Supplier evaluation, selection & audits (2023)

TheMDRand ISO 13485:2016, just like theFDA,set out clear requirements regardingsupplier evaluation,supplier selectionandsupplier monitoring.

This article not only gives you an overview of the regulatory requirements. It also gives you tips on how to implement them and tells you when asupplier audit is necessary.

1. Basic principles of supplier management

a) Examples of suppliers and delivered products and services

As soon as manufacturers stop developing something themselves and start buying it in, they require a supplier evaluation. Examples of products and services supplied externally are:

  • Product development
    You order the development of an entire product. A special case would be if this product is a medical device.
  • Component development
    You order the development of part of a product. Here too, if this part or component is part of a medical device, it is to be considered a special case.
  • Component purchasing (“catalogue goods”)
    You use a “ready”, that is, an already existing product within your product or medical device as the case may be.
  • Tool purchase or hire
    You buy or hire products as tools. This includes external software as a service, e.g. in the sales department.
  • IT services
    You use an IT service like server hosting and a cloud service. Here, it would be necessary to determine whether this service is a part of your products or services.

b) Supplier selection, supplier evaluation, supplier monitoring

First of all, manufacturers should establish criteria by which they assess the suppliers. Then they carry out the supplier evaluation. Based on this supplier evaluation they select the most suitable supplier/s (supplier selection).

Supplier evaluation, selection & audits (1)

Fig. 1: Supplier evaluation, supplier selection and supplier monitoring is an ongoing process.

Manufacturers monitor suppliers continually, e.g. within the scope of the supplier audit and evaluate the suppliers regularly, for example, based on audit results and the quality of the products and services delivered.

2. Regulatory requirements for supplier management

a) MDR

QM system requirements

The MDR makes it unequivocally clear that quality management must regulate “selection and control of suppliers and sub-contractors”(Article 10 (9)d.). The notified bodies must check that this actually happens.

Supplier audits

The notified body must decide whether a specific supplier or sub-contractor audit is necessary (Annex VII 4.5.2.a, Annex IX 2.3 and 3.3). If this applies, even the suppliers (“sub-contractors”) are subject to unannounced audits – “at least once every five years”(Annex IX 3.4).

The notified body is obliged to take samples of the documentation from the supplier (“sub-contractor”), particularly if the delivered parts have an influence on the conformity of the products and the manufacturer is unable to demonstrate sufficient control over its suppliers (Annex VII 4.5.2).

Product documentation requirements

The manufacturers must specify which suppliers and sub-contractors are involved in development and production (see Annex II, 3.c.).

b) ISO 13485:2016 and ISO 9001:2015

ISO 9001:2015and ISO 13485:2016 place concrete requirements on the selection and evaluation of external suppliers of products and services – supplier selection, supplier evaluation and supplier assessment. Manufacturers must...

  1. Establish criteria for the providers/suppliers (examples of criteria are mentioned below)
  2. Evaluate providers/suppliers according to these criteria
  3. Select providers/suppliers according to these criteria
  4. Monitor providers according to these criteria

Heads up!

Please bear in mind that these criteria must be established specifically for the product.

(Video) Supplier Evaluation Process | Registration | Purchase (Logistics) | Beginners with example

Alongside suppliers, the regulatory requirements also concern products and services respectively. Manufacturers must...

  1. Establish specifications for the products to be purchased
  2. Provide the providers/suppliers with the necessary information in writing
  3. Establish whatprocedures*, processes and tools are to be used to test the delivered products
  4. Test the products according to these specifications.

ISO 13485adds aspects that are specific to medical devices such as:

  • regulatory requirements
  • analysis of the effects of the product/service purchased on the safety and performance of the medical device
  • risks, which are generally assumed for the medical device (regardless of the product purchased)

c) ZLG requirements

You can find further requirements on supplier assessment in theZLGdocuments, e.g. documents3.9 B16and 3.9 B 17.

d) FDA: 21 CFR part 820

The FDA mentions practically identical requirements in21 CFR part 820.50“Purchasing Controls”. Contrary to ISO 13485, it explicitly mentions a quality assurance agreement:

Purchasing documents shall include, where possible, an agreement that the suppliers, contractors, and consultants agree to notify the manufacturer of changes in the product or service so that manufacturers may determine whether the changes may affect the quality of a finished device.

