The future of risk management and supplier control in the medical device industry depends on better cross-commodity learning and smarter use of subject matter experts, says a veteran quality executive with decades of experience across aerospace, automotive, and MedTech.
Jim Cassi – a longtime quality leader turned consultant and QualityHub SME – shared insights in a recent interview, tracing his career from early work in aerospace reliability engineering to leading quality systems in medical device manufacturing. His experience, he said, reveals a common thread: industries often solve similar problems but fail to share solutions efficiently.
“Everybody’s drawing from the same toolkit,” Cassi said. “They just emphasize different elements depending on the risks in their industry.”
Risk Management Lagged in Medtech
Cassi noted that while industries like aerospace were using formal risk analysis tools such as Failure Mode and Effects Analysis (FMEA) as early as the 1980s, medical device companies were slower to adopt these practices despite the often life-or-death implications of their products.
“It takes time for ideas to cross between industries,” he explained, pointing to hiring practices that favor commodity-specific experience as one barrier. “That insular nature slows down innovation.”
When risk management first gained traction in MedTech in the mid- to late 2000s, Cassi said many organizations approached it as a compliance exercise rather than a decision-making tool.
As outsourcing continues to grow, Jim Cassi expects supplier management practices in MedTech to become more closely aligned with those long established in automotive and aerospace.
“In the beginning, companies would complete an FMEA, get signatures, and file it away,” he said. “It became a one-time activity instead of something that actively informed design and manufacturing.”
That approach, he noted, mirrors how aerospace organizations initially treated risk decades earlier, but has since evolved.
Today in MedTech, industry expectations and regulators – including the US Food and Drug Administration (FDA) with its new Quality Management System Regulation (QMSR) and companion Compliance Program Manual (CPM 7382.850) that heavily highlight and focus on risk management and related activities – are pushing device companies toward maintaining risk files as dynamic, continuously updated systems. Cassi emphasized that true maturity in risk management comes when organizations integrate risk thinking into everyday operations.
“That means when you get new information – complaints, nonconformances, field data – you feed that back into your risk analysis,” he said. “You reassess assumptions and update your controls.”
However, he noted, adoption remains uneven.
“Some companies are doing this very well,” Cassi said. “Others are still closer to the old model. The trend is clearly toward making risk management a living process, but it hasn’t fully standardized yet – but I’m optimistic it will get there.”
Supplier Controls Becoming More Sophisticated
One area seeing rapid evolution is supplier management, particularly as medical device companies increasingly outsource critical manufacturing steps. Cassi explained that traditional supplier qualification methods, such as audits of a supplier’s overall quality system, are no longer sufficient on their own. (Related Story: “FDA Investigator Reminds MedTechs: Monitoring of Suppliers Must Include Risk Considerations,” QualityHub, May 7, 2025.)
“The standard approach qualifies the supplier as a company,” he said. “But it doesn’t necessarily qualify their ability to make a specific part.”
That gap becomes more significant as companies rely on suppliers for complex, high-precision, or safety-critical components. In response, some organizations are adopting more rigorous, part-specific approaches inspired by the automotive industry, including elements of the Production Part Approval Process (PPAP).
Using PPAP requires a “different mindset,” Cassi said. “Instead of just auditing the supplier’s quality system, you’re evaluating the actual manufacturing process for the specific part you’re buying.”
This can include verifying process capability (such as using Cpk metrics), conducting measurement system analyses to ensure inspection accuracy, identifying critical dimensions, and requiring documented process control plans.
The shift reflects a broader move away from reactive quality control toward proactive process assurance, Cassi said. “If you rely only on incoming inspection, you’re essentially trying to catch defects after they’ve already happened. That’s inefficient and costly.”
Instead, companies are increasingly working with suppliers to ensure processes are capable and controlled before parts are produced at scale.
“You want confidence that the process itself is stable,” he said. “Then receiving inspection becomes more of a verification step, not your primary control.”
“AI might help you write procedures faster, but it doesn’t replace the judgment needed to implement them effectively.” – Jim Cassi
Cassi emphasized that these more advanced controls are typically applied selectively, depending on risk, complexity, and cost considerations.
“You don’t need this level of oversight for every component,” he said. “But for critical parts, high-value items, or major investments like tooling, it makes a lot of sense.”
Cassi illustrated the point with a simple comparison: while two components may both be classified as “standard screws,” their risk profiles can differ dramatically depending on their application.
“A screw holding a cover in place is very different from one that secures a wheel,” he said. “The level of control should reflect that difference.”
As outsourcing continues to grow, Cassi expects supplier management practices in MedTech to become more closely aligned with those long established in automotive and aerospace, further blurring the lines between industries.
External Experts: Filling Critical Gaps
Now working as a consultant, Cassi said companies often underestimate the strategic value external experts can provide, particularly during periods of rapid change.
Consultants can help organizations manage temporary surges in workload, such as regulatory transitions, without committing to permanent hires. They also bring efficiency, having solved similar problems multiple times.
“You could figure it out yourself,” Cassi said. “But someone who’s done it five times can do it faster and focus on what really matters.”
Despite continued and expanding interest in automation and artificial intelligence, Cassi said he sees little risk of technology replacing experienced quality professionals. Anytime soon, that is. (Related Story: “Double-Edged Sword? ‘Embrace’ FDA AI-Assisted Reviews – But Beware ‘AI Poisoning,’ SME Says,” QualityHub, May 15, 2025.)
“AI might help you write procedures faster, but it doesn’t replace the judgment needed to implement them effectively,” he said.
Cassi emphasized that successful consultants (and quality leaders more broadly) must combine technical expertise with strong communication skills, adaptability, and the ability to truly understand client needs.
“Sometimes what a company asks for isn’t what they actually need,” he said. “You have to listen and figure out the real problem.”
For Cassi, the appeal of consulting lies in solving complex, ever-changing challenges.
“I like solving puzzles,” he said. “Every company has different issues – people, processes, technology – and figuring that out is the interesting part. You solve the problem, close the case, and move on to the next one. And each time, you get better at it.”
