Looking for advice on how others have handled this issue:
When conducting risk assessments of suppliers, how do we deal with suppliers that refuse to provide necessary documentation (i.e. process flow charts with controls)? Specifically, pharma companies wherein process controls are considered confidential? How can we still utilize these suppliers while being in compliance with FSMA?