Are Supplier Audits Required?
No
Neither ISO 13485 nor FDA 21 CFR explicitly require supplier audits, although supplier audits are one mechanism of qualification. The requirements established in FDA and ISO rules are:
• Companies must define evaluation and selection criteria.
• Companies must define and then monitor (review with some frequency) requirements for suppliers, contractors, and consultants.
• Companies must document these requirements and maintaining records of their application to suppliers.
Are Suppliers Required to be ISO Certified?
No
ISO 13485 isn’t mandatory for all suppliers; alternatives like ISO 17025 for labs or ISO 9001 for general manufacturing may apply. However, certification is not a requirement. Many service companies such as contract manufacturers choose ISO certification as a way to demonstrate their commitment to quality to their customers.
The FDA exempts component manufacturers from 21 CFR 820, noting that ISO certification ensures operational control but isn’t obligatory.
Can We Qualify a Supplier Outside a Regulated Industry?
Yes
Suppliers from non-regulated industries, such as textile factories or research labs making custom antibodies, can be qualified. It’s crucial they deliver as promised. Qualification can be achieved through thorough inspections and testing of received products or by onsite inspections.
Summary
A variety of methods exist for supplier qualification. Companies should adopt a risk-based approach to determine evaluation criteria, with the understanding that regulations allow manufacturers to select the most appropriate quality system controls for their specific products and operations.
Download
Download The Value of Supplier Audits Talking Points Memo PDF