2. Look Before You Leap into a New Supplier Relationship
Optimism is a hallmark of all new relationships, both personal and professional. Unfortunately, the good feelings that surround
a new relationship are no substitute for due diligence in checking out potential new suppliers—especially sole source suppliers,
where one unexpected problem could leave you with no acceptable options—and then laying out expectations, and checking quality.
Find an objective observer. Because you are primarily interested in starting a successful relationship, it's hard for you to be entirely objective. That's
why you need an objective observer, such as a third party consultant, who understands regulatory and quality requirements
as well as your needs, and who can be totally forthright in evaluating your potential supplier's facilities, processes, and
Lay out your expectations up front. This is no place for generalizations or boilerplate lists; be painstakingly specific. Because every product is different,
your supplier has to understand exactly what criteria you require to ensure the quality and specifications of that particular
Change control notification procedures are a common area of misunderstanding; a change the supplier considers inconsequential
may make all the difference in the world to your product. So you need to specify that all changes must be communicated to
you, and when and how they must be communicated.
Finally, you need to understand that supplier quality management extends beyond the end of the production line, and includes
criteria for such things as delivery reliability, responsiveness, and the security of the supply chain.
In fact, the FDA recently launched a pilot supply-chain security program to determine the practicality of improving the safety
of drugs and active ingredients produced outside the US. Participation is voluntary, but it will probably streamline customs
formalities. In any case, maintaining control of your products at every step from raw material to pharmacists' shelves should
be a standard part of every risk-based quality management program.
Your supplier also needs to understand your requirements for monitoring quality. If you want the supplier to submit to quality
audits, provide certificates of analysis or conformance, or provide independent laboratory analysis, you must make all that
clear up front.
All of this should be formalized in a risk-based quality agreement. (See item 3 below.)
Check quality early. It's always better to catch and fix issues early on, before they develop into full-blown problems (or, as in recent events,
But sometimes you have to rely on a supplier whose quality systems do not entirely measure up to your expectations. In those
cases, you'll need to compensate for any supplier shortcomings through a robust receiving inspection program. You may even
want to have your own representative in the plant to ensure that quality specifications are met before product is shipped.
Again, finding a problem earlier is always better.
3. Apply Risk-Based Thinking to Your Quality Agreements
We have said that you need to make your expectations clear to the supplier. The regulators say the same thing: The International
Conference on Harmonization (ICH) Q10 guideline on pharmaceutical quality systems discusses the manufacturer's responsibility
to assess the suitability and competence of a supplier and to define in writing the quality-related responsibilities of both
the manufacturer and the supplier.
A quality agreement is a formal document that does exactly that: it defines who has responsibility for the execution of every
aspect of the quality system. The level of risk exposure should define the nature of the quality agreement.
Quality agreements can range from simple purchase orders to elaborate contracts, and there is no easy rule of thumb for how
much detail is enough. In general, however, we have found that clients err on the side of insufficient detail; it's surprisingly
easy to think that a boilerplate purchase order covers more than it really does. It's a good idea, for example, to specify:
- when and how audits should be conducted
- when and how you should be notified of changes
- when and how you should be notified of out-of-specification test results, manufacturing deviations, and nonconforming materials
- which party will conduct finished product testing
- how reporting and investigating product complaints will be handled
- which FDA quality systems and ISO requirements the supplier must meet.
By and large, if it's worth thinking about, it's worth including.
Remember that "agreement" means the supplier has to agree to it. Sure, you're trying to protect yourself. But you're also
trying to optimize supplier performance, which is clearly in the supplier's best interest. So whenever you can, work with
the supplier to map out manufacturing and quality system areas of responsibility. Be clear about hand-off points and high-risk
areas. Specify the controls necessary to mitigate the risk in these areas, and always match the extent of the controls to
the level of risk. It's also important to remember that these agreements are formal, legal documents, so it's critical to
have your legal department tuned in to the development and execution of the agreements.