Dr. Christopher Joseph Devine, President, Devine Guidance International
Devine Guidance

Supplier Maintenance Assessments

By Dr. Christopher Joseph Devine
Dr. Christopher Joseph Devine, President, Devine Guidance International

If a supplier scored well on their original selection assessment, or scores well on repeat maintenance assessments—say, a score of 90 percent or above for argumentative sake—and your organization is receiving 100 percent conforming product (yes, imagine a perfect world), what is the value of performing an annual or regularly scheduled maintenance assessment? Dr. D does not see any upside. Now I could write a philippic (yep, look up time again) that takes medical device organizations to task in regards t…

If a supplier scored well on their original selection assessment, or scores well on repeat maintenance assessments—say, a score of 90 percent or above for argumentative sake—and your organization is receiving 100 percent conforming product (yes, imagine a perfect world), what is the value of performing an annual or regularly scheduled maintenance assessment? Dr. D does not see any upside.

Now I could write a philippic (yep, look up time again) that takes medical device organizations to task in regards to their approach to supplier maintenance assessments; however, I prefer to remain positive and emulate world-class practices. Besides, the only reason to visit suppliers performing at a high level is to enjoy that proverbial junket (let me see, Miami in January sounds somewhat nice). That said, the need for and frequency of supplier maintenance assessments should be driven by risk and need. Yes, Dr. D brings up the term risk again. In the medical device business, risk is everything. Additionally, a maintenance assessment my not even entail a supplier visit. A simple questionnaire, asking closed and open-ended questions of course, may be a viable approach.

Warning letter violation
For this installment of Devine Guidance, I post two warning letter extractions retrieved from the FDA’s website. The first warning letter was issued in January of this year, and pertained to the procurement of product from an unapproved supplier. What are they thinking? The medical device manufacturer cited in this warning letter must have thoroughly impressed the FDA with their lack of supplier controls and subsequent receiving inspection process.

Failure to establish and maintain procedures to ensure that all received product conforms to specified requirements, as required by 21 CFR 820.50. For example, your firm has not performed testing for 3 out of 4 incoming lots received by one of your suppliers of disposable delivery sets, (b)(4).

Your firm also receives disposable delivery sets from (b)(4). This firm is not on your approved supplier list and you did not have adequate documentation upon receipt to demonstrate that these incoming sets met required specifications.

Also, your firm contracted with an unapproved supplier to print out labels for the Sentinel pumps, which included serial numbers. Your firm did not perform any incoming inspection of the printed labels to demonstrate that they met required specifications. As a result, your firm received two complaints that the labels were smudging and chipping off.

In this second warning letter, a medical device manufacturer was “rewarded” for their failure to maintain and assess their contractors. Remember, a contractor is a supplier, and a supplier quality system should provide specific requirements for the initial assessment and ongoing supplier maintenance assessments for contractors.

Failure to evaluate and select potential contractors on the basis of their ability to meet specified requirements as required by 21 CFR 820.50 (a) (1).

Specifically, your procedures to approve contract providers and external services failed to thoroughly assess the contract laboratory’s capability to perform the ETO residual test… As discussed on item number 1 of this letter, composite sample-test of multi-devices systems is not contemplated within the referred standard. However, your firm has been accepting ETO residuals reported as a composite of samples from the devices within the kits. Moreover, no documentation was provided during the inspection to demonstrate that your firm assessed the capability of the laboratory contracted to conduct such analysis in conformance with the subject standards. 

Regulations and requirements
When it comes to defining the requirements for supplier maintenance assessments, the QSR and ISO 13485 are not extremely prescriptive. Once again, the regulations state that suppliers and materials purchased from suppliers (contractors too) shall be evaluated; however, the path to compliance is remanded back to the medical device manufacturer.

The key for compliance, to regulations and standards, is to establish and spell out in sufficient detail, your organization’s requirements for supplier-management activities. Additionally, adherence to Devine Guidance Rule # 1 – Compliance to regulations is not optional. Compliance is mandatory and dictated by law, and is a statutory requirement, literally!

