The Medical Device Regulatory Landscape is Impacting Supplier Control

The Medical Device Regulatory Landscape is Impacting Supplier Control

Kari Miller, Regulatory and Product Management Leader, Pilgrim Quality Solutions, an IQVIA company

Ask any corporate executive to list the top objectives of their organization’s Quality department and they’ll include the need for predictive and proactive risk management strategies. The Medical Device industry is no exception to this reality; if the industry wants to improve patient outcomes, then it needs medical device regulation risk management.

One of the largest sources of organizational risk is dependence on third-party suppliers. Today’s global economy has added complexity to supply chains, and longer supply chains are making it increasingly difficult to manage our suppliers, and in many cases our suppliers’ suppliers, thereby increasing overall risk. The plethora of medical device regulatory requirements placed in Medical Device organizations, including FDA mandates and the updates to ISO 13485:2016, reflect this new reality.

21 CFR Part 820.50 states that each manufacturer shall ensure that all purchased or other received product and services conform to specified requirements, and the suppliers of those products or services should be reviewed at intervals consistent with the significance of the product or services provided.

ISO 13485:2016 has been updated extensively for Supplier Oversight, defining the requirements for purchasing controls applicable to manufacturers of medical devices that are selling into the European Union (EU) and most other countries around the globe.

The Medical Device Single Audit Program (MDSAP) requires adherence to ISO 13485:2016. At a high level, Chapter 7 of MDSAP requires that the purchasing process covers the regulatory needs for supplier management for all the participating countries (USA, Canada, Brazil, Japan, and Australia), and therefore, covers the evaluation, selection, and re-evaluation of suppliers, outsourcers, and service suppliers.

The new European Medical Device Regulation (MDR), like MDSAP, requires adherence to ISO 13485:2016. However, it too adds its own declarations, including a call for announced and unannounced inspections of suppliers and/or subcontractors and their facilities.

For organizations that directly impact patient outcomes, continuous improvement should be a continuous consideration every step of the way. It is important to continually review and strengthen relationships with suppliers as a means of identifying risks throughout the product and supplier lifecycle. Regulatory auditors expect organizations to be able to demonstrate that they manage their supply chains effectively, and risk management provides the means to do so.

Reduce Supplier Risk, Reduce Organizational Risk


This e-book addresses ways to reduce supplier risk in your organizations, and the role of Quality in that process.

Reduce Supplier Risk, Reduce Organizational Risk

Pilgrim Quality Solutions

Pilgrim pioneered quality management software more than 25 years ago for regulated enterprises that needed a better way to deliver, track and oversee quality-related activities.