Food Supplier Approval Checklist: What to Review Before You Approve a Supplier

Approving a food supplier is not just a procurement step. It is a food safety, quality, compliance, and operational risk decision.

A weak supplier approval process creates predictable problems: missing documents, outdated specifications, inconsistent reviews, audit findings, and raw materials entering the business without a clear record of who approved them and why.

That is why every food business should have a clear food supplier approval checklist.

This guide breaks down what a practical checklist should include, how to use it, and what extra checks may be needed under schemes such as FSVP, BRCGS, SQF, and FSSC 22000.

What is a food supplier approval checklist?

A food supplier approval checklist is a structured list of the documents, controls, reviews, and decisions your team uses to determine whether a supplier is acceptable to use.

It helps answer basic but critical questions:

• Who is the supplier?
• What are they supplying?
• What food safety and quality controls do they have in place?
• What evidence have they provided?
• What level of risk do they represent?
• Have they been approved, conditionally approved, or rejected?
• What needs to be monitored after approval?

A good checklist does two jobs:

1. It supports the initial approval decision.
2. It creates a repeatable process for ongoing monitoring and reapproval.

If your checklist only covers onboarding and not ongoing review, it is incomplete.

Why food businesses need a formal supplier approval process

Food businesses are expected to control supplier risk, not just react to supplier failures after the fact.

Without a formal process, teams usually end up with the same pattern:

• supplier documents scattered across inboxes and shared drives,
• approvals managed in spreadsheets,
• unclear ownership over reviews,
• expired certificates going unnoticed,
• outdated specifications still being used,
• no easy audit trail showing who reviewed what.

That may work when you have a handful of suppliers. It breaks down quickly as the supplier base grows, product complexity increases, or audit expectations tighten.

A formal checklist gives you:

• a consistent review standard,
• better control over supplier risk,
• cleaner audit evidence,
• clearer approval decisions,
• less dependency on tribal knowledge.

Who should use this checklist?

This checklist is useful for:

• food manufacturers,
• importers,
• co packers,
• private label businesses,
• distributors with supplier quality obligations,
• QA, technical, procurement, and compliance teams.

In many businesses, supplier approval sits awkwardly between QA and procurement. That is exactly why a checklist matters. It creates a shared standard.

Food supplier approval checklist

Below is a practical checklist you can adapt to your business.

1. Supplier identification and scope

Start with the basics. You cannot approve a supplier properly if your records do not clearly define who they are and what they are approved to supply.

Checklist:

• Legal company name
• Trading name, if different
• Registered address
• Manufacturing site address or sites
• Main contact details
• Emergency or out of hours contact details
• Products, ingredients, packaging, or services supplied
• Countries of origin
• Manufacturing country and ship from country
• Intended use of supplied materials
• Whether the supplier is a manufacturer, broker, trader, distributor, or co manufacturer

Why this matters: Approval should apply to a defined scope. Approving "ABC Foods" is too vague. Approving "ABC Foods for dried herbs produced at Site X for products A, B, and C" is much stronger.

2. Product and material risk assessment

Not every supplier should go through the same level of scrutiny.

A low risk dry packaging supplier is not the same as a high risk ready to eat ingredient supplier. Your checklist should force a risk based decision.

Checklist:

• Type of material supplied
• Whether the material is ready to eat, allergenic, raw, or high risk
• Known microbiological, chemical, physical, or allergen hazards
• Whether the ingredient is vulnerable to fraud or substitution
• Country risk considerations
• Supply chain complexity
• Whether the supplier uses subcontractors or third party manufacturers
• Whether the material is used in products for vulnerable populations
• Whether additional controls are needed due to customer or regulatory requirements

Why this matters: A supplier approval process that treats every supplier the same is usually either inefficient or too weak.

3. Supplier questionnaire and self assessment

A supplier questionnaire is often the first structured evidence you collect.

It should not be a box ticking exercise. It should help you understand whether the supplier has appropriate systems, whether their answers are complete, and whether anything requires follow up.

Checklist:

• Completed supplier questionnaire received
• Questionnaire reviewed by QA or technical team
• Scope of operations clearly described
• HACCP or food safety plan confirmed
• Allergen management controls described
• Traceability and recall procedures confirmed
• Cleaning and sanitation controls described
• Pest control arrangements described
• Staff hygiene and training controls described
• Complaint handling and corrective action process described
• Change control process described
• Use of subcontractors disclosed
• Food fraud and food defense controls described, where relevant

Why this matters: A questionnaire is often where early red flags appear: vague answers, missing sections, contradictions, or evidence that has been copied from another business.

4. Food safety and quality certifications

Certification does not remove the need for review, but it is often a major input into supplier approval.

