Step-by-step guide for managing suppliers

Posted by Marc Gardner on Fri, Feb 24, 2017

Supplier management is undergoing a major transformation. The days of simply managing spend and negotiating the best deal are long gone: it's no longer sufficient or easy to use such outdated practices.



ISO 9001:2015 – new requirements for managing suppliers

The new ISO 9001:2015 requirements reflect the more complex supplier management requirements. Not only are there now more rigorous requirements to monitor suppliers on an ongoing basis, but the processes also need to be audited. 

Read here for more information about the new ISO 9001:2015 requirements for Clause 8.4. 

Below, we explain a step-by-step best-practice approach to managing suppliers. 

While there is no prescribed method of managing your suppliers, a simple and pragmatic approach consists of six key steps. (Note: You do not need to do this for every supplier, just those who would influence how your products or services are provided.)  Supplier assessments in electronic quality management system.png

Step-by-step approach 

1) Supply marketing

The first step is to define the requirements of the process, product and service you need.

This may include: 

  • Scope 
  • Regulations 
  • Risk appetite 
  • Standards
  • Supplier competencies
  • Explanation of the verification and validation processes. 

You must then inform potential suppliers of your requirements.

Keep a record!

To comply with ISO 9001:2015, you must keep a record of your supplier requirements. With EQMS Document Manager, you can be confident that correct and controlled supplier documentation is shared with your stakeholders, keeping a record at every stage.



2) Supplier selection

Once you have a specification which has been verified and approved, you should carry out a supplier risk analysis. 

In this risk analysis, you will want to:

  •   Identify any risks associated with the product or service itself, such as:
    • Credit
    • Health and safety
    • Supply chain 
    • Slavery
    • Sustainability
    • Quality 
    • Operational 
    • Currency fluctuations
    • Substitutes 
    • Compliance 
    • Health and safety 
    • Product / technical
  •   Identify any risks associated with producing or delivering the product or service
  •   Quantify these risks using a consistent methodology
  •   Identify the controls needed to mitigate unacceptable risks.

This analysis will provide details of your supplier evaluations and the controls you need to impose on your suppliers. In particular, you should consider risks associated with single sourcing. 

Keep a record! 

Using EQMS Risk Manager, you can carry out a thorough risk assessment to ensure you mitigate and address any risks, making it much easier to manage a supplier risk assessment. You can employ any risk framework, including ISO 31000, COSO, SOX, Basel, AS/NZS 4360 to identify, quantify and prioritise risk.



3) Supplier onboarding 

After identifying risks, you can move on to supplier onboarding. The purpose here is to identify potential suppliers who are capable of meeting your requirements. 

Start with a standard supplier checklist, to promote consistency and ensure the information can be easily reused. However, you should analyse the findings of your evaluation according to the risks you identified earlier. 

When onboarding a supplier, you will want to record evidence of your requirements (ITT, RFQ), the response confirming that the supplier will commit to those requirements, and a contract of agreement. 

The contract of agreement may include:

  • Specifications
  • Volumes
  • Lead times
  • Payment 
  • Processes
  • Traceability records 
  • Constraints to supply
  • Reassessment details. 

Keep a record! 

iEQMS Auditor makes it easy to capture checklists of information from your supplier audits. Attach any type of multimedia evidence to demonstrate compliance. 


4) Supplier development 

When the contract begins, you will need to monitor your supplier's performance, nurture the relationship, and manage any issues. Some processes for managing issues will have measurable costs, so if you cannot quantify these costs and provide evidence of how they were incurred, you may have difficulty recovering them.

Once you know what you need to monitor your supplier, consider how to do that monitoring in a way that captures critical information, tells interested parties how to act on that information, and allows progress to be tracked easily, all in real time. Paper, electronic paper, and spreadsheets only tend to work for small organisations where one person is responsible for managing the process from beginning to end.

Keep a record! 

EQMS Supplier Manager allows you to view an entire record of the history of your supplier. 

5) Supplier assessment

How often and when to re-evaluate your supplier is a decision your organisation should consider as part of its strategy. Some issues may arise which prove very costly, leading to more frequent assessments. 

A best-practice approach would be to monitor any corrective and preventive action (CAPA) associated with the supplier. Even seemingly minor issues could add up significantly over the years if they repeatedly occur. When looking at these issues, it is important to find out why they occurred, so you might want to ask questions such as: 

  • Why did the process fail? 
  • How could we optimise the process to prevent it from happening with this supplier and others?
  • How do we communicate the failure to the people who need to know about it? 

On the other hand, if a supplier has no issues associated with them, you may want to ask questions about how you can strengthen the relationship – for example, are there any additional services or products they could offer your organisation? 

Keep a record! 

EQMS CAPA Manager allows you to access a log of all issues relating to a supplier. Using the workflows, you can see the results of such issues and whether they have been successfully managed.

What you should do now

Download our webinar to find out how EQMS can help you to manage your suppliers, develop your relationships with them, and ensure your processes meet international standards such as ISO 9001:2015.


Watch "ISO 9001:2015 Clause 8.4 External Provisions" Webinar

supplier webinar.png



Tags: Supplier management

3 reasons to audit your suppliers (Hint: It saves you more than cash!)

Posted by Annie Grace on Fri, Feb 03, 2017

Many organisations handle so many suppliers that conducting regular audits seems inconceivable. You might carry out a suitability check when onboarding a new supplier, but after that how do you know you can continue to trust your suppliers?

Why is supplier quality critical?

When a supplier fails you, you pay the cost. It's not just about money, either: your reputation can hang in the balance, and if you handle an incident poorly you even risk losing your talented staff. They might choose to go elsewhere; you might suffer such a financial loss that you're forced to make job cuts; or your staff might have to take the fall for what was actually the fault of your supplier.

