Once the supplier information is gathered a risk assessment of the supplier should be performed.
FMEA
This can be an FMEA (Failure Modes Effect and Analysis) type of assessment or another risk tool.
In any case the following items should be considered:
- Quality of Service/Product
- Timeliness
- Costs
- Service Level
- Is the supplier sole-source, single source, or a secondary source?
- Criticality of the purchased product to the quality of the medical device product
The analysis should start with the criticality of the purchased product, and may even be skipped for low risk products.
However, for high-risk parts the risk can help drive the necessity of corrective actions such as a supplier audit, increased inspection criteria or other mitigation’s.
Sole Source
“Sole source” means that there is no other supplier known that can provide the material and typically automatically makes the supplier critical, and requires mitigation’s to prevent supply chain interruption.
Single Source
“Single source” means that the supplier is the only one listed or approved in the organizations system, but other sources are possible.
Secondary Source
A “secondary source” is defined here as any secondary, tertiary or additional supplier being added to allow for pricing, or alternative supply chain options. The risk assessment may be built into the approved supplier list (ASL), or done independently.
This risk assessment is often referred to as the supplier score card or vendor score card.
Typically, the supplier risk or supplier score is based on the following areas:
- Assurance of Supply
- Quality of Product
- Regulatory Compliance
- Procurement Cost
- Innovation and Technical Ability
- Communication and Responsiveness
The suppliers should be re-evaluated on a regular basis and presented as part of the management review process.
The periodic review period may be set in the procedure or based on the supplier’s risk level.
