Managing Supplier Quality in ISO 13485

Contact Us

In today’s medical device market, ensuring high-quality products and services is crucial for a competitive edge. This is especially true for companies operating in the medical device industry, where product quality directly impacts patient safety and regulatory compliance. To achieve and maintain stringent safety and effectiveness standards, companies often turn to internationally recognized frameworks like ISO 13485. In this article, we’ll explore how to effectively manage supplier quality within the ISO 13485 framework, following the systematic approach of this widely used medical device standard.

Understanding ISO 13485 and Supplier Quality Management

ISO 13485 is an internationally recognized standard that sets out the requirements for a quality management system specific to the medical device industry. It encompasses the entire product lifecycle, from design and development to production, installation, and servicing. Supplier quality management has a prominent section within ISO 13485, as medical device manufacturers often rely on external suppliers for various components and services.

These supplier management requirements can be found in Section 7.4 of the standard, which covers three key subsections:

  • Purchasing Process
  • Purchasing Information
  • Verification of Purchased Product

Effective supplier management is crucial for controlling risks, ensuring a reliable supply chain, and delivering safe medical devices to patients. Key aspects emphasized by ISO 13485 include supplier selection, evaluation, monitoring, and the importance of a risk-based approach to supplier management.

Medical device manufacturers are advised to establish criteria for evaluating suppliers based on factors like product specifications, quality system effectiveness, certifications (e.g., ISO 13485), and production capacity. Additionally, maintaining a list of qualified suppliers, creating supplier checklists, and regularly updating supplier assessments are essential steps in effective supplier management. By adhering to ISO 13485 guidelines, and building up a system based on the general principles and practices outlined there, a medical device manufacturer can establish a robust supplier management process that has continuous improvement built in.

Understanding Supplier Quality Requirements in ISO 13485

The standard emphasizes supplier selection, evaluation, and monitoring. Key aspects include defining product needs and quality requirements, selecting suppliers based on product compatibility and organizational requirements, adopting a risk-based approach, and monitoring product quality. Certain practices in supplier management, such as checklists and creating lists of qualified suppliers, are common in industry but not specifically mentioned in the standard. ISO 13485 also requires organizations to have criteria for supplier evaluation and selection, considering the supplier’s ability to meet requirements, performance, and impact on the medical device’s risk profile and quality.

Maintaining an Approved Supplier List (ASL) is not specifically outlined in the standard but is a result of the supplier evaluation described and is crucial to ensure only approved suppliers are used. Supplier qualification criteria vary based on risk levels, with critical suppliers requiring more stringent qualifications. Documentation and ongoing monitoring are essential components of effective supplier management under ISO 13485. While not mentioned specifically, auditing suppliers is an industry practice that feeds well into the supplier monitoring and rating process described in the standard.

The three pillars of supplier quality management in ISO 13485 are further detailed below.

Purchasing Process

The opening statement of this section sums up supplier management in wonderfully concise language: “The organization shall document procedures to ensure that purchased product conforms to specified purchasing information.” This reflects the basic principle that ensuring purchased product and service quality must be “proceduralized”. A company with no written procedures for purchasing is a major risk. At the same time, this section only lays out supplier management requirements in the most general terms, so a medical device manufacturer must elaborate their procedures in much greater detail to meet the demands of customers and regulators.

The standard lays out requirements for supplier evaluation and selection, which include:

  • Assessing supplier performance
  • Assessing the effect of the purchased product on the quality of the medical device
  • Assessing the risk associated with the medical device when deciding on a supplier

Monitoring and re-evaluation of suppliers are emphasized, and the standard makes clear that data from monitoring must be considered in deciding to continue partnering with a supplier.

This passage addresses the unfortunate but common case of what to do when a supplier falls short: “Non-fulfilment of purchasing requirements shall be addressed with the supplier proportionate to the risk associated with the purchased product and compliance with applicable regulatory requirements.” In practice, a device maker might carry this out through supplier corrective action requests and other formal actions to address mismatches between the product that is specified and what is received.

Purchasing Information

The standard details information that should go into purchasing decisions. This information includes not just product specifications, but also requirements for product acceptance, procedures, processes and equipment, requirements for qualification of supplier personnel, and quality management system requirements at the supplier.

This section includes a valuable statement on ensuring the adequacy of purchasing requirements before communicating them to the supplier. Ensuring the adequacy of these specifications is important because incorrect, unclear, or inconsistently communicated specifications can spell problems for the finished device, yet specifications are often not given the verification and review needed.

Verification of Purchased Product

The final area of supplier management outlined in ISO 13485 is verification of the purchased product, and this section contains highly general but essential language on inspection and testing what the supplier provides. These inspections (or other activities) should be based on the results of the supplier evaluation and proportionate to the risks of the purchased product. For example, a supplier evaluation might result in assigning a supplier with the top supplier rating. The purchased product from this supplier might eventually be subject to a less intensive sampling plan for inspection of incoming material than purchased material from a supplier that was assigned a lower rating.

As another example, suppose an implantable medical device has a thousand components involved in its production. The inspection and testing of internal wiring in the device will generally be less intensive than the inspection and testing of the foam the device is packaged in. All these verification activities must be documented and done according to procedure.

Common Mistakes to Avoid in Supplier Quality Management

While managing supplier quality within the ISO 13485 framework, a medical device manufacturer must be mindful of some common pitfalls to ensure effective implementation and continuous improvement. These include inadequate supplier selection and qualification processes, lack of communication and collaboration with suppliers, inconsistent or irretrievable communication formats, failure to monitor and evaluate supplier performance regularly, overlooking risks associated with single-source suppliers or supply chain disruptions, and neglecting to update supplier management processes in response to changing regulatory requirements or business needs. As a standard with broad applicability, ISO 13485 provides a framework and principles for all these issues, but each organization must develop detailed procedures to meet these challenges.

Partnering with Pro QC for Supplier Quality Management

Pro QC International offers comprehensive quality assurance and engineering solutions to support organizations in managing supplier quality within the ISO 13485 framework. With over 40 years of experience, Pro QC International provides services such as supplier audits, ISO 13485 audits, MDSAP audits, ISO 9001 audits, quality inspections, and continuous improvement initiatives tailored to the medical device industry’s unique requirements.


In summary, ISO 13485 places significant emphasis on supplier management within the medical device industry by outlining specific requirements for selecting, evaluating, and monitoring suppliers to ensure the reliability and quality of the supply chain.

Effectively managing supplier quality within the ISO 13485 framework is essential for medical device manufacturers to ensure product safety, regulatory compliance, and customer satisfaction. By following a structured approach and leveraging the expertise of quality assurance partners like Pro QC International, a medical device manufacturer can optimize supplier management processes, drive continuous improvement, and achieve their quality objectives in a competitive market.

You May Also Like

Learn more about our services


Back to top

Want to Get in Touch with Pro QC ?

Contact us

Pro QC

Contact Your Local Office

North America

+1 206 865 0595

United Kingdom

+44 330 094 5589

India & South Asia

+91 120 4291971

Asia & Asia Pacific

+886 2 2832 2990


+57 601 9190355

Global Coverage experiencia local Local Expertise

© 2024 Pro QC International | Privacy | Terms of use | Terms of service Protection Status