Vendor Qualification Pipeline
Evaluate, verify, and approve new vendors before they can do business with your organisation. Collect documentation, perform due diligence, assess risk, and make go/no-go decisions.
On this page
Visual Flow
Rendering diagram…
When to Use This Pattern
Use vendor qualification when:
- Your organisation requires formal approval before engaging new vendors
- Regulatory or policy requirements mandate due diligence (financial checks, insurance, certifications)
- You've experienced problems with unvetted vendors (quality issues, compliance gaps)
- Procurement needs a repeatable, auditable process for vendor evaluation
How It Works
| Phase | Status | Key Activities |
|---|---|---|
| 1. Request | New Request | Business unit submits vendor request with justification |
| 2. Initial Screen | Screening | Procurement checks if vendor already exists, reviews basics |
| 3. Documentation | Collecting | Vendor submits required documents (insurance, certs, financials) |
| 4. Due Diligence | Verifying | Background checks, reference checks, compliance verification |
| 5. Risk Assessment | Assessing | Score the vendor on risk dimensions |
| 6. Approval | Pending | Approval chain based on tier/risk level |
| 7. Setup | Provisioning | Create vendor in ERP/procurement system |
| 8. Ongoing | Active | Periodic renewal and re-evaluation |
Implementation Guide
Step 1: Vendor Request Form
The business unit requesting a new vendor fills out:
| Field | Purpose |
|---|---|
| Vendor name and contact details | Who are they |
| Products/services to be provided | What you're buying |
| Estimated annual spend | Determines approval tier |
| Business justification | Why this vendor (vs existing alternatives) |
| Risk category | IT/data access, physical access, financial services |
| Urgency | Standard (30 days) or urgent (10 days) |
Step 2: Initial Screening
Procurement performs a quick check:
| Check | Source | Auto/Manual |
|---|---|---|
| Vendor already exists in system? | ERP/vendor master | Automated query |
| Basic company information valid? | Company registry lookup | Automated |
| On any sanctions/blocked lists? | OFAC, EU sanctions list | Automated |
| Conflict of interest? | Internal policy check | Manual review |
If the vendor already exists → skip to Step 7 (just add the new category/service).
Step 3: Vendor Documentation Collection
Send a documentation request to the vendor via email with a secure portal link:
| Document | Required For |
|---|---|
| Certificate of incorporation | All vendors |
| Insurance certificate (liability, workers comp) | All vendors |
| Financial statements (last 2 years) | Spend > $50K/year |
| SOC 2 or ISO 27001 report | IT/data vendors |
| References (3 clients) | All vendors |
| W-9 / Tax ID documentation | All vendors |
| Diversity certification (if applicable) | Optional |
Set a deadline (14 days) with automated reminders at 7 days and 12 days.
Step 4: Due Diligence
| Check | Performed By | Method |
|---|---|---|
| Financial stability | Finance | D&B report or financial statement review |
| Insurance adequacy | Legal/Risk | Verify coverage meets minimums |
| Certification validity | Relevant team | Verify with issuing authority |
| Reference checks | Procurement | Call/email 2-3 references |
| Site audit (if applicable) | Quality team | Physical or virtual site visit |
Step 5: Risk Assessment Scorecard
Score the vendor across dimensions:
| Dimension | Weight | Score (1-5) | Weighted |
|---|---|---|---|
| Financial stability | 25% | 4 | 1.00 |
| Quality & capability | 25% | 3 | 0.75 |
| Compliance & certifications | 20% | 5 | 1.00 |
| References & reputation | 15% | 4 | 0.60 |
| Price competitiveness | 15% | 3 | 0.45 |
| Total | 100% | 3.80 |
| Overall Score | Classification | Approval Required |
|---|---|---|
| 4.0 – 5.0 | Low risk — Approved | Procurement manager |
| 3.0 – 3.9 | Medium risk — Approved with conditions | Procurement director |
| 2.0 – 2.9 | High risk — Requires executive approval | VP + Legal |
| < 2.0 | Unacceptable — Rejected | Auto-reject with notification |
Step 6: System Setup
Once approved:
- Create vendor record in ERP/procurement system
- Set up payment terms and banking details
- Create purchase order framework (if applicable)
- Add to approved vendor list
- Notify the requesting business unit
Step 7: Ongoing Monitoring
| Frequency | Activity |
|---|---|
| Annual | Re-verify insurance and certifications |
| Annual | Review financial health |
| Bi-annual | Performance review with business owners |
| Per contract | Renewal assessment |
| Continuous | Monitor sanctions lists |
Tips & Best Practices
Create a vendor self-service portal. Instead of emailing documents back and forth, let vendors upload their documentation directly. This is faster, more secure, and creates better audit trails.
- Tier your due diligence. A $5K/year office supply vendor doesn't need a SOC 2 report. Scale the rigour to the risk.
- Set expectations with the requestor. Vendor qualification takes time (2–4 weeks). Communicate timelines early so business units plan ahead.
- Automate sanctions screening. Integrate with OFAC/sanctions list APIs. This is a cheap, high-value automation.
- Share the approved vendor list. Make it easy for people to search existing approved vendors before requesting new ones. This reduces duplicate vendors.
Related patterns
Employee Onboarding Orchestration
Coordinate the multi-department new-hire onboarding process — from IT provisioning and HR paperwork to manager introductions and training enrollment. Ensure nothing falls through the cracks.
Employee Offboarding & Deprovisioning
Automatically cut access, recover assets, and close loops when an employee or contractor leaves. Cleanup that's boring when it works and catastrophic when it doesn't.
Customer Self-Service Registration
Allow customers to register, provide required documentation, and get verified through an automated workflow. Reduce manual intake work while maintaining KYC and compliance requirements.