Menu Close

Supplier Selection Approval and Evaluation

Supplier Selection Approval and Evaluation doesn’t have to be so tough…

What is an External Provider anyways?

According to ISO 9001:2015 for what most of us call Supplier Selection Approval, you must have approved “External Providers” prior to use and you must ensure that externally provided processes, products and services conform to requirements.  The fact is External Providers is a new term used in the standard, it opens the door for service contractors of all sorts, material suppliers, and so on…  Don’t get caught up by the name change, and no auditor will penalize you for using the term supplier, provided it’s in the same context and has the required criteria for evaluation.  You must determine and apply criteria for the Evaluation (up front review), Selection (approval), and monitoring of performance and re-evaluation (tricky business to ensure they are still good 4 years later).  On top of that, you’ve got to keep records (documented information) of the entire process.  See ISO 9001: 8.4.1.

The Grandfather Paradox (not the space time one)

Let’s be honest, none of us started out business day 1 in compliance with ISO 9001.  As such, you have maybe 10, maybe 500+ suppliers you need to instantly approve in your QMS.  WOW, tons of work.  What if some of them are old suppliers you never use?  How on earth do you monitor them?  Lets dive into this a little.

The grandfather paradox of Quality Management is a common problem.  When grandfathering a supplier its required by the standard to provide evidence (evaluation and selection).  This is a simple process when there are less than 100 suppliers,  and is reasonable to list reasons for the acceptance of the supplier during the initial grandfathering.  When you have a more mature supplier list with over 500 suppliers, the process is made much more difficult because no one person can effectively find evidence for acceptance for the mass number of suppliers, nor effectively write an acceptance letter for each.  But, you can make a blanket statement stating that utilizing the supplier for X number of years prior to ISO 9001 implementation is sufficient (write this into your procedure).  Provided you have good means to monitor and re-evaluate, this will do just fine.

Supplier Approval & Ongoing Monitoring (risk…?)

There is a requirement for the supplier approval (selection) of new suppliers, often best done through a simple questionnaire, though this is not the only method.  Ongoing monitoring of suppliers can be successfully accomplished through a process of identifying nonconformities and evaluating the risk before Management Review.  The problem with this method is it only allows the company to monitor the performance of active suppliers.  Generally speaking only 20% of suppliers are used in a given year, and this 20%generally varies year to year.

Since you’re on ISO 9001 (or similar standard) you must have a process for monitoring nonconformity.  Make sure you utilize this process for your suppliers.  It would be even better if you rank the nonconformity in regards to risk (severity * occurrence).  Then, once a year, re-evaluate your suppliers based on some metric such as Total Orders vs Total Nonconformities (noting how many were high risk).

Aged Suppliers…?

That still doesn’t address this lingering 50% – 80% of your suppliers that never get ordered from.  Maybe they are backup suppliers in case your primary cannot fulfill an order in time, or just cause the last purchasing manager had a relationship with them, who knows.  You monitor them, even if no orders come in.  You monitor them by address “if you used them”.  A common method utilized by Texas Quality Assurance is to turn aged suppliers “inactive” and require a re-approval of the supplier after some period of time, not to exceed 5 years.  After 5 years of inactivity, you simple remove them from the ASL or turn them inactive.  In rder to use them again in the future, they must be treated like a brand new supplier.

In addition it is wise to conduct audits, in person, or remotely of “key” suppliers on an annual basis.  Check out our handy supplier questionnaire here.  This is not a requirement of the standard, but a good practice.  The goal is that over the 5 year period you have audited all of your key or “Quality Critical” suppliers.  These audits may be conducted again in person or remotely by your company or by a 2nd Party auditor.

By utilizing a method similar to the above the company can have assurance that no supplier “slips through the cracks” and has assurances that the suppliers quality and ability to the serve company are controlled.


We value your time and energy, and hope you can find something useful in these posts.  If you have a question, a suggestion for a new post so you can learn more, or just stuck on a problem, click the button below for more information.

      Got a Question?  Need some help?     

Thank You!

Leave a Reply

Your email address will not be published.