Approved Supplier List
Summary
Approved Supplier List provides systematic documentation of all qualified suppliers that have been evaluated and approved for providing materials, components, services, or manufacturing processes affecting medical device quality and regulatory compliance. This essential Quality Management System (QMS) record maintains current supplier status, criticality assessments, performance scores, and ongoing surveillance requirements to ensure continuous supply chain quality assurance.
Why is Approved Supplier List important?
Supplier management represents a critical control point that directly impacts medical device safety, quality, and regulatory compliance. Without systematic supplier qualification and ongoing monitoring, organizations risk incorporating defective components, unreliable services, or non-compliant materials that could compromise device performance or create regulatory violations.
Regulatory requirements mandate structured supplier control processes. FDA Quality System Regulation (21 CFR 820.50) and ISO 13485:2016 (Section 7.4) require organizations to evaluate and select suppliers based on their ability to provide products meeting specified requirements. The Approved Supplier List provides evidence of systematic supplier evaluation and ongoing performance monitoring.
The documented approach transforms supplier management from ad-hoc purchasing decisions into strategic quality assurance. Well-maintained supplier lists support procurement decisions, enable risk-based supplier monitoring, and provide audit evidence of systematic supplier control throughout the medical device lifecycle.
Regulatory Context
Under 21 CFR Part 820.50 (Purchasing Controls):
- Supplier evaluation and selection based on ability to meet specified requirements
- Purchasing data documentation including product specifications and quality requirements
- Supplier notification requirements for changes affecting product specifications
- Receiving inspection or other verification activities to ensure purchased products meet requirements
Special attention required for:
- Critical supplier qualification requiring enhanced oversight and documentation
- Component supplier changes requiring design control evaluation
- Software supplier validation for design control and production systems
- Contract manufacturer qualification including process validation oversight
Under 21 CFR Part 820.50 (Purchasing Controls):
- Supplier evaluation and selection based on ability to meet specified requirements
- Purchasing data documentation including product specifications and quality requirements
- Supplier notification requirements for changes affecting product specifications
- Receiving inspection or other verification activities to ensure purchased products meet requirements
Special attention required for:
- Critical supplier qualification requiring enhanced oversight and documentation
- Component supplier changes requiring design control evaluation
- Software supplier validation for design control and production systems
- Contract manufacturer qualification including process validation oversight
Under EU MDR 2017/745 and ISO 13485:2016:
- Supplier evaluation processes must consider supplier ability to provide products meeting organization requirements (ISO 13485 7.4.1)
- Purchasing information documentation including product requirements and supplier qualification criteria
- Critical supplier oversight with risk-based monitoring and periodic re-evaluation
- Outsourced process control when suppliers perform activities affecting product conformity
Special attention required for:
- Notified Body expectations for critical supplier documentation and oversight
- EU GDPR compliance for suppliers processing personal data
- Supply chain traceability requirements for higher-risk device classifications
- Authorized representative and distributor qualification for EU market access
Guide
Supplier Criticality Assessment
Determine supplier criticality using systematic criteria that assess impact on device performance, safety, and regulatory compliance. Classify suppliers as critical if purchased products/services could directly impact device performance or safety, affect regulatory compliance, or represent single-source supply situations with no alternatives.
Document criticality rationales clearly, explaining why specific suppliers require enhanced oversight versus standard commercial relationships. Critical suppliers require comprehensive qualification including detailed evaluation, ongoing surveillance, and formal agreements. Non-critical suppliers may require basic assessment without extensive documentation.
Review supplier criticality periodically as device designs evolve, supply chains change, or regulatory requirements update. Update criticality classifications when supplier roles change or new risk factors emerge.
Supplier Qualification Process
Conduct systematic supplier evaluation using structured criteria including quality management systems, technical capabilities, financial stability, and service performance. Score suppliers across multiple dimensions using standardized rating scales (0=Poor, 1=Fair, 2=Good, 3=Excellent).
Evaluate supplier quality systems including ISO 13485 certification, FDA registration status, and other relevant quality certifications. Assess technical capabilities including manufacturing processes, testing capabilities, and quality control procedures relevant to purchased products/services.
