[ ISO 13485 Cl;7.4, 21 CFR 820.50 (b), 21 CFR 820.80 (b) ] 

ISO 13485 is an international standard that specifies requirements for a quality management system (QMS) specifically for the medical device industry. The purchasing process, as outlined in ISO 13485, is a critical aspect of ensuring that medical devices are safe and meet regulatory requirements. Here’s an explanation of the purchasing process as per ISO 13485 Cl 7.4

1. Supplier / Vendor Identification, Selection and Evaluation: The purchasing process begins with selecting and evaluating suppliers. This involves assessing potential suppliers based on their ability to meet your product requirements such as technical specification, regulatory and QMS compliance, delivery time, payment terms etc.
2. Supplier / Vendor Approval: Once suppliers are Identified, they need to be formally approved. This involves verifying that the supplier meets all relevant requirements, such as sample approval, technical specifications, regulatory and QMS certification etc. The approval process may include onsite audits, product inspections, etc.
3. Purchase Order (PO): A purchase order (PO) is a document issued by a buyer to a vendor. The purchase order outlines the terms and conditions of the purchase, item name, type, and quantity, including payment terms, delivery details, and any other relevant information.
4. Purchasing Controls: All critical purchased items are checked for meeting the requirements by inspection, testing, and other forms of verification as per the approval criteria products meet specified requirements.
5. Verification of Purchased Product: Organizations must verify that purchased products meet specified requirements before they are used in the production process or delivered to customers. This may involve inspection, testing, or other forms of verification.
6. Records: ISO 13485 requires that records of the purchasing process be maintained. These records should demonstrate that purchased products meet specified requirements and that the purchasing process is effectively controlled.

The outsourcing process refers to the activities related to subcontracting or outsourcing processes that affect product conformity to requirements. Here’s an explanation of the outsourcing process as per ISO 13485:

1. Establishment of Controls: ISO 13485 Cl.4.1 requires the establishment of controls for outsourced processes to ensure that they meet specified requirements. This involves defining criteria for product acceptance, including inspection, testing, and other forms of verification.
2. Vendor / Supplier Agreements: The standard requires that organizations have written agreements with their suppliers for outsourced processes. These agreements should define the responsibilities of both parties, including quality requirements, communication, and any other relevant terms.
3. Monitoring and Review: Organizations must monitor and review the performance of outsourced processes regularly. This may involve periodic audits, inspections, review of batch manufacturing and quality control records.

Overall, the purchasing process in ISO 13485 is aimed at ensuring that medical devices are manufactured from raw materials, packing materials, consumables, accessories, and components sourced from approved suppliers and meet in-house specifications, including quality, safety, and regulatory compliance. A scheduled internal audit two times a year is essential to assure effective implementation throughout