How to Develop a Risk-Based Approach to Supplier Management

June 18, 2023 ░░░░░░

How to Develop a Risk-Based Approach to Supplier Management-1

The goal of your MedTech company’s supplier management process should be to ensure a consistent supply of high-quality parts and components that conform to your specifications.

But achieving that goal is easier said than done, and it depends heavily on whether or not you take a risk-based approach to your supplier management activities.

A proactive, risk-based supplier management process will take into account both the risks to your devices and the risks to your business in general. In other words, it will ensure that the decisions you make regarding your suppliers have the minimum impact on your business and the safety and efficacy of your devices.

Every company is different, but there are some standard practices and ways of approaching supplier management that you can use to make sure you account for risk at every step.

BONUS RESOURCE: Click here to download your free copy of this Approved Supplier List Form Template.

Start with a risk-based approach to supplier qualification

The simplest way to mitigate risk in your supplier relationships is by putting in the effort up front—as you’re qualifying suppliers for your Approved Supplier List (ASL).

Going in without a well-considered process based on the risks a given supplier poses will set you up for a rocky supplier relationship or significant interruptions in your ability to obtain certain parts and services (or both!).

The best way to get started is by determining the risk involved for each supplier you need. There’s no single right way to do this, but a common approach is to begin with a critical vs. non-critical framework.

Non-critical suppliers have no direct or indirect relationship with the product or manufacturing processes, such as a business that supplies your stationary or caters meals for you. These are still suppliers, but they don’t have to go on your ASL.
Critical suppliers have a direct or indirect relationship with the product or process and they must be qualified and placed on your ASL if you want to order anything from them.

Critical vs. non-critical framework

Critical suppliers are then broken down into more categories based on their potential impact on product safety. I like to use the following three tiers:

Tier 1 - Highest Risk: Includes any integral component of the device that impacts safety. Also includes contract manufacturers assembling the device. This would also include services like sterilization that impact the safety of the device.
Tier 2 - Medium Risk: Includes custom, device-specific components that don’t directly impact device safety. This tier also includes services like pest control and your logistics and shipping provider.
Tier 3 - Lowest Risk: Standard, “off-the-shelf” items. Any consultants you use that provide a service related to the product or processes would also fall under this tier.

Critical supplier tiers

By grouping your supplier based on the risks associated with them, you then have a roadmap for the rest of the qualification process and the activities you’ll perform to monitor each supplier once they’re on your ASL. You’re also proving to auditors that you understand risk and are actively using a risk-based approach to supplier management.

Remember, it’s much more difficult to try to fix a bad relationship or deal with recurring issues with a supplier than it is to properly qualify them in the first place.

Choose your monitoring activities based on risk

Once a supplier is qualified, you need to make a decision about how you’ll monitor them. At this stage, you’re answering questions like:

Will we be auditing this supplier? If so, how often will we audit them?
How often will we fill out a supplier scorecard for this supplier? Every month? Every quarter?
Will we check every batch of product they send us? Or will we accept their certificates of analysis?

Keep in mind that risk-mitigation strategies are often dependent on context and individual circumstance. For instance, you might decide to reduce the monitoring of a well-performing supplier who has been providing consistently good product and service—maybe auditing them once every two years instead of every year.

On the other hand, a low-performing supplier may require you to work with them to improve their performance. That may mean a heavier audit schedule or submitting Supplier Corrective Action Requests (SCARs).

Monitor your supplier relationships with supplier scorecards

The contextual nature of supplier management is one of the reasons it’s extremely important that you use supplier scorecards. I cannot emphasize enough how crucial it is that you create and use scorecards for every supplier.

Your scorecard will measure supplier performance via metrics like:

First time in full. This is a reference to how often they send you everything you’ve requested at once, and not in partial batches.
Undamaged material. This refers to the state of the product when it gets to you. Is anything coming in damaged? What is the pass/fail rate on their product?
SCARs raised. How many supplier corrective action requests (SCARs) have you had to raise with them? How quickly are they resolved?

Think carefully about what you want to track on your scorecards, though. Different types of suppliers will require different metrics to assess their performance. For each supplier, choose metrics that will become the KPIs you want to track.

Your scorecard is really the only tool you have for measuring the quality of your supplier relationships. Consistent use of scorecards will help you understand whether the relationship is great or perhaps deteriorating as time wears on.

Consider business risks as you choose and manage your suppliers

There are certainly risks to your devices (and therefore patients) that stem from poor supplier management. But a lot of the risks associated with supplier management are risks to your ability to produce those devices in the first place. In other words, business risks.

For example, let’s say you have a single supplier on your ASL that supplies you with a complex component of one of your devices. If that supplier were to go out of business or otherwise stop providing you with that component, how long would it take you to qualify another supplier? Are there any other suppliers who could make that component?

This is what I mean by business risk. If something goes wrong with your supplier relationship, what risks are associated with that? And if the business risks with certain suppliers are high, then you’ll need to carefully manage that relationship and put some type of contingency plan in place.

Proactively plan your risk-mitigation strategies

Again, being proactive about these risks is your best defense against them. There may be times when you have to put all your eggs in one basket—when there simply isn’t another supplier—but there are some ways you can protect yourself in most cases.

If your order volume is high enough, one tactic is simply to split your order among multiple suppliers. For instance, buying the same part from two different suppliers, which allows you to maintain some supply even if one goes out of business or isn’t meeting your standards. In that case, you could also ask the supplier if they can increase the order size to make up for the loss of the other supplier. Keep in mind that this may also require having alternate part numbers in your Bill of Materials.

Another, similar option is to try splitting up closely related parts and components between multiple suppliers. So, if you’re getting three different sizes of plastic bottles, perhaps you could use three different suppliers: one for small bottles, one for medium bottles, and one for large bottles.

That way, if your supplier of large bottles goes out of business, you’re still able to continue making most of your products. You also have the opportunity to ask your small- or medium-sized bottle supplier, “Hey, could you make a slightly larger version of what you already make for us right now?”

In a perfect world, you’d always have several options for every material, part, or component you need to produce your medical devices. But here, in the world we live in, you need to seek out the high-risk areas in your business and work to mitigate those risks proactively.

BONUS RESOURCE: Click here to download your free copy of this Approved Supplier List Form Template.

Simplify supplier management with a MedTech-specific QMS

One simple, yet powerful, way to mitigate risks in your supplier management is to use a QMS solution that offers a complete view of all your supplier documentation and quality data in one place.

With Greenlight Guru, you get a single source of truth for all your documentation, including supplier management, and you maintain closed-loop traceability throughout the entire product lifecycle.

Greenlight Guru also helps you conduct better supplier audits, flagging certain suppliers for follow-up actions and linking to nonconformance issues to determine if you’ve had problems in the past. It all creates a highly visible system that’s easy to navigate and understand.

If you’re ready to make supplier management a competitive advantage for your medical device company, then get your free demo of Greenlight Guru today.

Etienne Nichols

Etienne Nichols is the Head of Industry Insights & Education at Greenlight Guru. As a Mechanical Engineer and Medical Device Guru, he specializes in simplifying complex ideas, teaching system integration, and connecting industry leaders. While hosting the Global Medical Device Podcast, Etienne has led over 200...