Hiring or looking for a job in Digital Health? Check out our Digital Health Jobs board

Articles ISO 13485

July 11, 2023

Supplier Management Under ISO 13485:2016

Sören Hornof

Let’s look at how to perform supplier management under the ISO 13485:2016.

Effective supplier management is critical for controlling risks, ensuring the reliability of the supply chain, and ultimately delivering safe and effective medical devices to patients.

ISO 13485:2016 emphasizes in Chapter 7.4 the importance of supplier selection, evaluation, and monitoring. Let’s explore the key aspects of supplier management as outlined in the standard:

The Key Aspects

  1. The product: At first, there’s the need to purchase a product. In a perfect world, you would define which product you need and which quality requirements you have for that product. Only then, you would fan out to look for a supplier. We all know that in reality, you would probably first compare the suppliers and see which product is nicer. Only then you would “define the quality requirements” according to the available products.
  2. Supplier Selection: Of course, you would only consider suppliers that are able to provide you with the product you’re looking for. Duh. What you should also consider here though is whether the supplier can also meet your organization’s requirements: Do they offer to sign a Data Protection Agreement? What are their customer service availabilities? Are their servers in the EU or in the US? Stuff like that. Auditors love if you note all those considerations down. Further, you might want to check whether they have certain certifications. When they are handling your health data for example, it would be good if they were ISO 27001 certified.
  3. Risk-based approach: Before you go overboard with defining requirements, always remember the context. Does the product even have an impact on the medical device (direct or only indirect?)? What would happen if the supplier stops providing the product? If nothing would happen, you can relax.
  4. Monitoring: Whenever you purchase a product from the supplier, you should check whether it’s actually the product that you wanted/ordered. Apparently, this has to be mentioned. Sometimes I have the feeling that the regulators think we’re dumb. Depending on the criticality of that product and/or supplier, it makes sense to establish further quality controls for the purchased product and/or supplier audits. Anyway, you should keep track of whether the supplier keeps delivering the quality that you expect.


  1. Create a List of Qualified Suppliers. Include every supplier that influences your QMS or medical device. Exclude suppliers that don’t have any influence at all: coffee bean suppliers etc.
  2. Create a Supplier Checklist for every supplier on the list.
  3. Add the results from the Supplier Checklist to the List of Qualified Suppliers
  4. Update your supplier assessments (the scores) regularly – i.e. every time you receive a product from them. At the very least, you should reassess your suppliers once a year. An ideal time for this would be just before your management review.

Feel good

By adhering to the guidelines and requirements of ISO 13485, organizations in the medical device industry can establish a robust supplier management process. This helps ensure the reliability of the supply chain, minimize risks, and maintain the highest level of quality and safety in their products. Effective supplier management not only benefits the organization itself but also contributes to the overall improvement of the healthcare ecosystem, ultimately safeguarding the well-being of patients who rely on medical devices for their health and well-being.

On a slighty different note: You want to get your medical software certified under MDR but don't know where to start? No worries! That's why we built the Wizard. It's a self-guided video course which helps you create your documentation yourself. No prior knowledge required. You should check it out.

Or, if you're looking for the most awesome (in our opinion) eQMS software to manage your documentation, look no further. We've built Formwork, and it even has a free version!

If you're looking for human help, did you know that we also provide some limited consulting? It's limited because we are not many people. We guide startups from start to finish in their medical device compliance.

Congratulations! You read this far.

Get notified when we post something new.

Sign up for our free newsletter.

Sören Hornof

Hi! I am a Pharmacist with great enthusiasm for technology and innovation. Health has always been my major passion and I strongly believe that medical devices will change the world of care. Therefore, I am very happy to be able to work with progressive startups and contribute to this development.


If you have any questions or would like to share your opinion publicly, feel free to comment below. If you'd like to reach out privately, send us a message.

No QMS on this planet will save you from creating crappy software.