Hi Karen,
I have been in a similar situation before, as an ISO 13485 certified manufacturer utilizing an ISO 9001 certified contract manufacturer. Ideally, they would also be ISO 13485, but as you mentioned, most seem to have ISO 9001.
Since the risk of this supplier was high, I created a supplier audit checklist identifying the clauses of ISO 13485 we needed them to comply with. This touched on everything from document and record control, to purchasing and nonconforming product. In this particular situation, I was able to audit them on-site to see their production, but still requested copies of their internal procedures to review off-site. Any gaps that were raised were covered in a supplier quality agreement (e.g. our record retention time was 5 years, but theirs was only 2. The agreement stated that for records related to our product, they were retained for 5 years or transferred to our site after their 2 year retention period). It's important to consider gaps between both the supplier and ISO 13485, and the supplier and your particular requirements.
I've also had this happen with overseas suppliers where an on-site audit is not feasible. In these situations I ask for the company's quality manual, and SOPs related to the activities they're conducting. Similar to the above, gaps were addressed via a quality agreement.
For critical suppliers it was also important to define how they're to be monitored - whether a full re-qualification audit is necessary annually or quarterly, maintaining accurate/up to date copies of their certifications etc., and defining how you handle changes with that supplier.
I hope this helps!
Best,
Brittany
------------------------------
Brittany Gibson BSc
Director, Quality and Regulatory Affairs
Winnipeg MB
Canada
------------------------------
Original Message:
Sent: 28-Jan-2020 10:31
From: Karen Zhou
Subject: Critical supplier question
Hello,
Critical suppliers receive the highest scrutiny. I also notice that most suppliers are ISO 9001 certified rather than ISO 13485 certified. Sometimes a critical supplier does not have a QMS. ISO 9001 tells us they have a quality management system at minimum, but we'd prefer to go with an ISO 13485 certified vendor. For critical suppliers with 9001 certification or who do not have a QMS, what is the best approach to qualify them? Without the ability to audit them since many are overseas, is the next best thing a quality agreement?
Thanks.
------------------------------
Karen Zhou
------------------------------