Supply chain management is harder than it used to be. Many OEMs are outsourcing more functions instead of keeping them in-house, adding geographical distance and cultural diversity to the supply chain. This, of course, adds complexity as well, which increases the chances of something going wrong and compromising quality.
The FDA is also targeting the supply chain—as a result OEMs are pushing their suppliers hard to meet the same FDA requirements OEMs face. OEMs are also shortening their supply chains to include only preferred vendors—this creates even more pressure on suppliers to oversee their own supply chains (which have grown more complex because of the services they have added to become one-stop shops and please their OEMs).
Even though shortening the supply chain adds value in several ways, it actually adds a new element of risk—if something disruptive happens and you don’t have quality material coming from one of your key suppliers, you have fewer options for going somewhere else quickly to get it.
The level of risk management and quality control placed on a supplier should be commensurate with the level of risk the supplier’s product exhibits. “Even though you might be getting it from China and China might be getting it from somewhere else, and potentially additional layers of suppliers, it’s the responsibility of the OEM to establish proper quality controls and to provide proper evidence for products and services obtained from those suppliers,” says Deb Kacera, regulatory industry strategist at Pilgrim Software. “Because of this, proper assessment of risk has become really critical in the supply chain.”
Once you select a supplier to evaluate, there is a wide range of risk associated with each supplied product and/or service from each supplier location. For example:
- Every product and/or service from a supplier must be assessed
- Every location that supplies a product/service, even if it is the same product/service from the supplier, must be assessed
- Each product from a supplier must be assessed during the design phase, especially if the same product has a different “use”, as the risk level may be different
Steve Niedelman, the FDA’s former Deputy Associate Commissioner for Regulatory Operations and COO, emphasizes six elements of a successful supplier quality program at the Medical Device Summit’s “Supplier Controls and Quality Management Conference” held in Washington D.C:
- Initial supplier qualification
- Contractual supplier agreements
- Risk management classification (product/service)
- Risk-based auditing
- Maintaining supplier data
- Corrective action plans
There are many approaches OEMs can take with their supplier base to highlight quality and focus on compliance, including supplier assessment programs, supplier agreements, QMS and related metrics, acceptance activities, supplier audits, change management processes, and process validation. Regarding supply chain management, Kim Trautman, quality systems expert at the FDA, indicates FDA inspectors are being trained to look for:
- Statistically sound analysis during the design phase that substantiates the AQL and “sampling plans” selected as supplier product control
- Approved supplier lists that are updated more than once a year
- Proactive analysis and treatment of nonconformance/customer complaint supplier issues as they happen
Monitoring the “health” of the supplier’s QMS is also essential and should be conducted at least twice a year. This review can include:
- Effectiveness of supplier CAPAs (SCARs) as a percent effectiveness
- Timeliness metrics—cycle time to complete SCAR responses
- Frequency of occurrence or “repeat offenders”
- SCAR analysis and metrics by supplier, product/process, and location
- Approved supplier list, including explicit criteria when added or removed
- Number of changes requested
- Supplier scorecards by part/location and then rolled up to a global supplier rating
“Suppliers are always going to be evaluated on three major issues when dealing with a customer (OEM) that is providing FDA-regulated product,” says Kacera. “These are quality, productivity and delivery. Suppliers who want to prove they can consistently deliver on these items must have a strong quality system, proper documentation, and standard operating procedures (SOPs) in which employees are trained.
“They need to ensure that all processes are validated and that quality systems are in place for Complaint Handling, Nonconformance, Root Cause Analysis and CAPAs (corrective action and preventive action). Product Risk Management, Design, Change Control, traceability and document retention and accessibility, are also critical elements of a solid quality management system.