Chapter 1: Setting up a Quality Management System
30
Vendor Quality Systems
Management of suppliers and their materials or services
can affect product quality and services the organiza-
tion provides to its customers. Without good supplier
management of appropriate materials or services, an
organization will not be able to deliver its products or
services. Supplier management and purchasing controls
are emerging topics of interest, and inadequate supplies
can result in unintended consequences, some very serious.
The manufacturer has the ultimate responsibility and
cannot delegate it. Supplier management is of increasing
importance, and a systems approach to supplier quality
can help reduce unintended consequences. Manufacturers
should remember suppliers are an extension of the
company’s business. Within the medical device industry,
subcontractors frequently supply critical components
or complete products. In recent years, issues have
resulted that point to the need for greater control over
subcontractors counterfeit electronic components and
contaminated heparin have been high-profile exam-
ples of supplier issues impacting medical device safety.
Regulatory expectations for purchasing controls and
acceptance have increased due to these issues. GHTF
published GHTF/SG3/N17:2008 Quality Management
Systems—Medical Devices—Guidance on the Control of
Products and Services Obtained from Suppliers, which pro-
vides a good basis for any supplier and material or service
purchasing control system.
How to Audit Suppliers
The manufacturer should assess potential suppliers’ abil-
ity to meet selection criteria, which could include various
methods, such as a questionnaire or an audit. It is not
possible for any organization to audit all its suppliers, so
this is where risk management should be applied, where
the evaluation’s depth and the methods used are related
directly to the product or service’s risk.
How the Process Differs from Internal and
Third-Party Audits
An audit is a systematic, independent and docu-
mented process for obtaining evidence and evaluating
it objectively to determine the extent to which audit
criteria are fulfilled. This definition is taken from ISO
19011: 2011 Clause 3.1. ISO’s Guidelines for Auditing
Quality Management Systems is a helpful framework for
an organization setting up an internal audit program or
conducting supplier audits. It also includes information
on third-party audits when an organization is audited
by a certification body.34
Strategic Considerations and
Customizing a QMS
All companies differ in size, maturity, culture, products
and many other factors. Important QMS considerations
for any organization include the following:
• Engage in discussions with the certification body
as early as possible to ensure the certification body
has the right competency and resources to deliver
audits and reviews, and there are no significant
issues with QMS plans.
• Ensure the QMS, regulatory projects and design
and development activities are resourced adequately
and have top management’s commitment.
• Personnel involved in the QMS should have rel-
evant, documented background and training. Any
gaps can be addressed in training plans.
• The QMS should be the responsibility of not only
the quality department but also should have the
involvement, understanding and commitment of
staff from virtually every part of the business, who
have been appropriately trained on the QMS:
quality, regulatory, research and development,
engineering, production, sales, marketing, HR, top
management and administration.
• There are many documentation and record require-
ments due to medical devices’ high-risk nature.
Record retention based on device lifetime also is an
important consideration.
• What are the environment and infrastructure
considerations to ensure product conforms to
requirements and how are these documented?
• Exclusions or non-applications should be doc-
umented in the quality manual. Just because a
30
Vendor Quality Systems
Management of suppliers and their materials or services
can affect product quality and services the organiza-
tion provides to its customers. Without good supplier
management of appropriate materials or services, an
organization will not be able to deliver its products or
services. Supplier management and purchasing controls
are emerging topics of interest, and inadequate supplies
can result in unintended consequences, some very serious.
The manufacturer has the ultimate responsibility and
cannot delegate it. Supplier management is of increasing
importance, and a systems approach to supplier quality
can help reduce unintended consequences. Manufacturers
should remember suppliers are an extension of the
company’s business. Within the medical device industry,
subcontractors frequently supply critical components
or complete products. In recent years, issues have
resulted that point to the need for greater control over
subcontractors counterfeit electronic components and
contaminated heparin have been high-profile exam-
ples of supplier issues impacting medical device safety.
Regulatory expectations for purchasing controls and
acceptance have increased due to these issues. GHTF
published GHTF/SG3/N17:2008 Quality Management
Systems—Medical Devices—Guidance on the Control of
Products and Services Obtained from Suppliers, which pro-
vides a good basis for any supplier and material or service
purchasing control system.
How to Audit Suppliers
The manufacturer should assess potential suppliers’ abil-
ity to meet selection criteria, which could include various
methods, such as a questionnaire or an audit. It is not
possible for any organization to audit all its suppliers, so
this is where risk management should be applied, where
the evaluation’s depth and the methods used are related
directly to the product or service’s risk.
How the Process Differs from Internal and
Third-Party Audits
An audit is a systematic, independent and docu-
mented process for obtaining evidence and evaluating
it objectively to determine the extent to which audit
criteria are fulfilled. This definition is taken from ISO
19011: 2011 Clause 3.1. ISO’s Guidelines for Auditing
Quality Management Systems is a helpful framework for
an organization setting up an internal audit program or
conducting supplier audits. It also includes information
on third-party audits when an organization is audited
by a certification body.34
Strategic Considerations and
Customizing a QMS
All companies differ in size, maturity, culture, products
and many other factors. Important QMS considerations
for any organization include the following:
• Engage in discussions with the certification body
as early as possible to ensure the certification body
has the right competency and resources to deliver
audits and reviews, and there are no significant
issues with QMS plans.
• Ensure the QMS, regulatory projects and design
and development activities are resourced adequately
and have top management’s commitment.
• Personnel involved in the QMS should have rel-
evant, documented background and training. Any
gaps can be addressed in training plans.
• The QMS should be the responsibility of not only
the quality department but also should have the
involvement, understanding and commitment of
staff from virtually every part of the business, who
have been appropriately trained on the QMS:
quality, regulatory, research and development,
engineering, production, sales, marketing, HR, top
management and administration.
• There are many documentation and record require-
ments due to medical devices’ high-risk nature.
Record retention based on device lifetime also is an
important consideration.
• What are the environment and infrastructure
considerations to ensure product conforms to
requirements and how are these documented?
• Exclusions or non-applications should be doc-
umented in the quality manual. Just because a