1. QSR – Subpart E – Purchasing Controls

Section 820.50: Each manufacturer shall establish and maintain procedures to ensure that all purchased or otherwise received product and services conform to specified requirements.

(a) Evaluation of suppliers, contractors, and consultants. Each manufacturer shall establish and maintain the requirements, including quality requirements,  that must be met by suppliers, contractors, and consultants. Each manufacturer shall:

(1) Evaluate and select potential suppliers, contractors, and consultants on the basis of their ability to meet specified requirements, including quality requirements. The evaluation shall be documented.

(2) Define the type and extent of control to be exercised over the product, services, suppliers, contractors, and consultants, based on the evaluation results.

(3) Establish and maintain records of acceptable suppliers, contractors, and consultants.

(b) Purchasing data. Each manufacturer shall establish and maintain data that clearly describe or reference the specified requirements, including quality requirements, for purchased or otherwise received product and services. Purchasing documents shall include, where possible, an agreement that the suppliers, contractors, and consultants agree to notify the manufacturer of changes in the product or service so that manufacturers may determine whether the changes may affect the quality of a finished device. Purchasing data shall be approved in accordance with 820.40.

2. MDD (Please note the MDD references EN ISO 13485, the Harmonized Standard for Medical Device Quality Management Systems)

Article 3 – Essential Requirements: The devices must meet the essential requirements set out in Annex I, which apply to them, taking account of the intended purpose of the devices concerned.

Where a relevant hazard exists, devices, which are also machinery within the meaning of Article 2(a) of Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery shall also meet the essential health and safety requirements set out in Annex I to that Directive to the extent to which those essential health and safety requirements are more specific than the essential requirements set out in Annex I to this Directive.

Annex II.3 EC Declaration of Conformity – Full Quality Assurance System: The manufacturer must ensure application of the quality system approved for the design, manufacture and final inspection of the products concerned, as specified in Section 3 and is subject to audit as laid down in Section 3.3 and 4 and to Conformity surveillance as specified in Section 5.

3. EN ISO 13485 – 7.4 Purchasing

7.4.1 The organization shall establish documented procedures to ensure that purchased product conforms to specified purchase requirements.

    • The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product.

    • The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization’s requirements. Criteria for selection, evaluation, and re-evaluation shall be established. Records of the results of evaluations and any necessary actions arising from the evaluation shall be maintained.

Supplier maintenance assessments
According to Kantor, an increase in supplier inspections, pursued by procurement organizations, will result in an increased likelihood of supplier’s compliance to standards and subsequent improvements in productivity. Additionally, buyer behavior must align with their company’s strategy for vendor management. Furthermore, customers must forge closer working relationships with their supplier base. Finally, intimate relationships with suppliers can result in risk management becoming a transparent activity.

Performing annual supplier assessments, premised on a schedule, does not make fiscal sense nor enhances supplier performance. Once supplier selection has occurred, through a well-documented supplier assessment process, organizational need and supplier performance dictates the need for future supplier assessments. Mayer, Nickerson, and Owan believe there is a trade-off in regards to costs associated with the inspection of a supplier’s plant.

What does Dr. D say? It really does not make good business sense to create a maintenance assessment schedule that is premised on performing on-site assessments for your entire approved supplier base, on an annual basis. This approach is fiscally prohibitive, with the costs directly proportional to the number of supplier on your ASL (Approved Supplier’s List). As I have stated many times, these assessments should be driven by organizational need and risk (business risk and the actual risk of product failure). For example, in an earlier installment of Devine Guidance, I presented the concept of supplier categorization. This same supplier categorization concept can support the creation of a supplier maintenance-assessment schedule and drive the overall execution of maintenance assessments. For example, a supplier such as your sterilization provider, contract manufacturer, or metrology laboratory will probably warrant an annual on-site visit, due to the influence and importance that suppliers in these categories exude on your business. However, a machined-component supplier or injection-molding supplier (component suppliers) may require a visit once ever two or three years.

