What criteria can you use to risk assess your suppliers?

Enforcement of new legislation such as the Food Safety Modernization Act (FSMA), and new requirements from GFSI standards such as BRC, has placed increased pressure on food companies to fully know their supply chain.

This means that supply chain risk management has become an area of increased attention for food companies in recent years.

Other factors such as recent food fraud incidents, the most notable arguably being the horse meat scandal in 2013, are increasing the need for a secure, safe and an authentic food supply chain.

Sourcing of food and ingredients from across the globe is a growing trend as businesses are no longer limited to the first-tier supplier, manufacturer or distributor.

The result of this is that the food industry’s supply chain continues to evolve and grow in complexity.

This might mean that it is likely that one or more ingredients in a given product could be sourced from non-domestic entities.

The consequence of this is that the number of agents or brokers found in the supply chain has increased and need to be accounted for.

This means that the potential of risk in the supply chain has increased, and that, in order to be most effective, a business needs to be more vigilant in how it risk assesses its suppliers.

The current status of your supply chain

The burden of requiring businesses to conduct risk assessments for all suppliers and materials has increased over the years.

A lack of an understanding of potential risks may lead to food safety and quality failures, and potentially result in damage to all companies exposed to the risk, both in terms of customer confidence and monetary value.

Therefore, it is wise that businesses risk assess suppliers before they receive materials, so as to mitigate against the likelihood of being affected by an unsatisfactory product.

Think of suppliers as being an extension to your company

When doing so, it’s important to think of suppliers as being an extension to your company, as if there is a risk in your finished product, your customer may not distinguish between where the fault originated and who was responsible.

Options for Supplier Risk Assessment 

When assessing suppliers, the 2-Dimensional matrix of Probability by Severity fails as it does not cover the multiple criteria that impact on the risk of a supplier and its products in the supply chain.

This type of risk model has a high degree of uncertainty and limits, whereas a criteria-based model can be considered a more robust approach with lower levels of uncertainty while allowing for multiple risk criteria.

When defining the criteria for supplier risk assessment, one should think about the type of supplier they have.

When defining the criteria for supplier risk assessment, one should think about the type of supplier they have

For example, you may need to have different criteria for an ingredient supplier compared to a packaging supplier.

As the considerations for each vary, below is an example of some of the key aspects one should keep in mind when considering their risk assessment strategy.

GFSI/Other Certification:

A good starting place when determining your risk assessment is to consider if the supplier has achieved a 3rd party certification standard such as GFSI, which is now becoming a common requirement when doing business throughout the supply chain.

Generally, this is a common criterion which can be used when risk assessing your supplier that may save time and resources.

Knowing that your supplier is working to the requirements of a standard can be reassuring as it should indicate that they will be supplying acceptable materials while protecting public health, and if not, well, the risk associated with conducting business with that supplier will need to be considered.

Supplier or facility from a country with a high-risk rating:

If a supplier is from a high risk rated country, the likelihood of fraud could increase.

Of course, to give an answer to each criterion you need evidence and be able to provide a justification for your answer.

To help in determining this answer, you could endeavor to use fully objective data where possible.

In these instances, referring to the Worldwide Governance Indicators to see what countries present a higher risk may be beneficial, especially when knowledge of the area within the organization is lacking or altogether absent.

History of Food Fraud:

If a supplier has had a history of food fraud it may be likely to happen again.

Therefore, integrating the history of food fraud implication into your risk assessment model for suppliers may also be a pragmatic step to consider.

Annual volume of purchased materials:

The greater the volume of materials to be supplied, the greater the exposure to an organization could be, should an issue arise.

As dependency increases, whether it be for a scarce, proprietary or key product or material, or simply due to the ease of relationship between the organization and supplier after a history of uneventful supply, this should be borne in mind to mitigate against the risk in the event of an issue occurring.

Additional allergens present in the facility:

It can also be prudent to consider whether your supplier has additional allergens handled in their facility compared to yours.

