Kari Miller, Regulatory and Product Management Leader, Pilgrim Quality Solutions, an IQVIA company
Knowing your suppliers is as important as knowing the material they provide. Life Sciences regulators around the globe could not agree more! If you have a product defect, it doesn’t matter who is at “fault”, your supplier or your own organization.
Ultimately regulators are going to hold your organization (the license holder for the finished product) responsible for the quality of the materials and services your suppliers provide you. This is evidenced in recently updated standards and regulations such as ISO 13485:2016 and EU MDR, or long-standing standards such as 21 CFR Part 820 and Part 211, or ICH Q9 and Q10. However, and more importantly, the only thing the public will see and react to is your product and your brand. It pays to maintain tight oversight of your suppliers, and not just for compliance reasons.
Evaluation and Acceptance
The first step in understanding suppliers is through an evaluation and acceptance process. The whole purpose of a formal supplier evaluation process is to ensure you’re working with a supplier that is stable, thereby minimizing risk to you, your organization, and your customers. The supplier evaluation process should answer the following fundamental questions:
- What are their business systems?
- Are they financially stable?
- What do the financial analysts and market have to say about them?
- What percent of their sales is the product or resource you need?
- Do they have a quality management system?
- What metrics do they calculate and trend?
- Do they have any industry, regulatory, and/or standards certifications?
- Have there been any regulatory compliance findings against the organization?
- What is the capacity of the supplier’s operations?
- What technologies do they use?
- Do they have a good reputation in the industry?
- Are their product costs and distribution costs in line with the competition and your budget?
- Physically, where are they located, and who are your points of contact?
This above list of course is not inclusive, however from the items listed, one can see that the purpose of a supplier evaluation process is indeed to assess and assign supplier risk. The rigor of each supplier evaluation will be determined by the product or service they provide your organization and the criticality of that product or service to your supply chain.
Suppliers run the gamut in terms of the types of products and services they offer our organizations. Below are just a few:
- OEM (Original Equipment Manufacturer)
- Contract Research Organization
- Contract Manufacturer
- Active Pharmaceutical Ingredient Supplier
- Intermediate Processor
- Critical Service Provider
- Critical Material Supplier
- Catalog/Off-the-Shelf Material Supplier
- Routine or Low-Risk Service Provider
- Sterilization Outsourcer
Additional considerations such as design control, process controls, material controls, and employee qualification processes may need to be included when evaluating and assessing supplier risk.
Supplier Risk Assessment Criteria
While performing the supplier risk assessment, your organization should be diligent in applying objective, numeric scales to your supplier selection criteria, supplier risk criteria, and the ultimate supplier evaluation risk rating (high, medium, low or 3,2,1). A numerical value on each criteria, that can be used to calculate a total score can also aid in the finalizing the final supplier status such as “approved,” “conditionally approved,” and “rejected.
Assigning a risk criticality level or risk rating to your suppliers will help determine your supplier controls and the rigors of those controls in terms of monitoring their performance: high risk level 3, medium risk level 2, or low risk, level 1. Organizations will determine, based on this risk rating, the frequency and type of supplier audits commensurate with risk (bi-annual, annual, third-party, etc.). They will also determine the frequency and type of inspections, from dock to stock, sampling, and first article, to 100% inspection. You can determine the quality metrics (Supplier Corrective Action Request (SCAR) response time, thresholds, parts per million (PPMs), etc.).
As for performance monitoring, there are many factors you can look at, such as:
- Parts Per Million (PPMs)
- Nonconformances (NCs) – “trend”
- Supplier Corrective actions (SCARs)
- Key Performance Indicators (KPIs): on-time delivery, right the first time, scrap, yield, products in compliance, inventory turns, cost of poor quality (COPQ), and rejections. to name a few
- Scorecards: quality, cost, service, delivery, compliance
- Technical data trends
Find the metrics that are right for your product or process and supplier relationship, from scorecards and global supplier ratings, to approved supplier list (ASL) and SCARs-feedback, and more. Update your supplier risk profile and analyze it to monitor the “health” of the supplier in real time. Monitoring the performance of your suppliers throughout the product lifecycle can help you identify problems before they spill into your supply chain, putting your customers and brand reputation at risk.
Practical Tips in Managing Life Sciences Supplier Risks
View this webinar to discover key attributes of supplier risk management and best practices for maintaining a high-performance supplier base.