Document qualification decisions clearly, including evaluation scores, approval rationale, and any conditions or restrictions for supplier use. Maintain qualification records as objective evidence of systematic supplier control.
Approved Supplier List Management
Maintain current supplier information including contact details, product/service descriptions, criticality classifications, approval status, and performance monitoring requirements. Update supplier records regularly as contact information changes, services evolve, or performance issues arise.
Track supplier status systematically using categories including Approved, Approved with Monitoring, or Blocked. Approved suppliers meet all qualification requirements without restrictions. Approved with Monitoring requires additional surveillance due to moderate performance scores or risk factors. Blocked suppliers cannot be used due to qualification failures or performance issues.
Document monitoring requirements for each supplier including inspection frequencies, audit schedules, performance review cycles, and escalation criteria. Tailor monitoring intensity to supplier criticality and historical performance.
Ongoing Supplier Surveillance
Implement risk-based monitoring proportionate to supplier criticality and performance history. High-risk or critical suppliers may require frequent performance reviews, regular audits, and enhanced incoming inspection. Low-risk suppliers may need only annual reviews and routine verification activities.
Monitor supplier performance through multiple channels including incoming inspection results, delivery performance, customer complaints, and supplier communications. Document performance issues systematically and implement corrective actions when necessary.
Conduct periodic re-evaluation of all suppliers, typically annually before management review. Update qualification status based on performance trends, capability changes, or regulatory requirement modifications.
Supplier Agreements and Documentation
Establish formal agreements with critical suppliers including quality assurance agreements (QAA), service level agreements, and change notification requirements. QAAs should specify quality standards, inspection rights, corrective action procedures, and regulatory compliance obligations.
Require change notification for modifications affecting product specifications, manufacturing processes, or regulatory status. This ensures design control evaluation and risk assessment when supplier changes could impact device compliance or performance.
Maintain purchasing documentation including specifications, quality requirements, and acceptance criteria for purchased products/services. Link purchasing requirements to device specifications and regulatory requirements to ensure traceability.
Supplier Performance Management
Track key performance indicators including quality metrics, delivery performance, responsiveness, and compliance with agreements. Establish performance thresholds that trigger increased monitoring, corrective actions, or supplier status changes.
Address performance issues systematically through corrective action requests, supplier development activities, or alternative supplier qualification. Document issue resolution and verify effectiveness of corrective actions.
Recognize good performance through supplier feedback, preferred supplier status, or expanded business opportunities. Use performance data to inform future sourcing decisions and supplier development priorities.
Example
Scenario: Your organization develops a wearable health monitoring device and needs to qualify suppliers for key components including sensors, batteries, wireless modules, and contract manufacturing services.
Supplier Identification and Criticality Assessment
You identify five key suppliers: SensorTech (critical heart rate sensors), PowerCell (critical batteries), RadioCorp (wireless modules), PlasticPro (non-critical housing components), and ManufacturingPlus (critical contract manufacturer). Critical suppliers directly impact device performance and safety, while PlasticPro provides standard housing with multiple alternative sources.
Supplier Qualification Process
You complete Supplier Qualification Checklists for each supplier, evaluating quality systems (ISO 13485 certification), technical capabilities, financial stability, and service performance. SensorTech scores 2.8/3.0 (approved), PowerCell scores 1.5/3.0 (approved with monitoring), RadioCorp scores 2.5/3.0 (approved), PlasticPro scores 2.0/3.0 (approved), and ManufacturingPlus scores 2.7/3.0 (approved).
Approved Supplier List Documentation
Your list documents each supplier with contact information, product descriptions, criticality classifications, approval status, and monitoring requirements. PowerCell requires enhanced incoming inspection due to moderate scores, while other approved suppliers follow standard monitoring procedures.
Ongoing Surveillance Implementation
You establish monthly performance reviews for critical suppliers, quarterly reviews for non-critical suppliers, and annual comprehensive re-evaluations for all suppliers. Critical suppliers require formal QAAs and change notification agreements. You track quality metrics, delivery performance, and compliance with specifications.
Performance Management
After six months, PowerCell demonstrates improved performance through corrective actions, earning upgrade to standard approval status. You update their record in the Approved Supplier List and adjust monitoring requirements accordingly.