Supplier Risk Classification

Supplier classification determines the risk category of a supplier based on a structured assessment of five dimensions. The resulting risk category drives qualification requirements, monitoring frequency, and oversight level.

Risk categories

Category	Score Range	Description
Critical	12 — 15	Direct impact on product quality and patient safety
Major	8 — 11	Significant impact on quality systems or regulatory compliance
Minor	4 — 7	Limited impact on quality, indirect services
Non-Critical	Below 4	No impact on product quality

Assessment dimensions

Each dimension is rated as High (3 points), Medium (2 points), or Low (1 point). The total score (minimum 5, maximum 15) determines the risk category.

Dimension	Assessment Question
Impact on Product Quality	How directly does this supplier impact the quality of the final product?
Impact on Patient Safety	Could a failure from this supplier impact patient safety?
Regulatory Impact	What is the regulatory impact if this supplier fails to meet requirements?
Process Criticality	How critical is this supplier to your manufacturing/business processes?
Data Integrity Risk	Does this supplier handle data that impacts GxP compliance or data integrity?

Classify a supplier

1. On the left sidebar, select Suppliers.
2. Select the supplier from the list to open their profile page.
3. Select Classify in the profile header.
4. For each of the five dimensions, select High, Medium, or Low.
5. Review the Classification Preview card, which shows the estimated risk category and total score in real time.
6. In the Justification field, enter the reasoning for this classification (required).
7. Select Submit Classification.

Note

The preview score shown on the form is a client-side estimate. The server calculates the final score using configurable weights, which an administrator can adjust. The final category may differ from the preview if custom weights have been configured.

You can also start a classification from the supplier profile’s Classification tab by selecting Classify Supplier (shown when no classification exists).

All dimensions default to Medium when the form opens. Adjust each dimension based on your assessment of the specific supplier.

View classification history

1. On the left sidebar, select Suppliers.
2. Select the supplier from the list.
3. Select the Classification tab.

The tab displays:

• Current Classification — the most recent classification with full dimension scores, risk score, category badge, classification date, and justification.
• Classification History — a chronological list of all previous classifications showing category, score, date, and which entry is current.

Tip

Reclassify a supplier whenever there is a significant change in the scope of materials or services they provide, or when periodic review indicates a change in risk profile.

How classification affects other modules

• Requirements — Risk category determines which qualification requirements are auto-assigned. On the Requirements tab, select Auto-assign Requirements after classification.
• Qualification frequency — Higher-risk suppliers typically require more frequent requalification cycles.
• Monitoring — Critical and Major suppliers appear prominently in dashboard statistics and overdue alerts.

Caution

A supplier without a classification will show “Not classified” in the supplier list. Classification should be completed before proceeding with qualification.

Practical example: classifying a critical API supplier

Scenario: PharmaSynth AG supplies an Active Pharmaceutical Ingredient (API) used in your company’s oral solid dosage form. You need to classify this supplier’s risk level.

1. Navigate to Suppliers and select PharmaSynth AG from the list.
2. Select Classify in the profile header.
3. Rate each dimension:

Dimension	Rating	Rationale
Impact on Product Quality	High (3)	API is the active ingredient; quality directly determines drug product efficacy and purity.
Impact on Patient Safety	High (3)	An out-of-specification API batch could cause adverse patient reactions or therapeutic failure.
Regulatory Impact	High (3)	API suppliers are subject to regulatory inspection; failure triggers product recalls and regulatory action.
Process Criticality	High (3)	No alternative qualified API supplier exists; supply disruption halts production.
Data Integrity Risk	Medium (2)	PharmaSynth provides Certificates of Analysis and stability data that are GxP-relevant, but does not operate computerized systems on your behalf.

4. The Classification Preview shows a total score of 14, placing PharmaSynth in the Critical risk category (score range 12—15).
5. In the Justification field, enter: “Sole-source API supplier for Product X. API quality directly impacts drug product safety and efficacy. Regulatory exposure is high due to multi-market filings referencing this supplier’s Drug Master File.”
6. Select Submit Classification.

After submission, the supplier list shows PharmaSynth AG with a Critical risk badge. On the Requirements tab, selecting Auto-assign Requirements will assign the most stringent qualification requirements, such as on-site GMP audit, quality agreement, regulatory filing review, and annual requalification.