ISO 9001 supplier management: your step-by-step guide to supplier evaluation

ISO 9001 supplier management is undergoing a major transformation. The days of simply managing spend and negotiating the best deal are long gone. It's no longer sufficient or easy to use such outdated practices. Below, we explain a step-by-step approach to supplier management, performing a supplier evaluation and incorporating best practices in line with ISO 9001:2015.

We expect that with the planned 2026 update to ISO 9001 that requirements around supplier management and performing supplier evaluation will evolve. When that change happens, we will update our ISO 9001 supplier evaluation resources accordingly.

ISO 9001:2015 introduced new requirements for managing suppliers

Requirements that were new to ISO 9001:2015 reflect the more complex supplier management expectations we see in the modern world. Not only are there now more rigorous requirements to monitor suppliers on an ongoing basis, but the processes also need to be audited thoroughly. This is where a supplier evaluation is key.

While there is no prescribed method of managing and evaluating your suppliers as part of ISO 9001, a simple and pragmatic approach consists of six key steps. (Note: You do not need to do this for every supplier, just those who would influence how your products or services are provided.) You can see below how these six steps of supplier management should look and the tools you will need in place to implement those steps, from document management to dashboards for visualizing and evaluating suppliers.

Step-by-step supplier success

In three key stages, below we outline the full process from outlining your requirements in a supplier, all the way up to onboarding. But remember, that is not the end of the road when it comes to supplier management. Ongoing supplier evaluation is also a critical component of ISO 9001.

1) Supply requirements

The first step for proper ISO 9001 supplier management is to define the requirements of the process, product and service you need.

This may include:

• Scope
• Regulations
• Risk appetite
• Standards
• Supplier competencies
• Explanation of the verification and validation processes.

You must then inform potential suppliers of your requirements. To comply with ISO 9001, you must keep a record of your supplier requirements. Use document management software to share controlled supplier documentation with your stakeholders, keeping a record at every stage.

2) Supplier selection

Once you have a specification which has been verified and approved, you should carry out a supplier risk analysis. In this risk analysis, you should identify any risks associated with the product or service itself, such as:

• Credit
• Health and safety
• Supply chain
• Slavery
• Sustainability
• Quality
• Operational
• Currency fluctuations
• Substitutes
• Compliance
• Health and safety
• Product / technical

Then you should:

• Identify any risks associated with producing or delivering the product or service
• Quantify these risks using a consistent methodology
• Identify the controls needed to mitigate unacceptable risks

This analysis will provide details of your supplier evaluations and the controls you need to impose on your suppliers. In particular, you should consider risks associated with single sourcing

Using Ideagen software solutions, you can carry out a thorough risk assessment to ensure you mitigate and address any risks, making it much easier to manage a supplier risk assessment. You can employ any risk framework, including ISO 31000, COSO, SOX, Basel, AS/NZS 4360 to identify, quantify and prioritize risk.

3) Supplier onboarding

After identifying risks, you can move on to supplier onboarding. The purpose here is to identify potential suppliers who are capable of meeting your requirements.

Start with a standard supplier checklist to promote consistency and ensure the information can be easily reused. However, you should analyze the findings of your evaluation according to the risks you identified earlier.

When onboarding a supplier, you will want to record evidence of your requirements, the response confirming that the supplier will commit to those requirements and a contract of agreement.

The contract of agreement may include:

• Specifications
• Volumes
• Lead times
• Payment
• Processes
• Traceability records
• Constraints to supply
• Reassessment details

Invest in the right tools for ISO 9001 supplier management

Investing in the right tools for ISO 9001 compliant supplier management and supplier evaluation is integral to maintaining high standards of quality and operational excellence. Effective supplier management ensures that all inputs to your processes meet the stringent quality criteria required for ISO 9001 compliance, thereby minimizing risks associated with supply chain disruptions, non-conforming products and delayed deliveries.

Proper tools streamline supplier evaluation, allowing for consistent and objective assessments of supplier performance based on criteria such as quality, delivery and compliance. This not only facilitates the selection of reliable suppliers but also fosters long-term partnerships that contribute to sustained business success.

Ideagen’s software solutions provide a comprehensive set of tools for managing and evaluating suppliers in line with ISO 9001 standards. Our software solutions enable organizations to maintain detailed records of supplier performance, manage supplier audits and track compliance metrics in real-time.

By automating these processes, Ideagen’s solutions reduce manual workload, enhance accuracy and ensure that supplier evaluations are conducted consistently and efficiently. This holistic approach to supplier management supports continuous improvement and helps organizations to stay audit-ready, ensuring robust supply chain performance and adherence to ISO 9001 requirements.