FDA 21 CFR part 820.50

3. Evaluating suppliers

You shouldn’t decide how you select and evaluate your suppliers in every new case, but you should establish a procedure specification for selecting and evaluating suppliers.

Supplier evaluation, selection & audits (2)

Fig. 2: The supplier control measures, as well as supplier monitoring and supplier evaluation, should depend on specific criteria

In order to fulfill the above-mentioned requirements, this procedure specification must determine criteria and methods for selecting and evaluating suppliers.

a) Step 1: establish criteria

The criteria you can consider when implementing measures for selecting and evaluating your suppliers include:

  • Does the supplier develop a medical device or parts/components for it?
  • Does the supplier provide services that form part of your services? Such an example is a hosting service provider with whom you offer your software as a service.
  • Is your supplier ISO 13485 certified?
  • How dependent is the manufacturer on the supplier? Are there alternative suppliers, products or procedures?
  • Do you have experience with the supplier in terms of adherence to delivery deadlines and quality of the products delivered?
    A Google search that associates the supplier with terms like “problem” or “unreliable” often provides new insight. Product reviews can also be helpful.
  • Is the product or service business-critical?
    Would failure to meet requirements lead to a breach of the law, a breach of data security, disclosure of company secrets, loss of reputation or financial deficits?

If the delivered product is or contains software, further criteria are to be taken into account for the supplier evaluation:

  • Whatsafety classdoes this software belong to?
  • Is itSOUP or OTS?
  • Does this software itself contain SOUP?
  • Is the software atoolor part of a product?
  • Is this a case of purchasing, hiring or development?

b) Step 2: list measures for supplier evaluation

Regardless of the criteria, adopt one or more of the following measures:

  • Conclude a quality assurance agreement(y/n)
  • Adapt the contents of a quality assurance agreement
    • Standards to be met by your supplier
    • List of procedure specifications that your supplier must follow
    • Number and qualifications of staff to be provided by the supplier
    • Supplier’s assent to supplier audits including scope and frequency
  • Limit potential suppliers to those who are ISO 13485 certified (y/n)
  • Inspect incoming goods
    • Frequency, sampling
    • Methods, e.g. additional tests, visual inspection
  • Type and scope of the documentation made available to the supplier, e.g.
    • Product specifications
    • Acceptance criteria
    • Project specifications such as time and budget
    • Quality assurance agreement (see above)
(Video) How to Select Suppliers Part 3 Understanding Supplier Evaluation Methods

c) Step 3: correlate measures and criteria

You certainly won’t be using the methods and criteria mentioned for every supplier. It doesn’t make much sense to subject your stationary supplier to an audit. If, however, your supplier writes the software for your medical device and is not ISO 13485 certified, it is your duty to arrange a supplier audit.

Thus, in the last step you establish which supplier evaluation measures you are to implement and under what criteria. As the rules and regulations can very quickly become confusing, you can group together the measures and stipulate different types of suppliers.

Thus, there could be a category for “highly critical suppliers” with whom you sign a quality assurance agreement and who allow for audits, a full incoming goods inspection and personnel with a certain level of qualifications.

You can set out these rules for supplier evaluation in a table, in a text or as a flow chart.

4. Supplier audits

As explained above, supplier audits are included in the measures that manufacturers take within the scope of ongoing supplier monitoring and evaluation.

Whether and when supplier audits are to take place depends on the criticality of the products and services delivered, as well as whether the suppliers have their own QM system or not.

a) Supplier audit: if the supplier does not have their own QM system

In this case, the manufacturers declare their own quality management system and its rules respectively to be binding for their suppliers.

Manufacturers must check that suppliers are adhering to these rules by means of supplier audits. Within the scope of such an audit, manufacturers check, for example, whether or not the supplier documents development or production according to the manufacturer’s specifications. These audits should be performed at least once a year.

