What is supplier evaluation under the MDR / IVDR and ISO 13485?
Supplier evaluation is a comprehensive process used to verify that suppliers can meet defined quality, regulatory, and operational requirements. In the medical-device sector this includes assessing their ability to provide raw materials, components, and services that comply with the MDR and ISO 13485.
Supplier evaluation is not a one-off exercise; it is an ongoing process that covers qualification, auditing, monitoring, and periodic re-qualification.
Why supplier evaluation matters for MDR / IVDR compliance
Regulations MDR 2017/745 and IVDR 2017/746 require manufacturers to ensure that the entire supply chain meets regulatory expectations. Specifically, manufacturers must:
- guarantee the safety and quality of medical devices at every supply-chain stage,
- verify that delivered materials and services comply with the MDR / IVDR,
- maintain full traceability of components and materials.
Under Article 10 of the MDR and IVDR the manufacturer is responsible for its suppliers, regardless of the form of cooperation.
The role of suppliers in the medical-device supply chain
Suppliers form the foundation of the supply chain. Their ability to provide compliant, high-quality inputs directly affects device safety and performance. The MDR obliges manufacturers to exercise full control over suppliers through evaluation, monitoring, and prompt response to non-conformities.
Key criteria for supplier evaluation in the medical sector
A medical-device supplier assessment should consider:
- the supplier’s QMS conformity with ISO 13485 or ISO 9001,
- experience and capability to meet MDR / IVDR requirements,
- clarity and completeness of technical documentation,
- financial and operational stability,
- ability to guarantee supply continuity and contingency plans,
- previous audit results, complaints, and non-conformities.
The depth of the assessment should reflect device type, risk class, and component criticality.
MDR-compliant supplier-evaluation process
A compliant process includes:
- Setting the evaluation criteria — tailored to device type and risk level,
- Document review — analysis of certificates, procedures, and MDR conformity,
- Supplier audit — detailed review of manufacturing and QMS practices,
- Risk assessment — identification of potential supplier-related hazards,
- Supplier qualification — approval according to the defined criteria.
Continuous monitoring and reporting — ongoing tracking of supplier performance and re-qualification.
Documentation of the supplier-evaluation process
Each step must be documented in line with ISO 13485 and the MDR / IVDR. Records provide evidence of the evaluation and support decisions to qualify or disqualify suppliers. Typical documents include:
- supplier-evaluation criteria list,
- assessment forms and audit reports,
- corrective-action plans with timelines,
- correspondence on non-conformities and changes,
- quality agreement and any amendments,
- register of qualified suppliers and their status (approved, conditional, suspended).
All records must be retained for the period required for the device category and local law.
Post-audit actions
After completing a supplier audit:
- prepare an audit report with findings and recommendations,
- agree corrective actions and deadlines with the supplier,
- monitor implementation and verify effectiveness.
Supplier-risk assessment in the MDR context
Supplier risk assessment is essential when selecting partners. Factors to consider include:
- criticality of the component or service for device safety and performance,
- collaboration history (complaints, delays, non-conformities),
- supplier capability to meet legal and quality requirements,
- operational and financial stability,
- quality of technical documentation and process transparency.
Risk-assessment outcomes determine audit frequency, quality-agreement requirements, and qualification decisions.
Optimising the supply chain in line with the MDR
To optimise the supply chain:
- work with trusted suppliers that hold appropriate certificates,
- implement identification and quality-control systems at every stage,
- build partnerships that allow rapid responses to market and regulatory changes.
Audit frequency for suppliers
Audit frequency depends on:
- the supplier’s criticality to device safety,
- previous audit and performance results,
- changes in the supplier’s processes or products.
Benefits of supplier audits under the MDR
- early detection of risks and prevention of quality issues,
- stronger trust with suppliers,
- assured compliance with the MDR and ISO 13485.
Common challenges in MDR-compliant supplier evaluation
Typical issues include:
- incomplete supplier documentation,
- gaps or absence of a supplier QMS,
- lack of MDR alignment,
- weak implementation of post-audit CAPA,
- difficulties maintaining supply continuity when suppliers face financial or operational problems.
How Pure Clinical can help with supplier evaluation
Pure Clinical provides end-to-end support for MDR- and ISO 13485-compliant supplier evaluation:
- integration of supplier processes into an ISO 13485 QMS,
- customised supplier-evaluation procedures aligned with the MDR,
- preparation and execution of supplier audits focused on MDR and ISO 13485 compliance.
With our support your company can manage its supply chain effectively, meet regulatory requirements, and minimise the risks of non-conformity.
FAQ
Must every supplier be ISO 13485 certified to be qualified?
How should nonconformities identified at a supplier be managed?
Are service providers (e.g., warehousing, labeling) subject to formal supplier evaluation?
Is supplier requalification mandatory, and how often should it occur?
Yes. Requalification is part of ongoing supplier monitoring. Frequency depends on product risk class, past audit performance, and process changes at the supplier’s site. High-risk suppliers are typically requalified every 1–3 years.