Knowing your suppliers is as important as knowing the material they provide. Life Sciences regulators around the globe could not agree more! If you have a product defect, it doesn’t matter who is at “fault,” your supplier or your own organization.
Ultimately regulators are going to hold your organization (the license holder for the finished product) responsible for the quality of the materials and services your suppliers provide you. This is evidenced in recently updated standards and regulations such as ISO 13485:2016 and EU MDR, or long-standing standards such as 21 CFR Part 820 and Part 211, or ICH Q9 and Q10. However, and more importantly, the only thing the public will see and react to is your product and your brand. It pays to maintain tight oversight of your suppliers, and not just for compliance reasons.
The first step in understanding suppliers is through an evaluation and acceptance process. The whole purpose of a formal supplier evaluation process is to ensure you’re working with a supplier that is stable, thereby minimizing risk to you, your organization, and your customers. The supplier evaluation process should answer the following fundamental questions:
This above list of course is not inclusive, however from the items listed, one can see that the purpose of a supplier evaluation process is indeed to assess and assign supplier risk. The rigor of each supplier evaluation will be determined by the product or service they provide your organization and the criticality of that product or service to your supply chain.
Suppliers run the gamut in terms of the types of products and services they offer our organizations. Below are just a few:
Additional considerations such as design control, process controls, material controls, and employee qualification processes may need to be included when evaluating and assessing supplier risk.
While performing the supplier risk assessment, your organization should be diligent in applying objective, numeric scales to your supplier selection criteria, supplier risk criteria, and the ultimate risk rating (“high, medium, low” or 3, 2, 1). A numerical value on each criteria, that can be used to calculate a total score can also aid in the finalizing the final supplier status such as “approved,” “conditionally approved,” and “rejected.” Assigning a risk criticality level or risk rating to your suppliers will help determine your supplier controls and the rigors of those controls in terms of monitoring their performance: high risk level 3, medium risk level 2, or low risk, level 1. Organizations will determine, based on this risk rating, the frequency and type of supplier audits commensurate with risk (bi-annual, annual, third-party, etc.). They will also determine the frequency and type of inspections, from dock to stock, sampling, and first article, to 100% inspection. You can determine the quality metrics (Supplier Corrective Action Request (SCAR) response time, thresholds, parts per million (PPMs), etc.).
As for performance monitoring, there are many factors you can look at, such as:
Find the metrics that are right for your product or process and supplier relationship, from scorecards and global supplier ratings, to approved supplier list (ASL) and SCARs-feedback, and more. Update your supplier risk profile and analyze it to monitor the “health” of the supplier in real time. Monitoring the performance of your suppliers throughout the product lifecycle can help you identify problems before they spill into your supply chain, putting your customers and brand reputation at risk.