Supplier evaluation, selection & audits (3)

Fig. 3: If the supplier works under the umbrella of the manufacturer’s QM system, during the supplier audit the manufacturer must check their conformity with the QM system.

(Video) IATF 16949 audits | How do I: Audit supplier selection

The manufacturer is also audited. According to ISO 13485 these audits bynotified bodiesmust also extend to suppliers, meaning that it is possible that the auditor may pay the supplier a visit.

Ascomponent manufacturersand development service providers do not bring any medical devices into circulation themselves, they do not need to be subjected to any audits by notified bodies. They normally only allow this to meet the requirements of their customers, the manufacturers.

b) Quality management system instead of supplier audits

To prevent their own supplier audit from getting out of hand, many manufacturers prefer suppliers who have their own QM system. In this case, audits on the manufacturer carried out by notified bodies are limited to document inspections.

Supplier evaluation, selection & audits (4)

Fig. 4: If the supplier has their own QM system (according to ISO 13485:2016), the manufacturer may refer to that

In the selection of suppliers, above all companies withISO 13485certification and not just ISO 9001 lend themselves to medical device manufacturers.

However, even with this type of company, an additional supplier audit is also recommended. Such audits must be performed as a part of the contracts between the medical device manufacturer and the supplier.

c) Which companies can be excluded from supplier audits?

Conformity assessment proceduresrefer to the development and production of medical devices. This means that whenever a manufacturer has components developed or produced for their medical devices, these work steps may be subject to a supplier audit.

This is different for components that arenotspecially developed or produced for the medical device such as monitors, mains adapters or off-the-shelf software components. In this case the manufacturers will ensure, within the scope of risk management, that these “purchased parts” (“catalogue goods”) do not lead to any unacceptable risks. A supplier audit would not be carried out there (or be allowed).

Further information

Read more on the subject ofauditshere.

a) Supplier evaluation and selection

Manufacturers must evaluate and select suppliersbeforecommissioning them. This choice must be made based on clear criteria.

Supplier control, which particularly includes monitoring the suppliers, is an ongoing process.

The selection of these criteria and the intensity of this control must be risk-based.

b) Supplier audits

Supplier audits are carried out at companies to which part of one’s own tasks, such as development, have been outsourced. Here we often refer to the “extended workbench”. The audit must then be performed according to the rules of the manufacturer’s QM system (ISO 13485).

The manufacturer (distributor) can only spare themselves this audit if the development partner has their own ISO 13485 QM system and presents the corresponding documentation for the product to the manufacturer. The same applies to audits by the notified body.

c) Conclusion

Manufacturers are increasingly outsourcing tasks like development and production, either wholly or in part. The regulations make it clear that by doing so the tasks may not be withdrawn from a quality management system. For this reason, the notified bodies are obliged to also inspect the suppliers, if necessary, and in some cases within the scope of unannounced audits.

So manufacturers are well advised to select and monitor manufacturers with whom they can guarantee consistent quality management and therefore product conformity and safety.

Support from the Johner Institute

The Johner Institute supports manufacturers and supplies in the following tasks, among others:

  • Drawing up MDR, ISO 13485 and FDA-compliant procedure specifications for evaluating, selecting and monitoring suppliers
  • Formulating quality assurance agreements
  • Preparing audits by manufacturers and notified bodies
  • Guaranteeing the correct interplay of tasks (e.g. supplier monitoring, risk management, market surveillance, trend analysis, etc.) within the scope ofpost-market surveillance(central requirement of the MDR)

Contact us now


What is the supplier evaluation and selection process? ›

The steps are: recognize a supplier selection need, identify supply requirements, determine a supply strategy, identify potential suppliers, reduce the number of suppliers in the selection pool, conduct a formal evaluation, and select a supplier and reach agreement.

What are the 4 stages of supplier selection? ›

Four Basic Stages of Supplier Selection
  • Supplier Selection Criteria. ...
  • First Stage: Evaluating Offers. ...
  • Second Stage: Operational Capacity Analysis. ...
  • Third Stage: Technical Capability Determination. ...
  • Fourth Stage: Financial Analysis. ...
  • Conclusion.
27 Feb 2019

What are the 5 key criteria when selecting a supplier? ›

Criteria for selecting a supplier
  • price.
  • value for money.
  • quality.
  • reliability.
  • responsiveness.
  • flexibility.