Bad suppliers, failing to meet expectations and requirements, place medical device organizations at risk, and should be given the unceremoniously boot. Do not waste your time throwing the proverbial good money after bad. Make sure your organization has an exit strategy.

An intelligently designed questionnaire can be employed in place of an on-site visit for suppliers meeting your expectations. You may also want to consider subcontracting out the maintenance assessments to a third party such as SQA Services (I am not a paid spokesperson for this company). However, remember the warning letter presented earlier, the third party service provider is a contractor and must be assessed accordingly. Furthermore, a supplier not meeting expectations may require a simple visit to review process-specific issues.

Finally, if your suppliers are evaluated annually, by competent registrars or notified bodies, the quality system aspects of their organizations should be fairly well documented (in writing remember) and robust. Selecting suppliers with quality systems approved by registrars and notified bodies will allow your organization to focus on process-related issues and drive continuous improvement projects, which add real value to an organization. Ah, yes, suppliers receiving multiple 483s or the gift of an FDA Warning Letter warrant special attention.

Conclusion: need and risk should determine assessments
In conclusion, performing supplier maintenance assessments is an expensive proposition. Performing these assessments should be premised on organizational need and risk. A supplier-assessment questionnaire, that has been intelligently designed, can augment the overall supplier-management program. The questionnaire can be employed as an economically viable and effective assessment tool. Third party assessors are also a viable option; although considerably more expensive than questionnaires, these organizations can save valuable time, and guess what, time is money.

Selecting suppliers that are routinely evaluated by recognized notified bodies and registrars will ensure that your suppliers employ, and hopefully adhere to, a functioning quality system. Although suppliers having an approved quality system will not guarantee superior supplier performance (sounds like a new Devine Guidance Rule), it should allow your organization to focus on process and continuous improvement activities instead of fighting systemic quality battles.

Remember, strong supplier relationships are good for business (also potential for a new Devine Guidance Rule). Set reasonable expectations for your suppliers and hold them accountable to those expectations. Also, remember to sever the umbilical cord to bad suppliers that continuously fail to meet expectations and requirements. Bad suppliers jeopardize the medical device industry.

In closing, thank you again for joining me. I hope you find value in the guidance provided. Until the next installment, when I discuss the role of purchasing, – cheers from Dr. D. and best wishes for continued professional success.


  1. Code of Federal Regulation. (2008, April). Title 21 Part 820: Quality system regulation. Washington, D.C.: U. S. Government Printing Office.
  2. Devine. C. (2009, July). Exploring the effectiveness of defensive-receiving inspection for medical device manufacturers: a mixed method study. Published doctoral dissertation. Northcentral University. Prescott Valley, AZ.
  3. FDA – U.S. Food and Drug Administration Website. (2010). Warning letters. Retrieved February 12, 2010, from http://www.fda.gov/ICECI/EnforcementActions/WarningLetters/
  4. Kanter, J. (2008, June). Audits crucial to supplier wellbeing. Supply Management, 13(12). Retrieved November 13, 2008, from http://proquest.umi.com
  5. Mayer, K. J., Nickerson, J. A., & Owan, H. (2004, August). Are supply and plant   inspections complements or substitutes – a strategic and operational assessment of inspection practices in biotechnology. Management Science, 50(8).
  6. Medical Device Directive. (1993). Council Directive 93/42/EEC. Medical Device Safety Service. Retrieved January 11, 2010, from http://directive93-42-eec.htm
  7. >Medical devices – quality management systems – requirements for regulatory purposes. (2007). EN ISO 13485:2003/AC:2007.
  8. Poor supplier control causing recalls, FDA says; contract is key to success. (2007, May).  The Sheet – Medical Device Quality Control, 11(6). Danvers, MA.

About The Author

Dr. Christopher Joseph Devine, President, Devine Guidance International