International standards and global regulations define medical device supplier management as a systematic, risk-based oversight process of external parties that provide materials, components, services, or processes impacting a device’s quality, safety, or regulatory compliance. A fundamental principle across all major jurisdictions is that while a manufacturer may delegate specific tasks to suppliers, the legal responsibility for the safety and performance of the device cannot be delegated.
Under Clause 7.4 of the ISO13485, manufacturers must establish documented procedures for the evaluation, selection, performance monitoring, and re-evaluation of suppliers. These controls must be proportional to the risk and regulatory impact of the supplied items.
The following strategies can effectively be used to maintain oversight and control over critical suppliers, particularly those that perform outsourced processes.
1. Risk-Based Supplier Selection and Qualification
2. Formal Quality Agreements and Contracts
3. Oversight of Special (Validated) Processes
4. Continuous Performance Monitoring
5. Robust Change Control Management
6. Periodic Re-evaluation and Audits
Key vendor performance metrics
A. Quality / Technical performance
- Incoming lot acceptance rate (% of lots accepted first time) and defect rate (ppm/% nonconforming)
- Process capability of critical characteristics where you rely on supplier process control for conformity.
- Nonconformities attributable to vendor (# NCRs per period) and trend (increasing/decreasing)
- Field issues linked to supplier (complaints, adverse events, MDR/Vigilance reports, recalls where supplier output is root cause).
- Effectiveness of supplier CAPA (% CAPAs closed on time without recurrence)
- Validation status of outsourced special processes (e.g., sterilization, cleaning, coating, assembly) – % of such processes with current validated state per ISO 13485 7.5.6.
B. Delivery / Reliability
- On‑time delivery (OTD) – % of POs/lines delivered on or before required date, especially for critical suppliers influencing availability of finished devices.
- Delivery lead time performance – actual vs agreed lead time, monitored especially when outsourcing entire devices or critical components.
- Delivery accuracy – % of deliveries with correct quantity, correct revision/lot, correct documentation (CoC, CoA, sterilization records), supporting traceability and batch release.
- Schedule adherence for time‑critical outsourced steps where delays can impact product availability or expiry windows.
C. Cost / Efficiency
- Purchase price variance vs standard cost for key components/services (supports financial performance but also signals potential quality‑risk trade‑offs).
- Cost of poor quality attributable to supplier (scrap, rework, additional inspection, deviations, line stoppages) to quantify risk impact.
- Internal resource load driven by supplier performance (extra audits, incoming testing, deviation handling) as an indirect efficiency metric.
D. Regulatory / QMS compliance & documentation
- QMS certification status of supplier and status of surveillance audits or major findings.
- Regulatory change notification performance – % of relevant changes notified in time (process changes, site changes, QMS status changes, certificates)
- Supplier audit performance – number and severity of major/minor findings in supplier audits, and timely closure.
- Documentation completeness and timeliness – % of lots with complete and correct documentation available at your site
E. Risk, continuity & relationship
- Overall supplier risk score combining quality, delivery, compliance, and business continuity aspects; reviewed at defined intervals
- Business continuity indicators: single‑source vs multi‑source, geographic and geopolitical risks, disaster recovery capability, and capacity reserves.
- Responsiveness: average response time to issues (NCR/SCAR response, data requests, regulatory queries) vs agreed limits.
- Joint improvement and innovation: number of improvement projects, standardisation initiatives, or risk‑reduction actions done with the supplier.