Blog

Supplier approval is one of the most important parts of a food safety management system. It influences every downstream program, from allergen control to labeling accuracy to micro verification. Most facilities already have some kind of supplier approval process, but the quality varies widely. Some supplier files are clean and predictable. Others contain expired certificates, outdated specs, and questionnaires that have not been updated for years. GFSI auditors review supplier approval carefully because it shows how well a facility controls materials coming into the plant.

A strong supplier approval checklist helps FSQA teams create a consistent, audit-ready program. It sets clear expectations for suppliers, reduces back-and-forth during onboarding, and makes it easier to evaluate risk. This guide outlines the essential items every FSQA team should require during supplier approval, how to assess each document, and how to avoid common gaps.

1. Why a Supplier Approval Checklist Matters

Supplier approval can become inconsistent when requirements vary by supplier or when documentation decisions are made informally. A checklist solves this problem by giving FSQA a structured baseline that applies to all suppliers based on risk.

A strong checklist helps teams:

• Set clear documentation expectations
• Speed up approval by eliminating guesswork
• Maintain consistency across materials
• Avoid missing or outdated documents
• Improve audit readiness
• Strengthen communication with purchasing and receiving

Most importantly, it standardizes how suppliers are evaluated, which is a core expectation in all GFSI programs.

2. Start With Supplier Risk Categorization

Before building the checklist, FSQA teams should define risk categories. The checklist should match the requirements for that category.

Common categories:

High Risk

Suppliers of raw ingredients, allergens, RTE materials, micro-sensitive materials, and anything that directly impacts CCPs or food safety.

Medium Risk

Suppliers of secondary ingredients, simple dry materials, or food-contact packaging.

Low Risk

Suppliers of non-contact packaging, office supplies, some chemicals, or service vendors.

Each risk category should define:

• Required documentation
• Frequency of document updates
• Verification expectations
• COA requirements
• Annual review criteria

This ensures that FSQA does not demand the same level of documentation from a label printer as from a dairy powder supplier.

3. The Core Supplier Approval Checklist

Below is a complete checklist FSQA teams can use for onboarding suppliers. Requirements may vary depending on risk, but this structure covers everything expected during GFSI audits.

1. Food Safety Certification or Third-Party Audit

This is the first and most important document. FSQA should request:

• GFSI certificate
• Third-party audit report
• Regulatory license if needed
• Documentation justifying exemptions when the supplier is not certified

What FSQA should verify:

• Certificate is valid
• Certificate covers the correct site and scope
• Audit report aligns with the material being purchased
• Any corrective actions from the audit have been addressed if applicable

Common gaps:

• Certificates expired
• Wrong facility listed
• Wrong product category
• No follow-up on major nonconformances

This document provides the foundation for supplier risk evaluation.

1. Completed Supplier Questionnaire

The questionnaire helps FSQA understand the supplier’s programs and operations. A good questionnaire includes:

• Basic company and facility information
• Allergen handling
• Process controls
• Foreign material programs
• Environmental controls
• Regulatory compliance
• Ingredient or material specifics
• Recall and traceability programs
• Contact personnel

What FSQA should verify:

• Questionnaire is complete
• Details align with materials purchased
• Allergen statements match product specs
• No critical sections are skipped

Common gaps:

• Outdated questionnaires
• Missing allergen details
• Incomplete responses
• Conflicts between questionnaire and specs

A complete questionnaire helps FSQA identify risk before approving a supplier.

1. Product Specifications

Every purchased material needs an up-to-date specification. Specs should include:

• Name and description
• Revision number
• Micro or chemical requirements
• Physical characteristics
• Allergen information
• Storage conditions
• Shelf life
• Packaging details
• Any process requirements

What FSQA should verify:

• Spec matches the material the plant will receive
• Revision dates are current
• Allergen declarations match supplier questionnaire
• COA requirements match the spec

Common gaps:

• Specs outdated or not version controlled
• Specs from previous suppliers still in use
• Allergen or ingredient changes not updated internally

Specs serve as the control point for COAs and receiving inspection.

