Component suppliers

Product manufacturers typically purchase raw materials, parts, or other components from external suppliers. The manufacturer then uses the components to fabricate finished products that are offered for sale. Generally, the manufacturer or assembler will be liable for injuries or damage proximately caused using defective components. This report provides guidance on how to evaluate vendor control programs. Because of the broad range of purchasing systems and transactions, not all recommendations may be applicable or appropriate for all situations.

Components may be “off-the-shelf” items that have been produced according to a standard specification (e.g., bolts made to ASTM E-XXXX) or be custom components produced to the manufacturer’s specifications. In addition, component parts may themselves be manufactured from components manufactured by another.

The quality of components can directly influence the quality and reliability of the finished product. The use of poor-quality components for safety-critical applications may lead to product-related injuries and property damage. Generally, the manufacturer or assembler will be liable for these losses.

There are two main arguments for holding the finished product manufacturer liable for damages caused using defective components. First, product manufacturers have a duty to test and inspect their products to determine whether they were produced and assembled correctly and the failure to perform tests, or to test adequately, can indicate that the manufacturer was negligent. Second, a manufacturer is responsible for putting the product on the market and, as a matter of policy, should be held accountable for any harm caused by the product because of product defects.

This report provides guidance for managing the liability that can be created from the use of components purchased from suppliers. In addition to the use of contractual risk transfer agreements, the guidance focuses on instituting an organized system for pre-evaluating supplier capabilities, communicating with suppliers, and verifying that purchased items meet specifications. Because of the broad range of vendor transactions, not all of the guidance may be appropriate for all situations.

Supplier selection

Manufacturers use a broad range of purchasing systems. The specific processes that a business should develop to manage these systems will depend upon the management culture of the manufacturer; however, in general, a purchase control system should address these primary areas:

  • Selection of suppliers
  • Contractual risk transfer agreements
  • Communication with suppliers
  • Verification of supplier performance

Liability exposures created by the purchase of component parts can be managed through supplier selection, contractual agreements, and certificates of insurance. Obtaining certificate of insurance from the supplier, along with indemnity and hold harmless agreements in the purchase order process will help minimize liability for the manufacturer. The process should be documented, and all persons involved in the purchasing process (e.g., designers, engineers, product safety personnel, and purchasing employees) made familiar with their responsibilities under the system. In addition, contract terms and conditions, as well as the system, should be audited on a regular basis to ensure that it is functioning as intended.

Quality systems

Purchase control is a required element for a quality management system based upon the ISO 9000 series of standards. The ISO requirements are found in Section 8.4 of the 2015 edition of ISO 9001. In such cases, the purchase control system should be reviewed to ensure that product safety concerns are explicitly addressed.

Manufacturers should establish organized processes to identify potential suppliers and to evaluate their capabilities and reliability. The purpose of this system is to determine whether the chosen supplier can meet the needs of the manufacturer.

There are numerous methods of evaluating prospective suppliers. These include:

  • Reviewing previous experiences with the supplier, if any.
  • Checking client references.
  • Conducting an on-site assessment of the supplier’s manufacturing facility.
  • Auditing the supplier’s quality management system.
  • Obtaining and testing sample products.

The review method chosen will depend upon the scope and complexity of the item being procured, the sales history between the parties, if any, and the criticality of the item. The method should be applied consistently for all suppliers.

The manufacturer should compile a list of rated and approved vendors. The manufacturer’s purchasing procedures should prohibit the purchasing department from procuring supplies from vendors not on this list.

Supplier performance should be evaluated after every transaction to identify areas of concern or improvement, and to identify performance trends. Supplier ratings should be adjusted to correspond to the information obtained. Also, supplier performance should be evaluated prior to submission of a purchase order if the supplier has not been used recently or if changes have occurred which might have affected the supplier’s ability to maintain its prior performance (e.g., recent management changes or layoffs).

Supplier communications

Manufacturers should take steps to ensure the orderly flow of information to and from the supplier. This is important for ensuring that there are no misunderstandings on what is expected from each party and that any problems that occur are handled promptly.

Product specifications

The manufacturer should develop product specifications for all products that it must purchase. These specifications should include requirements for product performance and product safety. The specific requirements will depend upon the nature of the item being purchased.

The specifications should be written as clear and precise as possible. The specification should contain sufficient information to identify the requirements for the product. Where applicable this may include design drawings, blueprints or other supplemental material. If a third-party standard is being used as the source of a requirement, this standard should be referenced explicitly in the product specification.

Product designers should review the specification for correctness and completeness. Final product specifications should be dated and be maintained under strict document control procedures.

