For years, FDA-regulated manufacturers have tried to apply a one-size-fits-all quality management approach to their entire roster of suppliers.
But with so much variability from one supplier to another, this approach can be woefully inefficient and downright dangerous when lapses in management allow potentially serious compliance issues to develop.
The increasingly popular risk-based approach to managing supplier quality allows manufacturers to craft a malleable quality management system that can be shaped to fit each supplier individually—enabling you to expend the greatest effort toward mitigating the risks that pose the most damage.
[Free White Paper:] The Complete Guide to FDA-Regulated Supplier Qualification & Quality Management
But putting such a system in place is easier said than done. Even the best efforts made to establish a robust risk-based system can stumble on its most basic elements.
The following four-step process we’ve outlined below should provide a clear and concise roadmap for building and maintaining such a system.
1. Categorize Suppliers by Risk Level and Prioritize Accordingly
Organizing your suppliers by risk level is a key component of any risk-based system.
But rather than considering “risk” as the likelihood of a problem occurring or how effective each of their quality systems are, classification should be decided based on how critical the component or ingredient is to your final product.
In other words, even though a supplier may be remarkably reliable, the fact that their component or ingredient is absolutely essential to your finished product makes them high-risk.
Striking the proper balance here is key. Components or ingredients that present a lower risk to product safety, but are essential to the manufacturing process may still deserve “critical” status, and should be managed closely to avoid potential supply problems.
Generally, it’s best to classify your suppliers into four risk tiers:
| Tier 1: | Tier 2: | Tier 3: | Tier 4: |
| Highest-risk suppliers with critical impact on the quality or availability of the product. | Heavy-risk suppliers with direct impact on the product, but for which alternatives are available. | Moderate-risk suppliers have more of an indirect impact on the product. | Low risk suppliers have no significant impact on the final product. |
Using this rubric, you can tailor quality management to focus most of your effort on the highest-risk suppliers. The more risk they pose to the product, the more vigilant you must be to perform quality assessments and establish control measures.
2. Exercise Caution When Building New Supplier Relationships
Although it’s easy to get lost in the prospects of a new professional relationship, it’s important to perform adequate due diligence when forming new partnerships with all third parties. In addition to an effective verification process as outlined above, here are a few ways to avoid stepping into a potentially problematic situation:
• Use objective observers. It can be difficult to remain truly objective when you’re actively interested in building new relationships with suppliers and vendors. An objective observer, like an experienced third-party consultant, can consider your needs and evaluate candidate companies from a fresh, unbiased perspective.
• Be specific with your expectations. Suppliers must understand precisely what your company requires to be sure they can live up to their expectations. Change control notification, for example, is one area where vagueness can result in serious problems when a change the supplier considers inconsequential actually has a huge impact on your product.
• Monitor quality early and often. Making the effort to identify and address issues early on goes a long way in preventing larger problems from developing in the future. When supplier quality systems don’t completely align with your own, be sure to compensate accordingly with a receiving inspection program or other measures that ensure outsourced products are safe and reliable.
• Don't let cost be your primary driver. Lower cost products are not worth the short-term savings they may be perceived to bring as quality issues could offset those costs exponentially.
3. Take a Risk-Based Approach When Crafting Quality Agreements
Quality agreements are essential for defining—in writing—who is responsible for the tasks and duties laid out in the quality system. Depending on the nature of the relationship, these can be as simple as a purchase order or as complex as a detailed contract.
With no standard criteria for how much detail is needed in each unique situation, the best general rule of thumb is to err on the side of too much rather than too little information, using risk to gauge how much detail is necessary.
Typical quality agreements should, at a minimum, include the following:
• Any standards or regulations you expect the supplier to meet. These may include FDA Quality System regulations, ISO Standards, European Regulations, etc.
• Responsibility for complaint handling and reporting
• Plans and schedules for regular assessments by the contracting company
• Change notification procedures and notification expectations for levels of changes
• Notification procedures for “out-of-specification” test results, manufacturing deviations, and nonconforming materials
Quality agreements should be both a protective measure as well as a tool for streamlining supplier performance. When possible, work collaboratively with new suppliers to work through the quality system and define responsibilities together, paying close attention to high-risk areas and hand-off points.
Define the controls needed to address risks in these areas and be sure to have your legal department involved in the process before anything is signed.
4. Use Objective Third-Party Auditors to Plan and Conduct Supplier Audits
In-person, on-site auditing remains the most reliable way to evaluate a supplier’s operations. However, ensuring an accurate and objective assessment requires audits to be conducted by qualified, third-party professionals whose judgment won’t be influenced by internal forces.
Audits aren’t just necessary for validating new suppliers—they’re an important tool for maintaining quality and compliance over time. The recent rise in outsourcing only further underscores the importance of having a plan in place to conduct regular evaluations led by skilled quality professionals.
Read our free white paper, The Complete Guide to FDA-Regulated Supplier Qualification & Quality Management, for a comprehensive, step-by-step guide to choosing qualified suppliers and maintaining regulatory compliance.