1. Allergen, GMO, or Country-of-Origin Statements

Depending on the material, FSQA may need:

• Allergen declarations
• GMO statements
• Country-of-origin documents
• Halal or Kosher certificates
• Organic certificates

These support regulatory compliance and labeling accuracy.

What FSQA should verify:

• Statements match the product and supplier questionnaire
• Allergens are clearly declared
• Country-of-origin is consistent with labeling requirements

Common gaps:

• Incorrect allergen statements
• Conflicts between documents
• Missing country-of-origin for high-visibility ingredients

These documents support multiple FSMS programs, so accuracy matters.

1. COA Requirements and Testing Expectations

If COAs are required, FSQA should:

• Define which tests must be on the COA
• Confirm that tests match the spec
• Determine whether each lot or periodic testing is required

What FSQA should verify:

• Supplier can produce COAs consistently
• COA format aligns with spec requirements

Common gaps:

• COAs missing important results
• COAs not matched to the correct lot
• COAs reviewed only after materials are used

COAs link supplier documentation to daily operations.

1. Food Safety Plan or HACCP Summary (High-Risk Only)

Not all suppliers need to provide HACCP details, but for high-risk ingredients or RTE items, FSQA may need:

• Hazard analysis
• CCP identification
• Preventive controls
• Validation documentation where applicable

What FSQA should verify:

• Supplier understands hazards associated with the material
• Controls are appropriate for risk level

This is especially important for high-risk ingredients.

1. Supplier Performance History (If Already Used)

If the facility has purchased from the supplier before, include:

• Complaint history
• Previous deviations
• COA failures
• Delivery performance
• Documentation timeliness

What FSQA should verify:

• No recurring issues
• Supplier has responded appropriately in past situations

Past performance helps validate current risk level.

1. Signed Supplier Agreement or Code of Conduct

Many facilities require suppliers to acknowledge expectations around:

• Food safety
• Fraud prevention
• Allergen handling
• Documentation timeliness
• Traceability
• Regulatory compliance

This sets clear expectations for the relationship.

4. Evaluating Supplier Documentation Before Approval

Once all documents are collected, FSQA must review them as a complete package. The evaluation should consider:

• Alignment between documents
• Completeness
• Clarity
• Risk level
• Need for additional information
• Supplier responsiveness

A supplier should not be approved if any required documents are missing or if major conflicts exist between them.

High-risk suppliers should receive deeper review, including:

• Micro or chemical data
• HACCP plan summaries
• Environmental control information
• Additional verification activities

Consistency across documents is a key indicator of supplier control.

5. Cross-Functional Alignment During Supplier Approval

Purchasing, receiving, operations, and FSQA all influence supplier control. Approval should not occur in a vacuum.

Purchasing must ensure only approved suppliers are used.
Receiving must verify COAs and inspect materials.
Operations must understand changes that affect formulation or processes.
FSQA must manage documentation and risk.

A strong supplier approval process prevents cross-department confusion and aligns expectations early.

6. Common Mistakes FSQA Teams Can Avoid

Supplier approval becomes more difficult when:

• Requirements vary across suppliers
• Missing documentation is accepted temporarily
• Expirations are not tracked
• Old specs stay in circulation
• Receiving does not verify COAs
• Purchasing continues to buy from unapproved suppliers

GFSI auditors notice these patterns quickly.

The checklist helps prevent these issues by providing clarity and structure.

7. Keeping the Supplier Approval Checklist Updated

The checklist itself must be reviewed periodically.

Update it when:

• Processes change
• New materials are introduced
• Regulatory requirements shift
• Certification schemes update their expectations
• Risk categories change

An outdated checklist leads to outdated supplier files.

How Certdox Supports Supplier Approval Programs

Certdox stores supplier certificates, questionnaires, specs, allergen statements, and COAs in one place. FSQA teams can track expirations, monitor supplier performance, and maintain predictable approval records without relying on shared drives or email folders. Certdox helps teams follow a consistent supplier approval checklist and stay audit-ready throughout the year.