What are the seven steps of supplier selection and evaluation? ›

Supplier Selection: Step by Step Process
  • Step 1: Initiation & Planning. ...
  • Step 2: Tender requirements. ...
  • Step 3: Tender Qualification. ...
  • Step 4: Tender Selection. ...
  • Step 5: Tender Evaluation. ...
  • Step 6: Tender BAFO & Selection. ...
  • Step 7: Contract Preparation. ...
  • Step 8: Contract Documentation.
15 Jul 2021

Which are the 3 key factors in selecting a supplier? ›

Top 7 Factors to Consider When Choosing a Supplier
  • Price.
  • Quality.
  • Reliability.
  • Communication.
  • Financially stable.
  • Capacity.
  • Payment terms.
9 Nov 2021

Why supplier selection and evaluation is important? ›

By improving supplier evaluation and selection process, companies can gain a better understanding of supplier performance and reduce wasteful costs occurring due to suppliers' activities such as additional inspections, extra freight charges, obsolete inventory, and many more.

What are the key suppliers evaluation criteria? ›

That said, supplier evaluation criteria should align with your company's mission, vision, and business goals. Additionally, it should also include factors like quality, cost and financial integrity, corporate social responsibility, communication, and cultural commitments.

What is supplier selection strategy? ›

Supplier selection is the process by which firms identify, evaluate, and contract with suppliers. The supplier selection process deploys an enormous amount of a firm's financial resources and plays crucial role for the success of any organization.

What is supplier selection scorecard? ›

A supplier scorecard, also known as a vendor scorecard, is a document that allows a business to measure the performance and effectiveness of a vendor over time. The scorecard breaks down supplier performance into categories and factors that can be quantified.

How do you create a supplier evaluation? ›

The 10 Cs Model in Detail
  1. Competency. First, look at how competent the supplier is. ...
  2. Capacity. The supplier needs to have enough capacity to handle your company's requirements. ...
  3. Commitment. Your supplier needs to provide evidence that they are committed to high quality standards. ...
  4. Control. ...
  5. Cash. ...
  6. Cost. ...
  7. Consistency. ...
  8. Culture.

What are the 4 main ways to evaluate and measure supplier performance? ›

While the performance metrics might differ from company to company, some common gradable metrics include quality, on-time delivery, acknowledgment rate, and responsiveness.

What are the three major steps in supplier selection and evaluation? ›

5 Steps to Supplier Selection
  • Step 1 – Supplier Selection Scorecard. The first step in the supplier selection process is to create a supplier selection scorecard. ...
  • Step 2 – Identify Suitable Suppliers. ...
  • Step 3 – Scorecard Ranking. ...
  • Step 4 – Negotiate. ...
  • Step 5 – Create Contract.

What are the benefits of supplier selection? ›

Following are examples of the types of benefits gained from selecting suppliers competent in particular areas.
  • Delivery. ...
  • Flexibility. ...
  • Quality and reliability. ...
  • Fair price. ...
  • Familiarity. ...
  • Technical capabilities. ...
  • Financial and business stability.
24 Jan 2011

What is supplier evaluation model? ›

What is a Supplier Evaluation Form? Supplier evaluation is a term used by many businesses and organizations to evaluate and approve their existing and potential suppliers through a series of assessments.

How do you evaluate supplier quality? ›

Common metrics include: the percentage of products that are in compliance within quality specifications, percentage of products that are delivered on time and are complete, and new product introduction (NPI), which measures the percentage of new products that meet time, volume and quality standards.

How can supplier selection be improved? ›

Four critical steps to improve supplier selection
  1. Step 1: Identify suppliers. ...
  2. Step 2: Determine supply performance. ...
  3. Step 3: Analyze financial factors. ...
  4. Step 4: Create a contract.
10 Feb 2019

What are the six supplier strategies? ›

Six Simple Strategies Suppliers Can Use To Do More For Their...
  • No. 1 - Focus First on Your People.
  • No. 2 - Listen to Your Customers.
  • No. 3 - Focus on Lead-time Reduction.
  • No. 4 - Understand Your Vision and Have a Plan.
  • No. 5 - Share Expertise with Customers.
  • No. 6 - Market to OEM Customers How You Manage Risk.

