Washington, DC 20007
Phone: 1.800.472.6477
EUROPE
4 Emmet House, Barrack Square
Ballincollig
Cork, Ireland
Phone: +353 21 212 8530