Manufacturers of medical technology are legally obliged to monitor multiple obligations and tasks at their suppliers at all times. Many companies are not aware that they are also liable for unsuitable suppliers. Our risk-based approach to supplier management ensures security, enabling companies to verifiably implement the requirements of regulated markets in several areas.

Medical technology products not only need to meet high safety and performance standards, but also must be economically profitable for the manufacturer. In order to ensure valid functionality over the entire life cycle, resource-intensive production steps in particular, are often outsourced to external suppliers. Even when outsourced, the responsibility for compliance remains with the manufacturer and cannot be delegated. Every manufacturer is solely responsible for their product and must be able to  systematically and verifiably declare its conformity to the best of their knowledge and belief. This also includes being aware at all times of what exactly partners are delivering and what tasks they have to fulfil.

In this respect, the legislator has a clear expectation of the manufacturer’s awareness. The manufacturer should meet their responsibility, assess the suitability of their suppliers in a transparent manner and monitor the suitability in such a way that they can react in a timely manner if necessary – in particular in the case of compliance risks.

However, many manufacturers are not aware that they are also liable for unsuitable suppliers. Those who disregard this, in the worst-case scenario, risk direct action by their competent authorities or notified body. The possibility of suspension or withdrawal of certificates should be particularly noted here as both measures are being integrated into the European EUDAMED database and linked to the manufacturer going forward. This linking is comparable to a “warning letter” from the FDA in the USA. And this is before taking into account the consequences under private law, such as claims for damages or damage to the company’s image.

Even with a few suppliers, medical technology manufacturers have to monitor a wide range of duties and tasks at all times, with constantly increasing complexity due to country-specific laws or changed standards. Not to mention the unannounced audits, which can be carried out at any time by competent authorities or notified bodies at the manufacturer’s site or their critical suppliers.

Keeping sight of end-product compliance

We have therefore developed a risk-based approach to supplier management that transparently implements the requirements of regulated markets and also works in other industries with complex or fragile value chains. The approach is based on the manufacturer’s quality policy and focuses on the influence of the product or service procured on the compliance of the end product.

This has the advantage, among other things, that the use of resources for proof of suitability and for continuous suitability checks at suppliers can be controlled more efficiently. For example, if you focus on your four key suppliers instead of auditing ten or more suppliers out of habit or arbitrariness, you keep an eye on the really critical links in your supply chain, while also having a positive effect financially. With this intention, our approach focuses on the following four dimensions.

Dimension #1: Supplier Assessment

The ‘rough’ distinction between non-critical and critical suppliers is not sufficient. Our approach refines the ranking of critical suppliers into ‘highly critical’, ‘semi-critical’ and ‘less critical’. Highly critical suppliers have a very high influence and, in the event of a fault, their products or services can cause an unacceptable health risk for the user, patients or third parties. In this dimension, we therefore evaluate in particular:

• Which requirements (laws, standards, customer obligations) must be met in order to be considered compliant?
• What influence does the supplier have on the fulfilment of these requirements?
• How likely is it that you will discover a supplier error?

The answers to these three questions help classify the supplier's criticality as mentioned above – and thus forms a valid basis for further risk control measures. At this point, it is already clear how the use of resources for supplier management in the company can be controlled more efficiently and effectively.

Dimension #2: Supplier Audits

A customer-specific catalogue of criteria for supplier classification helps improve inventory data analysis and evaluation. These become the basis for deciding to what extent targeted supplier audits are necessary. In these cases, the audit requirements and content must be defined in a transparent and traceable manner. This is about deriving a new system for supplier assessment from aspects such as:

• Is there a valid information or data pool for supplier suitability?
• Which expertise are to be ensured when putting together the audit team?
• What information or data must be provided for compliance?

The traditional classification of suppliers as ‘A, B, C’ suppliers usually does not provide the information expected. In regulated industries, we recommend comparing the target requirements with actual requirements by also collecting the required documentation. This can be, for example, technical documentation or risk management files. This also makes it transparent how the use of resources for supplier management in the company can be optimised.

Dimension #3: Contractual Agreements

A manufacturer must demonstrate that compliance is guaranteed at all times. Meaningful and clear contracts, such as quality assurance agreements (QAAs), are essential for this classification system. In order to ensure compliance with the requirements for meaningfulness and unambiguity in the long term, companies should standardise and monitor the contractual agreements with the help of the quality management system. Systematic observation serves as an ‘early warning system’ for the experienced manufacturer, to quickly identify and control impending compliance or liability risks. The following questions should be used to clarify what is considered a compliance or liability risk:

• Are QAAs in place for the ‘highly critical’ and ‘semi-critical’ supplier relationships?
• Are the QAAs suitable to declare the manufacturer’s end products as compliant?
• Is permission for unannounced visits or checks explicitly part of these QAAs? Are there rules governing the handling of copyright-protected information or data and do competent authorities or notified bodies have unrestricted access?
• Are the tasks and responsibilities clearly defined and assigned to the contracting parties?

Since the manufacturer bears sole responsibility for the product, risk-based supplier management also includes preventive procedures for lack of cooperation or unacceptable default risks on the part of the supplier. The traditional classification of suppliers as ‘A, B, C’ suppliers offers solutions for this and can be adopted in a modified form.

Dimension #4: Monitoring and strategic supplier development

Strategic supplier development is useful to ensure supplier management delivers sustainable results. The success of this depends on three prerequisites. Firstly, the presence and priority of the topic at management level. Secondly, a good flow of information between the key stakeholders and the supplier. And thirdly, the appropriate technologies to ensure that information such as KPIs and error messages are addressed to the right recipients and serve as an early warning.

Experience often shows that, in fact, a significantly smaller number of suppliers are consider ‘highly critical’ than originally assumed. With our approach, we are making a significant contribution to the transformation of outdated supplier management structures in favour of a risk-based approach. Our approach is based on more than short-term successes or findings. Risk-based supplier management pays off in many ways in the long term: financially, with the reduction of complex audit processes, organisationally, thanks to better cooperation between the operational areas and, last but not least, with the reduction of liability risks.

Practical tip – these questions should be clarified in conversations with critical suppliers:

• Do all parties involved know the intended purpose of the end product?
• Are all parties involved aware of the effects that an error would have on the manufacturer?
• How is the inspection of purchased parts ensured (e.g. specifications and incoming goods inspections)?
• How is production structured? Is there a test concept and is there a verifiable final inspection?
• How do the parties ensure that errors are used as insights? Does the supplier have, for example, an appropriate quality management system? If so, how is this implemented?