Regulatory Open Forum

Hello RAPS team, 

As of now, our ASL, does not have MRO (Maintenance Repair Operation) or Service Provider Suppliers.
Is this correct?

Which clause in ISO Standard or regulations defined criteria, which suppliers should be on AS
Do I need to send new Quality Technical Agreement (QTA) to all suppliers or just those supplier which are on ASL?
Do I need to define criteria, which suppliers will have to sign QTA?
I'm thinking to classify my suppliers in following categories.

Class A (Supplier which are offering non inventory parts, services, etc.)
Class B (Suppliers providing off shelves items, such as hardware, plastic parts)
Class C (Suppliers providing parts which requires inspection

I also want to introduce Critical suppliers as a different category D in my QMS and for what I'm thinking suppliers which got 10 SCARs or below threshold score in performance evaluation matrix last year are critical suppliers.

Note: We are class I (self decarded) non sterile, non measuring medical devices manufacturer?

Would appreciate your valuable feedback

I can give some generalities. I restate your questions and give responses below.

As of now, our ASL, does not have MRO (Maintenance Repair Operation) or Service Provider Suppliers.
Is this correct? ISO generally requires those suppliers to be enrolled in your approved supplier program and placed on the ASL. I explain further below.

Which clause in ISO Standard or regulations defined criteria, which suppliers should be on ASL: Regarding the basic particulars about which you are asking (e.g., MROs; Service Providers), ISO 9000 (incorporated by reference in ISO 13485 and 9001) and ISO 13485 in part define 'Supplier' as an organization (specifically, a vendor for example) that provides a service, software, hardware or processed material. Service means a result of a set of interrelated or interacting activities that use inputs to deliver an intended result. The intended result is your corresponding quality requirement and it impacts your finished product. Thus the reason that 13485 clause 7.4 for example requires such service suppliers to be placed under clause 7.4 control.

Do I need to send new Quality Technical Agreement (QTA) to all suppliers or just those supplier which are on ASL? Any outsourced process that affects product conformity to requirements (such as those performed by an MRO or Service Provider) require a quality agreement per 13485 clause 4.1.5. I take a very broad approach to the "processes" referred to by clause 4.1.5. For example, even if my clients procure just a raw material, piece, or part, I consider that be the outsourcing of a fabrication process thus requiring a quality agreement.  But remember that "quality agreement" is interpreted very flexibly by ISO and thus doesn't necessarily mean there needs to be a detailed lengthy contract. Instead, a simple P.O. may be sufficient to fulfill the requirement for a quality agreement. Note that ISO doesn't use the term "Quality Technical Agreement", but rather just "quality agreement". 

Do I need to define criteria, which suppliers will have to sign QTA? See my preceding response.

I'm thinking to classify my suppliers in following categories.

Class A (Supplier which are offering non inventory parts, services, etc.)
Class B (Suppliers providing off shelves items, such as hardware, plastic parts)
Class C (Suppliers providing parts which requires inspection

Rather than such a qualitative approach that will inevitably stupefy the operator and conflict with actual risk, I instead (per ISO) employ and apply a risk-ranking/scoring system the output of which scores the level or risk of each supplier at any given point in time. Then customize the type and extent of control based on the risk.

I also want to introduce Critical suppliers as a different category D in my QMS and for what I'm thinking suppliers which got 10 SCARs or below threshold score in performance evaluation matrix last year are critical suppliers. The term "critical supplier" does not exist in ISO 13485 and isn't generally used by its author (ISO TC/210) in a standardized way. Instead, we are simply to employ a type and extent of control commensurate with the risk involved. The term "critical supplier" has caused much confusion, as the registrars and notified bodies will often ask for your list of "critical suppliers" even though no such category is directly mentioned in ISO 13485's normative requirements.  Even though Notified Bodies often rely on an old NBOG definition for "critical supplier" (a supplier delivering materials, components, or services that may influence the safety and performance of the device) to calibrate their audit focus, we as manufacturers are still free to categorize our suppliers in whatever risk-based way makes the most sense to us.

Note: We are class I (self decarded) non sterile, non measuring medical devices manufacturer? Refer to my preceding answer about taking a risk-based approach. Low-risk scenarios generally (though not always) require less control than higher risk scenarios.

Hello RAPS team, 

As of now, our ASL, does not have MRO (Maintenance Repair Operation) or Service Provider Suppliers.
Is this correct?

Which clause in ISO Standard or regulations defined criteria, which suppliers should be on AS
Do I need to send new Quality Technical Agreement (QTA) to all suppliers or just those supplier which are on ASL?
Do I need to define criteria, which suppliers will have to sign QTA?
I'm thinking to classify my suppliers in following categories.

Class A (Supplier which are offering non inventory parts, services, etc.)
Class B (Suppliers providing off shelves items, such as hardware, plastic parts)
Class C (Suppliers providing parts which requires inspection

I also want to introduce Critical suppliers as a different category D in my QMS and for what I'm thinking suppliers which got 10 SCARs or below threshold score in performance evaluation matrix last year are critical suppliers.

Note: We are class I (self decarded) non sterile, non measuring medical devices manufacturer?

Would appreciate your valuable feedback