If they have peanuts, for instance, and you do not have this as an allergen in your site, then there could be a risk of this allergen arriving in the material they will send you and you distribute to your customers.

Food Defense Plan:

Considering whether or not the supplier holds an efficient food defense plan may also be wise.

If a supplier has procedures in place to prevent intentional contamination and has protocols in place to quickly identify and control threats or acts of intentional contamination, this will lower the risk of the supplier.

Recall/Alerts in the last 24 months:

Measuring the number of recalls, alerts, notifications, withdrawals and/or sanctions over a recent period may indicate the level of risk with a particular supplier.

Recall of products can have significant effects on other parts of the supply chain and so risk can be spread through the supply chain.


Consider if the supplier issues certificates of analysis for each delivery of materials.

If they do not, then this can add to the supplier’s risk.

Factors to considering different criteria:

As mentioned earlier, an organization may have different criteria depending on the supplier type.

A criterion specific for a meat supplier would be integration, i.e., is the facility fully integrated or is the slaughterhouse/cold store external?

If a facility is not fully integrated, the entities among the supply chain increase and so too will the risk of the supplier as more control is needed to ensure the integrity of the product.

Another supplier specific criteria (again for the example of a meat supplier) would be species.

A multi-species supplier site with shared production lines would carry a higher risk than a designated line per species or a single species site.

For a supplier of packaging, you also need to create your own criteria for risk assessing them.

For example, is the supplier a primary or secondary packaging supplier.

Of course, if they are a primary packaging supplier the risk to your material, if there is an issue, is much higher as it will be in food contact.

For a packaging supplier, you may also have a criterion called foreign body control program.

If your supplier doesn’t have a programme in place, then this will add to their risk as a supplier.

For the list of criteria above some may be considered more important and hold more weight than others.

For example, if a supplier doesn’t have a GFSI cert, and if a supplier doesn’t provide Certs Of Analysis, you might decide to consider the fact that the supplier doesn’t have a GFSI cert as much more important than them not providing Certs Of Analysis.

In this instance, you could, therefore, assign risk values to criteria and weight them.

Once you risk assess your supplier, you may need to put controls in place to mitigate the risk the supplier poses.

High-risk suppliers may require more information and diligence for approval or even an onsite audit.

Once your supplier has been risk assessed and approved, then you can turn your attention to risk assess the materials they will provide you.

Again, using a criteria-based risk assessment model, you can risk assess your materials.

For example, does the material have a history of substitution or adulteration?

For this particular criteria, you could refer to objective data from sources such as HorizonScan.

Other criteria for material risk assessment might include, the country of origin of the material, is there a vulnerability assessment for the material and are there hazards in the delivered material expected that need controls.

The importance of continuous assessment

The bottom line is that a company’s reputation may be tarnished if there is an issue that necessitates a product recall.

Ensuring suppliers are risk assessed regularly will significantly reduce the risk of you inadvertently approving a supplier which could cost you in the long term.

Think of it this way, your supplier’s risk is also your risk.

Your supplier’s risk is also your risk

With this acknowledged, it seems the shift towards multi-criteria-based assessments over a simple matrix will continue and the number of risk assessments on a given supply chain will continue to increase as well.
Moving forward, it would be prudent for an organization to streamline their supplier assessment workflows starting with data collection, risk assessment, risk mitigation, and reporting.

It would also be worth considering using supply chain maps and dashboards wherever possible to enhance reporting in regard to suppliers.

Lastly, it is good practice to keep all supplier data in one database to ensure that there is one version of the truth.

Keep all supplier data in one database to ensure there is one version of the truth

Software such as Safefood 360° allows you to assess your suppliers and keep all records in one quick-to-access location.

You can create linkages between suppliers and the materials they provide you and of course use criteria-based risk assessment models to risk assess your suppliers.

This will allow you to access supplier information with just one click, and will also allow for greater visibility and traceability, which is becoming such an important factor in the food industry due to regulations.

Ultimately, what is most important is that whatever system you prescribe to, allows your organization to act with confidence in the market and put forward the most secure and safe product possible for your customer.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *