ISO 13485 certification for suppliers
Assign topic to the user
1. Does it mean that all our suppliers also have to have been certified with this standard?
No, not all of your suppliers need to be certified. Two requirements from ISO 13485:2016 are covering this topic. First, in 4.1.5 is stated that when an organization chooses to outsource any process that affects the quality of the product, it must monitor and have control over that process. It means that organizations need to decide which control measures are necessary and are enough to control the outsourced process. Then, in requirement 7.4.1 manufacturer needs to describe what are product specifications, requirements for the acceptance of the purchased products, what are qualifications of the supplier, and what are quality management system requirements. It means that manufacturers that manufacturer decide which are the criteria to prove their suppliers. Of course, this approving system is in close relationship with the risk that supplied goods have on the final medical device.
2. How the notified body will decide whether to audit the supplier or not?
The notified body will first ask you who are your critical suppliers and how you control them, what kind of control do you have over them. Then, you will provide evidence about your control over the supplier, which can be: ISO 13485 certificates of the supplier, records of suppliers audit that you have performed, frequency of the supplier's audits, complaints that you have to the supplier and how you handle them, what kind of verification of supplied goods you perform (and records about it, of course). On the basis of all this data, the Notified body will see do you have control over critical suppliers and then decide is it necessary to perform a supplier audit or not.
For more details, please read the following article:
- How can ISO 13485 clause 7.4, Purchasing, enhance procurement? https://advisera.com/13485academy/blog/2018/04/18/how-can-iso-13485-clause-7-4-purchasing-enhance-procurement/
Feel free to check out this document:
- Procedure for Purchasing and Evaluation of Suppliers https://advisera.com/13485academy/documentation/procedure-for-purchasing-and-evaluation-of-suppliers-iso-13485-2016/
Hi Kristina. Under Section 4.1.1 of 13485 an organisation shall document the role (s) undertaken by the organisation under the applicable requlatory requirements. If you are a supplier to a medical device manufacturer, what role would that supplier define themselves as? ( Manufacturer, Authorised Representative, Importer or distributor are the roles listed in 13485) I'm confused as to how a supplier can meet this requirement if they are not any of these 4 roles. Yet suppliers in the supply chain are expected to meet the requirements of 13485 if their client is a medical device manufacturer. If they only supply a component, how can they have a medical device file as per the requirements of Clause 4.2.3?
I hope you can help me in answering this question.
Thank you.
They are manufacturers of raw materials/components. In the Medical device file, they will have basic information on the components that they produce like, of course, if it is applicable: specifications, technical drawings, storage conditions, material safety data sheets, any test results, instructions of services or installation at the medical device manufacturer, labels. You can completely adapt this to your own needs.
Comment as guest or Sign in
Jun 14, 2024