Supplier management is undergoing a major transformation. The days of simply managing spend and negotiating the best deal are long gone: it's no longer sufficient or easy to use such outdated practices.

ISO 9001:2015 – new requirements for managing suppliers

The new ISO 9001:2015 requirements reflect the more complex supplier management requirements. Not only are there now more rigorous requirements to monitor suppliers on an ongoing basis, but the processes also need to be audited. 

Read here for more information about the new ISO 9001:2015 requirements for Clause 8.4. 

Below, we explain a step-by-step best practice supplier management approach. 

While there is no prescribed method of managing your suppliers, a simple and pragmatic approach consists of six key steps. (Note: You do not need to do this for every supplier, just those who would influence how your products or services are provided.)  

 
Step-by-step supplier success

1) Supply marketing

The first step is to define the requirements of the process, product and service you need.

This may include: 

• Scope 
• Regulations 
• Risk appetite 
• Standards
• Supplier competencies
• Explanation of the verification and validation processes. 

You must then inform potential suppliers of your requirements.

Keep a record!

To comply with ISO 9001:2015, you must keep a record of your supplier requirements. Use Document Manager to share controlled supplier documentation with your stakeholders, keeping a record at every stage.
 

2) Supplier selection

Once you have a specification which has been verified and approved, you should carry out a supplier risk analysis. 

In this risk analysis, you should identify any risks associated with the product or service itself, such as:

• Credit
• Health and safety
• Supply chain 
• Slavery
• Sustainability
• Quality 
• Operational 
• Currency fluctuations
• Substitutes 
• Compliance 
• Health and safety 
• Product / technical

Then you should:

•   Identify any risks associated with producing or delivering the product or service
•   Quantify these risks using a consistent methodology
•   Identify the controls needed to mitigate unacceptable risks.

This analysis will provide details of your supplier evaluations and the controls you need to impose on your suppliers. In particular, you should consider risks associated with single sourcing. 

Using Risk Manager, you can carry out a thorough risk assessment to ensure you mitigate and address any risks, making it much easier to manage a supplier risk assessment. You can employ any risk framework, including ISO 31000, COSO, SOX, Basel, AS/NZS 4360 to identify, quantify and prioritise risk.

3) Supplier onboarding 

After identifying risks, you can move on to supplier onboarding. The purpose here is to identify potential suppliers who are capable of meeting your requirements. 

Start with a standard supplier checklist to promote consistency and ensure the information can be easily reused. However, you should analyse the findings of your evaluation according to the risks you identified earlier. 

When onboarding a supplier, you will want to record evidence of your requirements (ITT, RFQ), the response confirming that the supplier will commit to those requirements, and a contract of agreement. 

The contract of agreement may include:

• Specifications
• Volumes
• Lead times
• Payment 
• Processes
• Traceability records 
• Constraints to supply
• Reassessment details. 

iEQMS Auditor makes it easy to capture checklists of information from your supplier audits. Attach any type of multimedia evidence to demonstrate compliance. 

4) Supplier development 

When the contract begins, you will need to monitor your supplier's performance, nurture the relationship, and manage any issues. Some processes for managing issues will have measurable costs, so if you cannot quantify these costs and provide evidence of how they were incurred, you may have difficulty recovering them.

Once you know what you need to monitor your supplier, consider how to do that monitoring in a way that captures critical information, tells interested parties how to act on that information, and allows progress to be tracked easily, all in real time. Paper, electronic paper, and spreadsheets only tend to work for small organisations where one person is responsible for managing the process from beginning to end.

Supplier Manager allows you to view an entire record of the history of your supplier. 

5) Supplier assessment

How often and when to re-evaluate your supplier is a decision your organisation should consider as part of its strategy. Some issues may arise which prove very costly, leading to more frequent assessments. 

A best-practice approach would be to monitor any corrective and preventive action (CAPA) associated with the supplier. Even seemingly minor issues could add up significantly over the years if they repeatedly occur. When looking at these issues, it is important to find out why they occurred, so you might want to ask questions such as: 

• Why did the process fail? 
• How could we optimise the process to prevent it from happening with this supplier and others?
• How do we communicate the failure to the people who need to know about it? 

On the other hand, if a supplier has no issues associated with them, you may want to ask questions about how you can strengthen the relationship – for example, are there any additional services or products they could offer your organisation? 

CAPA Manager allows you to access a log of all issues relating to a supplier. Using the workflows, you can see the results of such issues and whether they have been successfully managed.

Further resources

Download our supplier management toolkit and access 10 supplier optimisation resources, a breakdown of ISO 9001:2015 Clause 8, and more.