There are probably a series of reasons that auditors are targeting this specific quality system element, however I will provide my perspective given certain trends over the last few years in the medical device and combination product spaces. Both large and small firms that design medical devices and combo products have outsourced many significant manufacturing and service activities to reduce overhead costs or capitalize on supplier efficiencies, technology, and know how. Because of this outsourcing trend, the FDA and Notified Bodies are extending their audits to ensure that the license owners have appropriate controls in place. Supplier management can be seen as an extension of design controls. If the component, sub-assembly, or final assembly has a moderate to significant impact to ensuring product safety, efficacy, or performance, the auditor wants to ensure that controls in place are commensurate with the risk of the activity or component. This principle is key to applying a risk-based approach. For example Significant risk suppliers must have additional controls in place such as annual on-site audits, supplier CAPA system, quality agreements, and control plans. Whereas low risk suppliers/parts may only require a supplier questionnaire and/or 3-year audit. Essentially, in the end, the auditors want to ensure that supplier controls are linked to product risk, and also provide the patient/user with safe, effective, and performing product.
