1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Remote Supplier Audit

Discussion in 'Supplier Quality, Audits & Other Supplier Issues' started by QA Bee, Mar 22, 2016.

  1. QA Bee

    QA Bee Member

    Joined:
    Dec 4, 2015
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    7
    We have a supplier for medical device (Stain kits). They are actually our Contract Manufacturer and make these kits for us and put our company label on it. Then, the kits get deliver to us for us to ship to our customers. We don't do any final QC on these products and don't even open the packaging at all.

    Now, it came up in our ISO Pre-audit that we do need to audit this supplier on a regular basis because of the severity of the risk. Specially because that company is only ISO 9001. We have never audited them but just have supplier check list.

    Our CEO wants to cut costs and doesn't want us to perform this audit, which is in another state and he thinks travel time and cost are worthless. Now, he is forcing me to do this remotely.

    Will remote audit with documented report be sufficient for ISO 13485 auditor?
     
    Nerd Siuzen likes this.
  2. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    I really don't know. But it is definitely a time to work with your supplier to get everything you need covered. Any chance you could find a local consultant/auditor to do the physical look?
     
    QA Bee likes this.
  3. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    605
    Likes Received:
    663
    Trophy Points:
    92
    Location:
    Maine
    Agree. A paper audit is pretty shallow. The risk is in the details and you need to be present to assess this. And it's not just about compliance to the standard either...your boss has his head in the sand
     
    QA Bee likes this.
  4. GStough

    GStough Member

    Joined:
    Aug 17, 2015
    Messages:
    37
    Likes Received:
    35
    Trophy Points:
    17
    Location:
    Winston-Salem, NC area
    One option that your boss may agree to is a virtual (or eAudit) audit. Cost is minimal compared to travel expenses to go to your supplier's site. You'll both need web cameras for video teleconferencing and WebEx, GoToMeeting, Blue Jeans, etc. software for the actual video conference. A virtual audit follows pretty much the same flow as a regular on-site audit. We did a virtual supplier audit last week and it was a great experience for both us and the supplier. Of course, this is not something that you can use with every supplier, but it is a viable option for some.
     
    MCW8888 and QA Bee like this.
  5. QMSmaster

    QMSmaster Active Member

    Joined:
    Dec 29, 2015
    Messages:
    59
    Likes Received:
    9
    Trophy Points:
    7
    When did ISO start saying you must "audit" suppliers? You could start with an audit pre-assesment by the supplier. You could also have them send you follow-up documents such as procedures for where you have questions. Then do some out of box auditing and testing of what they are shipping you. Do you have any quality historical data that may support a conclusion about their performance? Where is this supplier located?
     
  6. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    605
    Likes Received:
    663
    Trophy Points:
    92
    Location:
    Maine
    QMSmaster has a point. If you are only ISO9001, then an audit is not required. You need to assess or evaluate their performance. (I do advise that if you are simply re-branding the product that you have some direct assessment of the product performance and be very specifica and detailed about the severity of a failure; what is the worst thing that can happen if the product fails? What does your contract say about who is responsible when it does fail? That is the risk)

    I would also say that in my experience auditing your suppliers to ISO9001 even if they aren't certified is pretty useless. Technical capability audits and evaluating actual performance and response are far more useful. Here are the things I would look for:
    • What are the critical output characteristics and how do they measure them? Look at their control charts - are they capable and stable? No control chart: increase the probability of a failure.
    • What are the critical input characteristics and how do they measure them? Look at their control charts - are they capable and stable? No control chart: increase the probability of a failure
    • What is their delivery performance: are they on time and in the correct quantity?
    • Have they had failures in the past? What has been their response? We're they quick and cooperative or slow and defensive?
     
    QA Bee and MCW8888 like this.
  7. normzone

    normzone Well-Known Member

    Joined:
    Aug 3, 2015
    Messages:
    137
    Likes Received:
    77
    Trophy Points:
    27
    " quick and cooperative or slow and defensive? "

    Wow, that pretty much sums up how to sort your suppliers out, doesn't it ?
     
    Bev D likes this.
  8. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Is this an ISO 13485 audit?
     
    QA Bee likes this.
  9. QA Bee

    QA Bee Member

    Joined:
    Dec 4, 2015
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    7
    They are in Utah. And, we are being audited for our ISO 13485 certification.
     
  10. QA Bee

    QA Bee Member

    Joined:
    Dec 4, 2015
    Messages:
    34
    Likes Received:
    4
    Trophy Points:
    7
    Yes it is
     
  11. QMSmaster

    QMSmaster Active Member

    Joined:
    Dec 29, 2015
    Messages:
    59
    Likes Received:
    9
    Trophy Points:
    7
    I completely agree with this based on my experience.
     
  12. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    So, maybe the auditor was well within their bounds to suggest such a thing? I'm not familiar with what ISO 13485 states, but clearly it's NOT fair to compare this with ISO 9001:2008, is it?
     
  13. GStough

    GStough Member

    Joined:
    Aug 17, 2015
    Messages:
    37
    Likes Received:
    35
    Trophy Points:
    17
    Location:
    Winston-Salem, NC area
    Correct, Andy. Here is what I've learned in my experience:

    While there isn't a requirement, per se, in ISO 13485 that companies must audit their suppliers, there is some expectation by auditors (and FDA investigators) that conducting audits is "accepted" way to evaluate their suppliers. If a company chooses not to audit their suppliers, there should be some other mechanism in place which demonstrates that selection, evaluation, and re-evaluation of suppliers is done in accordance with the company's requirements and the criteria established by the company. This could be as simple as a self-assessment survey supported with a recent ISO or agency (FDA) audit report, or perhaps a process of monitoring and review of supplier performance over a designated period of time.

    Much depends on the type/size of the company and how critical the suppliers are to the finished product.
     
  14. Bev D

    Bev D Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    605
    Likes Received:
    663
    Trophy Points:
    92
    Location:
    Maine
    There is no requirement in 13485 to audit the supplier. evaluation is part of the selection process and the supplier must be evaluated and monitored on an going basis. the evaluation and monitoring are to be commensurate with the risk of the device.
    if they are a contract manufacturer then 7.5.1 control of production and service would also apply. again there is no auditing requirement. only that the you need to ensure that procedures and methods are in place, the infrastructure is adequate, they have appropriate measuring and monitoring equipment, defined processes for labeling and packaging, and have implemented product release, delivery and post delivery processes. This can be done with a 'virtual audit'. If this is a high risk product I might take exception with your CEO's wanting to 'save money', but I would have no REAL basis to say that 13485 requires it. physical audits of suppliers are the default 'acceptable' way to comply with the standard for too many auditors. If you have a robust system to assure they meet the standard then you should be able to defend that. if your system is not robust, then the auditor has reason to question the completeness of what you are doing....

    just my 2 cents.
     
    GStough and Roberticus like this.
  15. Sparkle1958

    Sparkle1958 New Member

    Joined:
    Mar 29, 2016
    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Huntsville, Alabama
    My standard response to any auditor with Excessive Personal Bias (EPB) is, "Where in the Standard, the contract with our customers or our own procedures does it state that as a requirement?" They can't.

    I audit as a LA part time for a CB and I hate it when I see this in a auditor. If I'm the team Lead, I must deal with it and the auditor.
     
    GStough likes this.
  16. Nerd Siuzen

    Nerd Siuzen New Member

    Joined:
    Jun 21, 2021
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Also looking for the same. Help me.
     
  17. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Welcome. What is it you're looking for?