ISO 9001 supplier management: your step-by-step guide

ISO 9001 supplier management is undergoing a major transformation. The days of simply managing spend and negotiating the best deal are long gone, it's no longer sufficient or easy to use such outdated practices. Below, we explain a step-by-step approach to supplier management, incorporating best practices in line with ISO 9001:2015.

ISO 9001:2015 – new requirements for managing suppliers

The new ISO 9001:2015 requirements reflect the more complex supplier management expectations. Not only are there now more rigorous requirements to monitor suppliers on an ongoing basis, but the processes also need to be audited.

While there is no prescribed method of managing your suppliers, a simple and pragmatic approach consists of six key steps. (Note: You do not need to do this for every supplier, just those who would influence how your products or services are provided.) 

Step-by-step supplier success

1) Supply marketing

The first step is to define the requirements of the process, product and service you need.

This may include:

• Scope
• Regulations
• Risk appetite
• Standards
• Supplier competencies
• Explanation of the verification and validation processes.

You must then inform potential suppliers of your requirements. To comply with ISO 9001:2015, you must keep a record of your supplier requirements. Use document management software to share controlled supplier documentation with your stakeholders, keeping a record at every stage.

2) Supplier selection

Once you have a specification which has been verified and approved, you should carry out a supplier risk analysis. In this risk analysis, you should identify any risks associated with the product or service itself, such as:

• Credit
• Health and safety
• Supply chain
• Slavery
• Sustainability
• Quality
• Operational
• Currency fluctuations
• Substitutes
• Compliance
• Health and safety
• Product / technical

Then you should:

• Identify any risks associated with producing or delivering the product or service
• Quantify these risks using a consistent methodology
• Identify the controls needed to mitigate unacceptable risks.

This analysis will provide details of your supplier evaluations and the controls you need to impose on your suppliers. In particular, you should consider risks associated with single sourcing.

Using our risk management system, you can carry out a thorough risk assessment to ensure you mitigate and address any risks, making it much easier to manage a supplier risk assessment. You can employ any risk framework, including ISO 31000, COSO, SOX, Basel, AS/NZS 4360 to identify, quantify and prioritise risk.

3) Supplier onboarding

After identifying risks, you can move on to supplier onboarding. The purpose here is to identify potential suppliers who are capable of meeting your requirements.

Start with a standard supplier checklist to promote consistency and ensure the information can be easily reused. However, you should analyse the findings of your evaluation according to the risks you identified earlier.

When onboarding a supplier, you will want to record evidence of your requirements (ITT, RFQ), the response confirming that the supplier will commit to those requirements, and a contract of agreement.

The contract of agreement may include:

• Specifications
• Volumes
• Lead times
• Payment
• Processes
• Traceability records
• Constraints to supply
• Reassessment details

Pentana Audit makes it easy to capture checklists of information from your supplier audits. Attach any type of multimedia evidence to demonstrate compliance.

Find out more about our ISO 9001 supplier management software by downloading our free brochure here.  Read more about the new ISO 9001:2015 requirements to ensure that your organisation is ready for the changes.

Written by

Alexander Pavlović

Alex produces targeted content to help Ideagen’s readers and customers navigate the complex world of quality, governance, risk and compliance.

Alex has worked with brands such as BT, Sodexo and Unilever and is passionate about helping businesses build a cohesive, collaborative culture of quality.