How To Meet MDR Expectations For Suppliers

How To Meet MDR Expectations For Suppliers


Here’s the thing. Suppliers of medical device components are not directly regulated by the Medical Device Regulation (MDR). But keep reading. Compliance for legal manufacturers requires the receipt of sufficient information from suppliers. That puts legal manufacturers in complete control of their own supply chain. In effect, this makes them the sole custodians of medical device safety.

So what’s changed for legal manufacturers and Original Equipment Manufacturers (OEMs)? Well, in the past – under the outgoing Medical Device Directive (MDD) – an OEM could potentially do all the manufacturing, hold and control the complete technical dossier, and then share it with the legal manufacturer. Not anymore. The legal manufacturer must now have direct access and control over the dossier. 

Here’s what all parties need to know about meeting MDR expectations for suppliers.

Handle ‘critical suppliers’ correctly

Under the MDR, the legal manufacturers of medical devices are required to have much clearer oversight and control over their suppliers, especially for those deemed ‘critical suppliers’. Critical suppliers are defined as having an impact on the safety and/or performance of a medical device. 

What legal manufacturers – and their suppliers –  need to know is that a critical supplier can be potentially subjected to an inspection by a Notified Body. The cost of having the Notified Body on the premises always falls to the legal manufacturer, but to ensure a product is safe and performing correctly, the critical supplier must grant access to its processes and controls. 

Reviewing onsite processes for a particular provider can be a complicated task. Take Software as a Medical Device (SaMD), for example. If a software company outsources an aspect of their SaMD to a third party – such as a cloud service provider – some of the data and processes will need to be available for inspection by a Notified Body. 

That’s why it’s important to have a Service Level Agreement (SLA) in place. It could also be a good idea to choose a Notified Body that operates in the same country or region as your major manufacturing supplier, especially if you have no own manufacturing yourself. Taking a localized approach helps in such cases to keep travel costs down, and can help to overcome potential language barriers in your communications as well as in documentation. 

Manage the risk of critical components

There are always two aspects to getting a medical device ready for market and keeping it there: technical documentation and quality-related procedures. Therefore, in case your end product is critically dependent on the components or services of suppliers, make sure you have contracts in place that clearly define the requirements on documentation and applied processes. Such agreements should include the relevant level of detail, length of time for retaining documentation, but also allowing Notified Bodies access to information and/or premises of suppliers. The more critical the supplier, the more watertight the agreements must be in case something goes wrong.

Where it can get more complicated is when the supplier of a critical supplier is also considered ‘critical’. For example, imagine your critical supplier is doing component molding for implants, and they source PVC granules from another supplier. If those granules aren’t medical grade, then that’s still the responsibility of the legal manufacturer.

Follow best practices for setting supplier quality

One way to set up and maintain quality standards in the supply chain of a medical device is to ensure that first-level ‘critical suppliers’ are certified under ISO 13485. The reason is simple. Having that standard in place provides reassurance that the supplier has a Quality Management System (QMS) in place that meets the expectations of the MDR. 

For the person responsible for the risk file, the starting point for setting expectations around quality in the supply chain is to clearly differentiate between critical and non-critical suppliers. 

It’s also important to create a list of pre-qualification criteria for suppliers. 

This preset list of quality requirements – that may deviate slightly depending on what’s being supplied – helps to establish a generic set of quality standards that can be applied to the majority of supplier agreements. When a component is critical to the safety of a medical device, it’s also good practice to arrange an on-site audit yourself– whether on an annual basis or at the start of the partnership. 

It’s essential that suppliers keep the legal manufacturer informed of any changes to their product or services so that the device remains safe, and the regulatory paperwork remains up to date. 

Expert help for reaching an agreement on quality

For the legal manufacturers of medical devices, it’s business critical to put a layer of quality management over their supply chain. Through increased transparency, they can ensure the quality and safety of their products. 

On top of that, should a critical supplier have Intellectual Property (IP) that they need to protect, it’s possible to keep it safe and only share it – where necessary – with the Notified Body as part of an audit. 

As regulatory consultants for medical devices, at Peercode we specialize in helping companies meet the requirements of the MDR. As per that remit, we can support legal manufacturers to set the ground rules for supplier quality. 

Whether you’re a legal manufacturer or a first-level supplier for a medical device, here at Peercode Regulatory Consultancy, our experts can help you meet the expectations of the MDR. 

Discover more by booking a call with one of our team of experts. Speak to a specialist