Summary
Approved Supplier List provides systematic documentation of all qualified suppliers that have been evaluated and approved for providing materials, components, services, or manufacturing processes affecting medical device quality and regulatory compliance. This essential Quality Management System (QMS) record maintains current supplier status, criticality assessments, performance scores, and ongoing surveillance requirements to ensure continuous supply chain quality assurance.Why is Approved Supplier List important?
Supplier management represents a critical control point that directly impacts medical device safety, quality, and regulatory compliance. Without systematic supplier qualification and ongoing monitoring, organizations risk incorporating defective components, unreliable services, or non-compliant materials that could compromise device performance or create regulatory violations. Regulatory requirements mandate structured supplier control processes. FDA Quality System Regulation (21 CFR 820.50) and ISO 13485:2016 (Section 7.4) require organizations to evaluate and select suppliers based on their ability to provide products meeting specified requirements. The Approved Supplier List provides evidence of systematic supplier evaluation and ongoing performance monitoring. The documented approach transforms supplier management from ad-hoc purchasing decisions into strategic quality assurance. Well-maintained supplier lists support procurement decisions, enable risk-based supplier monitoring, and provide audit evidence of systematic supplier control throughout the medical device lifecycle.Regulatory Context
- FDA
- MDR
Under 21 CFR Part 820.50 (Purchasing Controls):
- Supplier evaluation and selection based on ability to meet specified requirements
- Purchasing data documentation including product specifications and quality requirements
- Supplier notification requirements for changes affecting product specifications
- Receiving inspection or other verification activities to ensure purchased products meet requirements
Special attention required for:
- Critical supplier qualification requiring enhanced oversight and documentation
- Component supplier changes requiring design control evaluation
- Software supplier validation for design control and production systems
- Contract manufacturer qualification including process validation oversight
Guide
Supplier Criticality Assessment
Determine supplier criticality using systematic criteria that assess impact on device performance, safety, and regulatory compliance. Classify suppliers as critical if purchased products/services could directly impact device performance or safety, affect regulatory compliance, or represent single-source supply situations with no alternatives. Document criticality rationales clearly, explaining why specific suppliers require enhanced oversight versus standard commercial relationships. Critical suppliers require comprehensive qualification including detailed evaluation, ongoing surveillance, and formal agreements. Non-critical suppliers may require basic assessment without extensive documentation. Review supplier criticality periodically as device designs evolve, supply chains change, or regulatory requirements update. Update criticality classifications when supplier roles change or new risk factors emerge.Supplier Qualification Process
Conduct systematic supplier evaluation using structured criteria including quality management systems, technical capabilities, financial stability, and service performance. Score suppliers across multiple dimensions using standardized rating scales (0=Poor, 1=Fair, 2=Good, 3=Excellent). Evaluate supplier quality systems including ISO 13485 certification, FDA registration status, and other relevant quality certifications. Assess technical capabilities including manufacturing processes, testing capabilities, and quality control procedures relevant to purchased products/services. Document qualification decisions clearly, including evaluation scores, approval rationale, and any conditions or restrictions for supplier use. Maintain qualification records as objective evidence of systematic supplier control.Approved Supplier List Management
Maintain current supplier information including contact details, product/service descriptions, criticality classifications, approval status, and performance monitoring requirements. Update supplier records regularly as contact information changes, services evolve, or performance issues arise. Track supplier status systematically using categories including Approved, Approved with Monitoring, or Blocked. Approved suppliers meet all qualification requirements without restrictions. Approved with Monitoring requires additional surveillance due to moderate performance scores or risk factors. Blocked suppliers cannot be used due to qualification failures or performance issues. Document monitoring requirements for each supplier including inspection frequencies, audit schedules, performance review cycles, and escalation criteria. Tailor monitoring intensity to supplier criticality and historical performance.Ongoing Supplier Surveillance
Implement risk-based monitoring proportionate to supplier criticality and performance history. High-risk or critical suppliers may require frequent performance reviews, regular audits, and enhanced incoming inspection. Low-risk suppliers may need only annual reviews and routine verification activities. Monitor supplier performance through multiple channels including incoming inspection results, delivery performance, customer complaints, and supplier communications. Document performance issues systematically and implement corrective actions when necessary. Conduct periodic re-evaluation of all suppliers, typically annually before management review. Update qualification status based on performance trends, capability changes, or regulatory requirement modifications.Supplier Agreements and Documentation
Establish formal agreements with critical suppliers including quality assurance agreements (QAA), service level agreements, and change notification requirements. QAAs should specify quality standards, inspection rights, corrective action procedures, and regulatory compliance obligations. Require change notification for modifications affecting product specifications, manufacturing processes, or regulatory status. This ensures design control evaluation and risk assessment when supplier changes could impact device compliance or performance. Maintain purchasing documentation including specifications, quality requirements, and acceptance criteria for purchased products/services. Link purchasing requirements to device specifications and regulatory requirements to ensure traceability.Supplier Performance Management
