|

Supplier Assessment and Vendor Qualification

1. Purpose

This article defines a structured approach for supplier assessment and vendor qualification of computerized systems. It establishes how supplier capability is evaluated and how supplier activities may be leveraged to support validation. Supplier assessment is a critical control. It determines the extent to which vendor documentation and testing can be relied upon.

2. Scope

Supplier assessment applies to vendors providing:

  • Computerized systems and software
  • Configured or custom applications
  • Infrastructure components supporting GMP systems
  • Implementation and support services

Assessment must be performed prior to relying on supplier deliverables for validation.

3. Role of Supplier Assessment

Supplier assessment supports a risk-based validation approach and reduces duplication of testing where justified. Supplier assessment is used to:

  • Evaluate supplier quality systems
  • Determine reliability of supplier documentation
  • Define level of supplier leverage
  • Identify gaps requiring additional verification

Supplier assessment does not replace validation. It supports validation planning.

4. Supplier Risk Considerations

Supplier assessment must consider both system risk and supplier capability. Key factors include:

  • System impact on product quality and patient safety
  • Data integrity relevance
  • Software category and complexity
  • Degree of configuration or customization
  • Supplier experience with regulated environments

Higher-risk systems require more rigorous supplier evaluation.

5. Supplier Assessment Activities

Supplier capability must be evaluated using a structured approach. Typical activities include:

  • Review of supplier quality management system
  • Assessment of development and testing practices
  • Evaluation of documentation standards
  • Review of change management and release control
  • Assessment of data integrity controls
  • Verification of training and competency

Assessment may be performed through audits, questionnaires, or document review. The diagram below illustrates the structured workflow for supplier assessment and vendor qualification, from initial evaluation through approval and ongoing monitoring. It shows how supplier capability is assessed and how the outcome determines supplier qualification and level of reliance.

Workflow showing supplier assessment, vendor qualification, approval, and ongoing supplier management in computerized system validation

6. Vendor Qualification

Vendor qualification is the formal approval of a supplier for use in a regulated environment. Qualification activities include:

  • Documentation of supplier assessment results
  • Identification of acceptable supplier deliverables
  • Definition of supplier responsibilities
  • Approval of supplier for specific systems or services

Vendor qualification must be documented and approved prior to system use.

7. Supplier Leverage

GAMP 5 allows the use of supplier documentation and testing where appropriate. Supplier leverage may include:

  • Use of supplier development testing
  • Use of factory acceptance testing
  • Use of standard documentation packages

Level of supplier leverage depends on:

  • Supplier assessment outcome
  • Software category
  • System risk

Supplier deliverables must be reviewed and approved before use.

8. Documentation Requirements

Supplier assessment and vendor qualification must be documented. Documentation must include:

  • Supplier assessment report
  • Identified risks and gaps
  • Justification for supplier reliance
  • Defined validation responsibilities
  • Approval of supplier qualification

Documentation must support inspection readiness and demonstrate risk-based decisions.

9. Ongoing Supplier Management

Supplier qualification is not a one-time activity. Suppliers must be monitored throughout the system lifecycle. Ongoing activities include:

  • Periodic supplier evaluation
  • Review of supplier performance
  • Monitoring of changes and updates
  • Requalification where required

Supplier performance must remain consistent with initial assessment.

10. Practical Application

Supplier assessment must be performed early in the lifecycle and used to define validation strategy. It directly influences:

  • Validation scope
  • Testing approach
  • Documentation depth
  • Level of internal verification

Incorrect or missing supplier assessment leads to either over-reliance or insufficient control.