HomeIVD ManufacturingHow Suppliers Impact your ISO 13485:2016 Quality Management System

How Suppliers Impact your ISO 13485:2016 Quality Management System

Liz Heisler

Segment Program Manager, MilliporeSigma

White Paper

New requirements call for ISO 13485:2016- and BS EN ISO 13485:2016-compliant in vitro diagnostic (IVD) manufacturers to manage risk more comprehensively than ever before. Section 4.2.1 of the standard demands that organizations “apply a risk-based approach to the control of the appropriate processes needed for the quality management system."1 These enhanced requirements for IVDs must be implemented by the February 28, 2019 deadline.

The new ISO standard better aligns its requirements for supplier management with the U.S. Food and Drug Administration’s (FDA) 21 CFR 820.50, Purchasing Controls. New demands include managing risk by increased control of suppliers and outsourced processes. Paragraphs 4.1.5 and 7.4.1 of the standard specify that the manufacturer "should select, evaluate its suppliers (including subcontractors, consultants), and implement a suitable amplitude of actions necessary when the supplier does not meet the acceptance criteria defined."1

Results of supplier scoring even affect the incoming inspection requirements for a given raw material, as Section 7.4.3 specifies. The risk management process in ISO 14971 should be used to define by what criteria a purchased material should be tested.2 Suppliers who score low and receive a high risk designation, either initially or upon re-evaluation, would require additional testing or controls compared to products coming from less risky suppliers.

In addition to the risk that a supplier’s material does not meet specifications, design risk is another challenge that IVD manufacturers face. According to Paragraph 7.3.9, manufacturers must take into account "the significance of all changes to function, performance, usability, safety, and applicable regulatory requirements for the medical device and its intended use."1 IVD manufacturers must therefore be aware of changes throughout their supply chain, including those changes that their suppliers implement.

To mitigate supplier-associated risk3, IVD manufacturers can take action with a supplier management program whereby:

  • Suppliers are selected and classified according to the risk level of products or services they provide
  • Parameters to accept or reject a supplier are defined
  • Supplier evaluations are executed, and follow-up actions are prescribed based on results
  • Supplier performance is continuously monitored over time

Partnering with suppliers who understand their role in your ISO 13485-compliant quality management system reduces your risk as well as saves you time and money. Suppliers who conform to your quality and documentation requirements lessen the need for costly additional testing and controls. Also helping to reduce your risk are suppliers who notify you of changes, support your verification requirements, and who take corrective and preventative actions when necessary.

Contact us to learn more about how we as a supplier can support your ISO 13485:2016 quality management system.


  1. BS EN ISO 13485:2016 and ISO 13485:2016. Medical devices – Quality management systems – Requirements for regulatory purposes.
  2. ISO 14971:2007. Medical devices – Application of risk management to medical devices.
  3. Petiard, Alexandre. ISO 13485:2016 & Risk-Based Approach. Emergo, a UL Company; Sept 2017.
Sign In To Continue

To continue reading please sign in or create an account.

Don't Have An Account?