Which factors will influence in selecting suppliers? ›

9 Factors Relevant for the Selection of a Vendor
  • Quality: The term quality stands for ability and willingness of the supplier to meet the specifications of the buyer. ...
  • Price: ...
  • Quick Delivery: ...
  • Service: ...
  • Assurance of supply: ...
  • Size of the supplier: ...
  • Number of suppliers: ...
  • Local suppliers:

Which are the two major factors influencing the selection of suppliers? ›

Factors influencing choice of supplier
  • Price. The price of supplies will have a direct effect on how much it costs the company to produce a product. ...
  • Location and transport costs. If a supplier is located near to your company the transport and delivery costs will be lower. ...
  • Lead time.

Which is the most common method of supplier evaluation? ›

Against their subjectivity and drawbacks, the categorical method, the weighted-point method and the cost-ratio method are the most widely used techniques in supplier evaluation due to their ease of use and implementation.

What is the procedure in selection of a supplier? ›

There are many different types of criteria used to select a supplier. These include price, quality, service, delivery, reputation, etc. Some companies will use all of these criteria, while others may only focus on one or two. It depends on what they want from their supplier.

What is supplier evaluation in procurement? ›

What is Supplier Evaluation? In procurement, supplier evaluation means a formal assessment of suppliers to measure their performance against various criteria and determine if they meet the organizational needs. The objective is to create a best-in-class and low-risk portfolio of available suppliers for use.

What is the definition of supplier selection? ›

Supplier selection is the process by which firms identify, evaluate, and contract with suppliers. The supplier selection process deploys an enormous amount of a firm's financial resources and plays crucial role for the success of any organization.

How do you conduct supplier evaluation? ›

There are several ways you can carry out a supplier assessment - questionnaires, scorecards, site visits, and third-party standard certifications. Or you could use a supplier management platform like Prokuria.

How can you improve the process of supplier evaluation and selection? ›

Four critical steps to improve supplier selection
  1. Step 1: Identify suppliers. ...
  2. Step 2: Determine supply performance. ...
  3. Step 3: Analyze financial factors. ...
  4. Step 4: Create a contract.
10 Feb 2019

What is supplier audit checklist? ›

A supplier audit checklist is used to audit your supplier's facility, record if the supplier meets the criteria, and evaluate its suitability to be your supplier. The checklist can serve as a guide for the inspector to evaluate the following areas: Management Responsibility. Infrastructure, Sanitation, and Maintenance.

What is supplier Process audit? ›

A supplier audit inspects a supplier's usage of industry regulation practices, including the health and safety and correct manufacturing processes. Generally, auditing a supplier covers a large area with several practices. Therefore they are usually bespoke to the client's requirements.


1. How to assess new suppliers? - Potential Supplier Analysis
(Quality Guru)
2. Ch 7 Supplier selection and certification
(Daniel Glaser)
3. How to Select Suppliers Part 2 Overview of Supplier Evaluation
(Professor Simon Croom)
4. Understanding The Supplier and Factory Audits
(Pro QC International)
5. Critical supplier. Evaluation and selection
6. MVI 0289 Supplier Evaluation and Selection
(Maurice MGT and MKT)
Top Articles
Latest Posts
Article information

Author: Arline Emard IV

Last Updated: 02/27/2023

Views: 5785

Rating: 4.1 / 5 (72 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Arline Emard IV

Birthday: 1996-07-10

Address: 8912 Hintz Shore, West Louie, AZ 69363-0747

Phone: +13454700762376

Job: Administration Technician

Hobby: Paintball, Horseback riding, Cycling, Running, Macrame, Playing musical instruments, Soapmaking

Introduction: My name is Arline Emard IV, I am a cheerful, gorgeous, colorful, joyous, excited, super, inquisitive person who loves writing and wants to share my knowledge and understanding with you.