- Assess and approve suppliers before you rely on them, then re-audit on a risk-based cadence.
- Score against consistent criteria - certifications, process control, traceability, and corrective-action history - so decisions are defensible.
- Keep the audit, the score, and any follow-up actions together as a record you can produce on demand.
Your compliance is only as strong as your weakest supplier. ISO 9001 clause 8.4 makes you responsible for the external providers whose work affects your product or service, and most quality and security frameworks say the same. Here is how to audit them properly.
Why supplier audits matter
If a supplier ships you a defective component or mishandles your data, the finding lands on you. ISO 9001 clause 8.4 (control of externally provided processes, products, and services) requires you to evaluate, select, monitor, and re-evaluate suppliers based on their ability to meet your requirements - and to keep records of it.
Start at onboarding
The cheapest time to catch a risky supplier is before you sign. A short onboarding review - company details, certifications, security posture, and a risk tier - decides how closely you need to watch them. The free vendor onboarding and risk review template gives you that structure.
What to assess in a supplier audit
1. Certifications and compliance relevant to what they supply are current.
2. Quality and process controls are real and followed.
3. Records and traceability are adequate to investigate a problem.
4. Corrective-action history shows past issues were resolved.
5. Sub-tier suppliers are managed, not invisible.
The free supplier audit checklist walks through each of these.
Score and set a re-audit cadence
Score every supplier against the same criteria so you can compare them and justify your decisions. Tie the re-audit interval to the score and the risk tier: a critical, lower-scoring supplier gets audited more often than a low-risk, high-scoring one.
"We checked them, they were fine" is not an answer an auditor accepts. Without a dated, scored record of the assessment and any actions, an approved supplier is just an assumption. Keep the evidence.
Turn the supplier audit checklist into a live audit in RakuOps - scored, with evidence attached and follow-up actions tracked to closure - and keep every supplier's history in one record.
Where RakuOps fits
RakuOps is a compliance and audit management platform for checklists, audits, corrective actions, and a full audit trail. For supplier management, it runs onboarding reviews and supplier audits as assigned, scored checklists, keeps each supplier's history together, and turns findings into tracked corrective actions - so your control of external providers is provable, not anecdotal.