How to Choose the Right Suppliers
It’s important to know your right suppliers before you do business with them. Not only do you want to be sure they can provide the products or services you need, but you have to be confident you can trust them with your sensitive data.
Successfully vetting your suppliers is a critical part of procurement, especially in today’s competitive business environment. With a well-defined vetting process in place, you can be confident you’ll find the right supplier for your needs while making sure your data is secure to minimize risk.
Use this handy guide to evaluate potential suppliers and spot any red flags:
Identify your supplier criteria
What specific conditions do you want your right suppliers to meet? Remember, not all suppliers will satisfy every standard. That’s why it’s important to identify what’s most essential to your business. One of the most important questions to ask is whether their service or product does what you need it to do.
Want your products to be top-notch? Consider a supplier that may have a slower delivery rate but can provide this level of quality. Also set deal breakers, such as poor ratings or overpriced services. By creating these types of supplier criteria your business will be able to better manage risks in your supply chain.
What risks are you concerned about?
To mitigate risk, we recommend that you put privacy and confidentiality controls in place to adequately handle the additional risk that your suppliers bring. For example, SOC 1 and 2 audits are one way to test and validate your supplier’s controls. Although completing these certifications doesn’t guarantee security, it helps to confirm that your supplier has effective controls in place.
Something else to consider is whether the supplier has sufficient insurance. Most suppliers have a policy to cover any damages or losses they may cause, like property damage or compromised data. When you’re evaluating a supplier, be sure to check whether they have a policy and ensure the coverage is sufficient to cover any damages. If a supplier has no coverage or has insufficient coverage, it may be in your best interest to choose a different supplier.
Furthermore, we recommend that you evaluate their physical security policies to ensure that they account for building security for on-site projects as well as shredding and disposal procedures. Their policy should also include backup plans and redundancies in case of a breach of security. When evaluating the physical security of a supplier, take note of the location and number of data centers. Storing data in multiple data centers offers greater protection in case of outages or natural disasters.
Measure suppliers based on criteria
Once you’ve identified your most likely candidates, rank them based on the criteria you’ve created. Consider using the 10c model of supplier evaluation, which you can apply to rank your suppliers on a scale from one to five for each of the 10 categories shown in the image below.

Compare prices
The final step in your vetting process is to gather quotes from potential suppliers. Send a document to suppliers that lists what you need and how much, along with an estimated timeline. Suppliers can then send you quotes with pricing based on your requirements.
Once you have the quotes from various candidates, you can compare them based on your established criteria, pricing, order specs, and even reviews. Remember, the supplier with the lowest price isn’t always the best choice. Select the quote that offers the best value.
Continually monitor your suppliers
Supplier vetting is a continuous process. That’s why your company’s risk and control measures should be evaluated annually. By consistently assessing and making improvements to these measures you can avoid disruption and mitigate risk before your business operations are jeopardized.
Develop valuable partnerships
Effective supplier vetting will allow your business to develop valuable partnerships that enhance your efficiency, ensure seamless supply chain management, and offer positive customer experiences. Plus, with a proper due diligence process in place, you’ll have the information you need to make informed decisions and guarantee compliance with regulations.
Automate your Supplier Vetting
Vetting suppliers can become an arduous process. Graphite exists to simplify the supplier vetting and onboarding process, making your life easier. Sign up for a demo to learn more about how Graphite Connect can ease the hassle of evaluating each supplier.