Purchasing documents

All purchasing documents should include an adequate level of detail concerning the description of the product being ordered (e.g., product specifications and quantity), as well as any other performance requirements that the supplier must meet. Such requirements may include:

  • Delivery time and location.
  • Acceptance criteria.
  • Product inspection criteria.
  • Agreed on verification methods.
  • Product identification or traceability.
  • Responsibilities for correcting nonconforming products.

All purchasing documents should explicitly reference product safety as a purchasing requirement. This should include a requirement that the supplier promptly notify the manufacturer of any identified safety concerns with the product or similarly produced item.


All purchasing documents should be reviewed for adequacy and correctness prior to transmittal to the product vendor. Documents should be checked for:

  • Obvious errors in nomenclature, parts numbers, or product identifiers.
  • Omission of necessary drawings or reference specifications.
  • Omission of agreed-on quality measures or acceptance criteria.
  • Improper delivery times or locations.

In addition, legal counsel should review all draft purchasing documents to ensure that appropriate indemnification, hold-harmless agreements or other contractual risk transfer devices are included.


The manufacturer’s purchasing procedures should prohibit the modification of purchasing requirements or the acceptance of similar or “substantially equivalent” products without the permission of the design or engineering department and the product safety coordinator. Such products may introduce unanticipated risks over the life cycle of the product.

Other communications

The manufacturer may want to maintain communication with suppliers to keep abreast of product status and to promptly address any concerns that are raised during production. This is especially important when the item being purchased is highly customized or engineered and differences can be made in engineering interpretation.

Product verification

Manufacturers should establish requirements for systematically verifying that supplied products conform to contract specifications. This typically involves the inspection or testing of products either by the supplier, the manufacturer or by a designated third party. Product verification methods and procedures should be agreed upon by the manufacturer and supplier and documented in the final purchase order or contract. Important elements to be considered include the product characteristics to be evaluated, the method and extent of verification, criteria for acceptance, and the handling of nonconforming products.

Inspection criteria

Products often have many specifications and, in many cases, it may be uneconomical or impractical to verify all requirements. The manufacturer should identify key product characteristics that affect product safety, and determine the product parameters that measure these characteristics and methods of measuring these parameters. These criteria should be specified in the purchase order. In addition, the manufacturer should establish acceptable quality levels that should be met.

Verification methods

There are a variety of methods available for determining vendor compliance. Commonly used verification methods include qualification tests, source inspection, receiving inspection and vendor inspection.

Qualification testing

Qualification testing, also called first article inspection or first system testing, involves the intensive evaluation of the very first item produced by the supplier. The purpose of this testing is to determine whether the manufacturing process can produce a product that meets all required specifications before normal production runs are started. The supplier, the manufacturer, or a third party may perform the testing. The manufacturer should request copies of all test results or other documentation performed by others to verify that testing was performed.

Source inspection

Source inspection involves the testing of products at the supplier’s facility by the purchaser or their agent. Such testing may be desired because adequate inspection at a later time is impracticable or because testing of completed products will not adequately determine the quality of the manufacturing process. The nature and amount of source inspection will depend upon the reliability of the supplier and the criticality of the part.

Vendor inspection

Vendor inspection involves the inspection of the products at the manufacturing facility by the supplier for compliance with contract specifications. The vendor would then submit test records, process control records, certificates of conformance or other pertinent documentation to verify the testing was performed.

Receiving inspection

Receiving inspection involves the evaluation of products by the manufacturer at the time of receipt to verify compliance with product specifications. The type of inspections and procedures used will vary widely. At a minimum, the received materials should be compared with the purchase order for the proper item and count or quantity. The inspection should also look for visible shipping damage. If the product is of the type that cannot be reasonably inspected on the loading dock, the product should be segregated from other approved products until it can be evaluated for conformance.

Training and equipment

Properly trained and qualified personnel should perform the verification. The test equipment used for the verification should be appropriate for the test method chosen and must be properly calibrated. The testing should be performed according to an organized protocol and test results be accurately recorded. The results should specify the products covered by the test. The manufacturer should request appropriate documentation from any supplier- performed verification activities.

Non-conforming products

Manufacturers should establish procedures for handling supplied products that do not conform to product specifications. If non-conforming products are identified, the supplier should be notified of the non-conformance as soon as possible. The notification should be in writing and include sufficient information to identify the nature and magnitude of the problem. The supplier should be requested to provide corrective actions by a specified date.


