In this article I will review the ISO Standard (both 13485 and 9001) requirements for purchasing evaluation throughout your quality management system as introduced in chapter 7.4 - Purchasing. Very simple, with no rounds and rounds.

Purchasing evaluation

The basic requirements for evaluation applies:

•  The organization shall determine the criteria to evaluate the supplier's ability to supply goods. The organization shall evaluate and select the suppliers according to their ability to supply goods, appropriate to determined requirements (products or services of course, and this is the last time I would mention that, you should already know by now that services are goods as well!!)
• A re-evaluation shall be performed according to determined criteria after a period of time.

How well performs your supplier? This is the question! Sometimes he can cause you a real headache. Telling you stories that you have already heard, making excuses, making stupid mistakes, and frankly, you really don't know why you trouble with him at all. You pay a lot of money every year and still… Maybe you are right. Maybe you are wrong. In order to determine if you do have a reason to dislike your supplier you must evaluate him. You must evaluate the important parameters regarding to the supplied product.

In other words, you are required to determine which parameters are important to you, when evaluating your suppliers. What is important? Whatever has an effect on your medical devices' quality:

• The quality of the goods or services
• Delivering on schedules
• Credibility
• Lead time
• Meeting customers' requirements
• Meeting regulatory requirements

You name it, and then examine whether your supplier perform well or worst.
For example (quite banal), when your organization uses the services of a Transportation Company to deliver its products, the supplier must be evaluated according to defined criteria:

• Availability – Does the supplier is available to perform the transportation whenever it is required or according to prior defined requirements.
• Credibility – Does the goods arrive to their destiny peacefully according to defined requirements.

Another example (also banal – what can I say, I am a banal person – life is banal), anyway, if your organization purchases raw materials, you may evaluate the supplier according to:

• Quality of the supplied material – Does the supplied material is of good or poor quality.
• Suitability to the order - whether the supplied material is according to the order,
• Delivery schedules – Does the supplier deliver the material on time. In most organizations this parameter is crucial. A whole production line could be found stopped because the supplier was late delivering according to a prior requirement. This means money. Your purchased good costs you more than you expected. 
• Personal relations - How nice his secretary is when you are calling to order or to complaint, and how much he is (or she) attempts to solve your problem. Does the employee of the supplier bother to inform you of important information.
• Other parameters – Does the supplier offers other things such as special offers, gift on holidays, sends hallo from now and then and etc. Don’t laugh. That is a serious parameter. I know suppliers that send their customers for vacations… Did your supplier send you lately for a vacation?

Records of the suppliers' evaluation shall be maintained and kept. The evaluation process would be introduced to the records control process according to paragraph 4.2.4 – control of records. Keep the records of evaluation and mention the records on your records control procedure. Although it is not required by the ISO 13485 Standard, you may want to inform your supplier about the results of the evaluation. This information may steer some actions from his side for improvement.

List of approved suppliers

Next, you are required to add any evaluated supplier to the list of approved suppliers. On the list, you should mention also his note relating to the criteria. Now, there is no specific requirement for a list on the ISO 13485 Standard requirements. The requirement is that any actions arising from the evaluation shall be maintained. "Maintained" means to document. Don't get to philosophic about it. After evaluation you are left with a list of suppliers. Trust me. You shall be required to show it during the audit.  A very helpful tip: If you maintain an ERP system or any other system that manages your purchasing orders, and (naturally) your suppliers are documented on the system, well, it is that list. You would only have to define, somewhere, that approved suppliers are documented on your ERP system; using the status field of your supplier on that system (if you have it) may assist you with the approval. 

How to grade? Well, it is quite simple. Let's assume that your evaluation draws, at the end, a simple grade that ranges from 1 to 100. You may determine the next grading:

You may also determine that your organization is willing to order only from suppliers with B and above classification. Now, your supplier who got the grade 61 on the last evaluation would start to sweat a bit and start making some enquiries about your last complaints. Can you see where it leads?
Last phase to close the loop is the re-evaluation. After you evaluated your supplier and let him know what is on your heart, you should review after some time (defined, of course) whether he has improved his manners by re-evaluation. This is an ISO 13485 Standard requirement.

Records records records 

The Standard (the 9001 and the 13485) clearly requires that you would maintain the records of the evaluation under you records control method. In other words; document the evaluation and the records are to be kept and controlled.