Track key performance indicators including quality metrics, delivery performance, responsiveness, and compliance with agreements. Establish performance thresholds that trigger increased monitoring, corrective actions, or supplier status changes. Address performance issues systematically through corrective action requests, supplier development activities, or alternative supplier qualification. Document issue resolution and verify effectiveness of corrective actions. Recognize good performance through supplier feedback, preferred supplier status, or expanded business opportunities. Use performance data to inform future sourcing decisions and supplier development priorities.Example
Scenario: Your organization develops a wearable health monitoring device and needs to qualify suppliers for key components including sensors, batteries, wireless modules, and contract manufacturing services.Supplier Identification and Criticality Assessment
You identify five key suppliers: SensorTech (critical heart rate sensors), PowerCell (critical batteries), RadioCorp (wireless modules), PlasticPro (non-critical housing components), and ManufacturingPlus (critical contract manufacturer). Critical suppliers directly impact device performance and safety, while PlasticPro provides standard housing with multiple alternative sources.Supplier Qualification Process
You complete Supplier Qualification Checklists for each supplier, evaluating quality systems (ISO 13485 certification), technical capabilities, financial stability, and service performance. SensorTech scores 2.8/3.0 (approved), PowerCell scores 1.5/3.0 (approved with monitoring), RadioCorp scores 2.5/3.0 (approved), PlasticPro scores 2.0/3.0 (approved), and ManufacturingPlus scores 2.7/3.0 (approved).Approved Supplier List Documentation
Your list documents each supplier with contact information, product descriptions, criticality classifications, approval status, and monitoring requirements. PowerCell requires enhanced incoming inspection due to moderate scores, while other approved suppliers follow standard monitoring procedures.Ongoing Surveillance Implementation
You establish monthly performance reviews for critical suppliers, quarterly reviews for non-critical suppliers, and annual comprehensive re-evaluations for all suppliers. Critical suppliers require formal QAAs and change notification agreements. You track quality metrics, delivery performance, and compliance with specifications.Performance Management
After six months, PowerCell demonstrates improved performance through corrective actions, earning upgrade to standard approval status. You update their record in the Approved Supplier List and adjust monitoring requirements accordingly.Q&A
How do I determine if a supplier should be classified as critical?
How do I determine if a supplier should be classified as critical?
Classify suppliers as critical if their products/services could directly impact device performance or safety, affect regulatory compliance, or represent single-source situations with no alternatives. Consider whether supplier failure would prevent device development, manufacturing, or market release. Document criticality rationale clearly for each determination.
What evaluation criteria should be included in supplier qualification?
What evaluation criteria should be included in supplier qualification?
Evaluate suppliers based on quality management systems (ISO 13485, FDA registration), technical capabilities, financial stability, delivery performance, customer service, and pricing competitiveness. Use standardized scoring (0-3 scale) across consistent criteria. Consider additional factors like certifications, geographic location, and capacity for critical suppliers.
How often should suppliers be re-evaluated and their status updated?
How often should suppliers be re-evaluated and their status updated?
Conduct comprehensive supplier re-evaluation annually before management review. Update supplier performance continuously based on incoming inspection, delivery metrics, and customer feedback. Conduct immediate re-evaluation when significant issues arise or supplier capabilities change. Document all evaluation activities and status changes.
What should I do if a supplier fails qualification or experiences performance issues?
What should I do if a supplier fails qualification or experiences performance issues?
Address failed qualification by marking suppliers as blocked and seeking alternatives. For performance issues with approved suppliers, implement corrective action requests, increase monitoring frequency, or change status to “approved with monitoring.” Document all issues and resolution efforts. Severe issues may require supplier blocking and alternative sourcing.
What agreements should be in place with critical suppliers?
What agreements should be in place with critical suppliers?
Establish Quality Assurance Agreements (QAA) specifying quality standards, inspection rights, corrective action procedures, and change notification requirements. Include service level agreements for delivery and responsiveness. For critical suppliers, consider non-disclosure agreements and preferential pricing agreements. Ensure all agreements support regulatory compliance requirements.
How do I handle supplier changes that could affect device specifications?
How do I handle supplier changes that could affect device specifications?
Require suppliers to notify your organization before implementing changes affecting product specifications, manufacturing processes, or regulatory status. Evaluate changes through design control processes to assess impact on device performance and regulatory compliance. Update supplier qualifications and device documentation as necessary before accepting changes.
What documentation should be maintained for supplier management?
What documentation should be maintained for supplier management?
Maintain Supplier Qualification Checklists, Approved Supplier List, supplier agreements (QAA, NDAs), performance monitoring records, audit reports, and corrective action documentation. Include purchasing specifications, incoming inspection records, and correspondence regarding specification changes. Ensure documentation supports regulatory compliance and audit requirements.
How do I manage software suppliers and service providers?
How do I manage software suppliers and service providers?
Evaluate software suppliers based on security standards, data protection compliance, service reliability, and regulatory alignment. For SaaS providers, assess service level agreements, data backup procedures, and business continuity planning. Include software suppliers in validation activities when they support quality management or production processes. Document supplier roles in device development and lifecycle management.