Components that have been accepted are usually stored until required for production. The manufacturer should take steps to ensure that the item does not become degraded during storage. Such steps include:

  • Storing the product according to supplier’s instructions.
  • Preventing accidental commingling of products to retain traceability elements.
  • Identifying products with limited shelf-life.
  • Rotating stock to prevent excessive aging or deterioration.

The storage area should be periodically inspected. The manufacturer should follow good housekeeping procedures.

Record keeping

The manufacturer should maintain all records relevant to the purchase of goods. Such records include the product specifications, purchasing documents, records of verification activities and other supplier correspondence. This can provide a way to evaluate supplier performance and quality trends. It will also be helpful for identifying the source of complaints or the affected product should corrective action be required.


In the past, product failures were often attributed to local or functional errors in product design, the manufacturing process, or inadequate labeling with limited impact. Today, a single product-safety problem can have significant repercussions on a global scale. Globalization of most industries has sparked heightened awareness of the various risks and vulnerabilities that products are exposed to as they move along the supply chain continuum from design and sourcing, to manufacture, transportation, distribution, and final sale to the consumer.

Supply networks are long and complex. Many entities, including outsourcers and subcontractors located in emerging economies like China, handle the product as it moves across geographical and national borders, thereby creating many physical and temporal threats that pose a risk to product safety and security. Supplier relationships are a critical element of product safety risk management. Incorporating traceability throughout the life cycle of the product will provide steps along the way to validate that the components meet design and safety expectations.

Program review

The following questions may be used to help evaluate a manufacturer’s purchase control program.

  • Does the manufacturer have a policy and procedures for assuring the safety of items procured from suppliers?
  • Does the manufacturer have procedures for evaluating supplier abilities, and are these procedures applied consistently?
  • Do purchase documents have explicit requirements for product safety?
  • Do purchase documents have explicit requirements for product verification, including criteria that must be evaluated and methods to be used?
  • Are purchasing documents reviewed before they are sent out to suppliers?
  • Does the manufacturer inspect all products they receive? If not, how do they verify conformance?
  • Is there evidence that when a product purchased from a supplier is unsatisfactory, the supplier is promptly advised?
  • Does the manufacturer have procedures for identifying the product components that were installed in all manufactured product?
  • Has the manufacturer taken steps to ensure that accepted products are stored to prevent damage or degradation?


It is generally held that a manufacturer who incorporates into its product a component made by another has a responsibility to test and inspect such component. If the manufacturer fails to properly perform such duties, it will be responsible for injuries to users. The question whether the manufacturer of a product incorporating a component made by another has a responsibility beyond the mere duty to test and inspect has not been answered with uniformity among the various courts in actions based on negligence.

Many courts which have supported the proposition that a responsibility exists for testing and inspection have not been called upon to explore further the nature of the manufacturer's responsibility and have left the matter for future determination. But where the question has been dealt with, there is a split of authority. Some cases have held that the manufacturer's only responsibility for a component made by another is the duty properly to test and inspect it. Other courts have found a broader responsibility, where the manufacturer assumes full responsibility for the component, just as if it were an article of his own creation. Regardless of jurisdiction, having a comprehensive component supplier risk management program will help address a comprehensive risk management program.


  1. American Institute for Chartered Property Casualty Underwriters/Insurance Institute of America. Property and Liability Risk Control, 2nd edition. Malvern, PA: AICPCU/IIA, 2008.
  2. CCH Incorporated. Managing for Products Liability Avoidance, 3rd Ed. Chicago: CCH, 2004.
  3. Kellet, E. Products Liability: Manufacturers Responsibility for Defective Component Supplied by Another and Incorporated in Product. 3 ALR 3rd 1016 (Originally published 1965), Westlaw (2018).
  4. L. Bass. Products Liability: Design and Manufacturing Defects, 3rd Ed. Chicago, IL: CCH, 2004.
  5. Marucheck, Ann, et al. Product safety and security in the global supply chain: Issues, challenges and research opportunities. Journal of Operations Management Volume 29 Issue 7-8, November, 2011.
  6. National Safety Council. Product Safety Management Guidelines, 2nd Ed. Chicago, IL: NSC, 1997.

Copyright © 2018, ISO Services, Inc.

This material is provided for informational purposes only and does not provide any coverage or guarantee loss prevention. The examples in this material are provided as hypothetical and for illustration purposes only. The Hanover Insurance Company and its affiliates and subsidiaries (“The Hanover”) specifically disclaim any warranty or representation that acceptance of any recommendations contained herein will make any premises, or operation safe or in compliance with any law or regulation. By providing this information to you, The Hanover does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.

LC NOV 2018-336
171-1752 (6/19)