Most medical device manufacturers believe their supplier controls are stable. Suppliers are approved. Quality agreements are signed. Certifications are current. Procedures are documented.
But recent FDA warning letters suggest a subtle shift: supplier controls are increasingly being evaluated as evidence of overall Quality System effectiveness - not just purchasing compliance.
The regulation hasn’t changed.
The scrutiny has.
Under 21 CFR 820.50, manufacturers must establish and maintain purchasing controls. That requirement is not new.
What enforcement trends show is deeper evaluation of:
In several warning letters, FDA did not argue that procedures were missing. Instead, the agency questioned whether they were implemented, monitored, and applied retrospectively when gaps were identified.
That distinction matters.
Supplier-related exposure rarely presents itself as a supplier problem.
It surfaces in:
Individually, these may seem manageable. Together, they widen the gap between documented controls and operational reality.
Inspection pressure exposes that gap.
In many organizations, supplier risk isn’t a policy failure - it’s a systems issue.
Disconnected ERP and QMS platforms, manual reporting, and siloed data make it difficult to demonstrate real-time oversight when regulators ask.
Supplier controls are no longer just about intent. They’re about proof.
If supplier changes, outsourced services, or system fragmentation have altered your operational landscape, now is the time to reassess how control is demonstrated.
Our whitepaper, Supplier Controls as a Hidden Multiplier of Regulatory Risk, explores:
Download the whitepaper to continue the conversation.