Supplier Risk Assessments
Hi all,
Looking for advice on how others have handled this issue:
When conducting risk assessments of suppliers, how do we deal with suppliers that refuse to provide necessary documentation (i.e. process flow charts with controls)? Specifically, pharma companies wherein process controls are considered confidential? How can we still utilize these suppliers while being in compliance with FSMA?
Thanks!
Kinda curious, what type of pharma ingredient would you use and what type of product do they go in?
Find a new supplier that will accommodate? Adjust your procedure to accommodate the information that them can supply. There might be other ways to evaluate risk. im still trying to wrap my head around your scenario. Maybe more info will help.
Foreign suppliers or domestic?
Do you have to have this information? Or is this a nice to have?
What does your supplier risk assessment indicate? Is their certification/accreditation not enough?
What does having this information provide? If it is to clearly show that certain risks are mitigated, and without the documents you cannot: perhaps you should include these risks in your own monitoring program.
If you do absolutely need it: Are they able to provide redacted information?
Or you could perhaps have a ''audit'' performed in which they show you the information (without access, copies etc.) so that you can have an internal checkmark regarding this topic without them sharing the documents (e.g. seen and approved).
And if all else fails -> find a new supplier.
Is a Supplier audit performed by someone in your company out of the question? This could also help if this information is indeed required. By going in there and signing confidentiality forms, you would be able to see this information and document that it is in or out of compliance as part of the audit.