Disruption to your supply chain is similarly costly. Not only do you have to manage production downtime, you'll also need to assure your customers and re-jig other production schedules to continue maximising profit for your facility.

In fact, one in three businesses last year experienced cumulative losses via supplier failures to the tune of a cool €1m. That study doesn't take into account the long-term impact on reputation or the ability to retain talent, either.

If that's not enough for you to think about regularly auditing your suppliers, here are three more reasons to consider:

#1 – It will save you money

The first and most obvious benefit of regularly auditing your suppliers is that it significantly mitigates risk. You can:

  • track how your suppliers are performing against service level agreements
  • identify repeated problems, and
  • highlight potential future issues before they happen, and create contingency plans

No more €1m annual losses from supplier failures!

#2 – You'll ensure suppliers are complying to your standards

If you don't regularly audit your suppliers, how do you know you're on the same page? You have high standards to comply to, but are they meeting the same? How do you know they practise what they promise?

Standards are changing and adapting all the time, so it’s essential that you regularly audit your suppliers in line with the relevant changes. For example, upcoming changes to ISO 80000 reveal the differences in measurements between suppliers. If your supplier prices by the kilogramme, for example, how do you know you are getting a fair price – is it the kilogramme measurement YOU use, or another version?

Back in 1999 there was a worldwide omnishambles when NASA lost the Mars Climate Orbit satellite. It burned up, all $125m of it. All because the international teams had used two different measurements: the English had used imperial measurements, and the US team metric. Interpreting measurements incorrectly led to the loss of an extremely expensive piece of kit.

#3 – You’ll ensure continuous quality improvement

Without ongoing audits of your suppliers, it's difficult to know whether you're receiving consistent products, on time, to the right standard, without defects. That makes your own commitment to continuous quality improvement nigh on impossible. You need a full and comprehensive overview of your suppliers' performance in order to set in place best-practice touch points for continued quality improvement.

By regularly auditing your suppliers, you're also strengthening your relationship with them. If you let your suppliers "just get on with it" then you're missing out on opportunities for further partnerships, better prices, and opportunities to share knowledge.  

Integrated supplier managementRegular audits of your suppliers are possible and even easy with software tools such as EQMS Audit and Inspection Manager. Audits can be conducted on site without needing wireless internet access, so your auditors can visit sites and complete their audits without having to return to complete paperwork.


What you should do now

Download our ISO 9001:2015 Supplier Management Toolkit.

Supplier management


Tags: Audit Management Software, Supplier management

ISO 9001:2015 – Control of externally provided processes, products and services (clause 8.4)

Posted by Emily Hill on Thu, Feb 02, 2017


In the new ISO 9001:2015 standard, there are more rigorous requirements for managing suppliers. 

The following forms part one of three instalments of our ‘ISO 9001:2015 and Supplier Management’ series which focuses on the major changes of the standard.

Today will focus on explaining the key changes introduced in ISO 9001:2015, Clause 8.4. Control of externally provided processes, products and services.


Why is it so important to manage suppliers? 

Supply chain networks are expanding and evolving at an unprecedented pace. At the same time, companies face enormous pressures to improve supply chain efficiency, reduce costs and mitigate risks involved in supplier compliance.

Poor supplier quality results in reputational damage, not to mention huge costs to your business. A supplier delay could push back your product deadlines and cause significant costs on a per day basis. Last year, one in three businesses felt the blow, experiencing cumulative losses over one million euros due to supplier failures.

Read more here


Clause 8.4  Key changes 

clause 8.4 supplier management explained.png

Clause 8.4 of the standard focuses our attention on our responsibility to control externally provided processes, products and services.

There are three main changes: 

1. Who are your suppliers?  

You will notice that there has been some small terminology changes in the new ISO 9001:2015 standard. “Purchasing” and “Outsourcing” are now called "externally provided processes, products and services”. While this doesn't mean you need to update your terminology, ISO 9001:2015 has now made it more explicit who a supplier is.

A  supplier is anyone who is a provider external to the scope of the quality management system.

who are my suppliers.png

ISO 9001:2015 requires the organisation to address all form of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organisation, or by any other means. 

It is also worth noting that an external provider is a provider external to the scope of the quality management system. This means that if a quality management scope covers a single site in a wider group structure, then anything sourced from other members of the group would be classed as externally provided and subject to the requirements.


2. Record the results of supplier activities 

In ISO 9001:2008 sub-clause 7.4.1, it was required to keep records of the criteria for selection, evaluation and re-evaluation of the suppliers.

In ISO 9001:2015, there is now an explicit requirement to ensure monitoring and measurement activities are undertaken at appropriate points.

The organisation is required to record not only the criteria, but also the results of these activities, including performance and monitoring. This has many implications for you if you haven’t previously maintained records of the results of supplier performance activities.




3. Verification activities 

In ISO 9001:2008, the organisation needed to ensure the purchased product met specified purchase requirements. In ISO 9001:2015, the verification needs to ensure "the externally provided processes, products and services meet requirements." 

If organisations were previously only verifying external provisions against the initial purchase requirements, rather than the ability of the provision to help the organisation to achieve their overall objectives, the organisation will need to update their processes and management system accordingly. Using EQMS Supplier Manager will help you systematically manage supplier records and performance. More about EQMS Supplier Manager here. 



Download Supplier Management Webinar for a step-by-step guide to managing and controlling your external provisions. 


New Call-to-action


Want a face-to-face, step-by-step breakdown of ISO 9001:2015's key requirements?

Looking to build a plan for a smooth, informed transition to ISO 9001:2015?

Join Qualsys's ISO 9001:2015 transition workshop on 26 April 2018.

Sign up for the ISO 9001:2015 workshop


Tags: ISO 9001:2015, Supplier management