Checklist:

• Relevant certificate provided
• Certificate is current and in date
• Scope of certificate matches the supplied product or activity
• Certification body identified
• Site covered by the certificate matches the actual manufacturing site
• Audit grade or outcome reviewed
• Latest audit report or summary reviewed, where available
• Nonconformances reviewed, where relevant

Examples of documents often requested:

• BRCGS certificate
• SQF certificate
• FSSC 22000 certificate
• ISO based certifications where relevant
• Third party audit reports
• Organic, halal, kosher, or other scheme specific certifications if required

Why this matters: Many teams collect certificates but never check whether the scope, site, and dates actually line up with the product being sourced.

5. Product specifications and technical documents

This is one of the most commonly neglected areas.

A supplier may look acceptable on paper, but if the product specification is incomplete, outdated, or poorly controlled, you still have a serious risk.

Checklist:

• Product specification received
• Specification reviewed and approved
• Version number and approval date recorded
• Ingredient composition confirmed
• Allergen status confirmed
• Microbiological criteria defined
• Chemical limits defined, where relevant
• Physical criteria defined
• Packaging specification reviewed, where relevant
• Labelling requirements confirmed
• Storage and transport requirements confirmed
• Shelf life confirmed
• Country of origin confirmed
• GMO or identity preserved status confirmed, where relevant
• Customer specific requirements built into the specification, where relevant

Why this matters: Supplier approval is not just about approving the company. It is also about approving the material.

6. Supporting compliance documents

Your checklist should define which documents are required and which are conditional based on product risk.

Checklist:

• Certificate of Analysis examples reviewed
• Letter of Guarantee or Certificate of Conformance provided, where required
• Insurance certificate reviewed
• Business license or registration reviewed, where relevant
• Vulnerability assessment or food fraud controls reviewed, where relevant
• Migration, packaging, or contact material compliance documents reviewed, where relevant
• Animal welfare or ethical sourcing evidence reviewed, where relevant
• Import or export compliance documents reviewed, where relevant
• Social compliance documents reviewed, if part of your program

Why this matters: One of the easiest ways for supplier approval systems to become bloated is requesting every document from every supplier. Your checklist should be structured, but still risk based.

7. Verification activities

Documents alone are not always enough.

Depending on the risk, your business may need additional verification before granting full approval.

Checklist:

• Site audit completed or scheduled
• Desktop audit completed
• Sample evaluation completed
• Trial batch or production run completed
• Supplier performance history reviewed
• Customer complaint history reviewed, where available
• Regulatory history or recalls reviewed, where relevant
• Approved based on third party certification only, where justified
• Additional verification activities defined for higher risk suppliers

Why this matters: The higher the risk, the harder it is to justify approval based purely on a questionnaire and a certificate.

8. Approval decision and status

Too many businesses do the review work but fail to document the decision clearly.

Your checklist should end with a formal status and rationale.

Checklist:

• Supplier status assigned
• Status clearly defined as approved, conditionally approved, pending, or rejected
• Scope of approval recorded
• Conditions or restrictions recorded
• Reviewer name recorded
• Review date recorded
• Approval date recorded
• Next review date recorded
• Outstanding actions recorded
• Decision rationale recorded

Why this matters: A vague verbal decision is not an approval process. If an auditor or customer asks why a supplier was approved, you should be able to show the answer immediately.

9. Ongoing monitoring and reapproval

This is where many approval programs fail.

A supplier approval checklist should not stop once the supplier is onboarded. Documents expire, sites change, specifications get revised, and performance deteriorates.

Checklist:

• Certificate expiry dates tracked
• Insurance expiry dates tracked
• Specification review dates tracked
• Periodic supplier review scheduled
• Complaint trends monitored
• Delivery and service performance monitored
• Nonconformance trends monitored
• Supplier changes reviewed
• Site changes or ownership changes reviewed
• Reapproval triggered after major incidents, audit findings, recalls, or specification changes
• Supplier removed or downgraded if requirements are no longer met

Why this matters: Initial approval is only half the job. A supplier that was compliant 12 months ago may not be compliant today.

A simple example of approval status definitions

To make the checklist usable, define your statuses.

Approved

The supplier has met all required criteria for the defined scope.

Conditionally approved

The supplier may be used with restrictions while specific gaps are closed.

Pending

The review is incomplete and no final approval decision has been made.

Rejected

The supplier does not meet the required standard or has unacceptable unresolved risk.

This sounds basic, but many teams skip it and end up with inconsistent decisions across reviewers.

Common mistakes in supplier approval

A lot of supplier approval systems look solid until you inspect how they work in practice.

Here are the most common mistakes:

1. Approving the supplier, but not the supplied material

You need both supplier level and material level control.

2. Collecting documents without reviewing them properly

A certificate in a folder is not the same as a reviewed and accepted document.

3. Treating approval as a one time event

Expiry dates, spec updates, and supplier changes need active monitoring.

4. Having no clear owner

If procurement thinks QA owns it and QA thinks procurement owns it, the process will drift.

5. Storing everything in disconnected systems

This creates version confusion, weak visibility, and poor audit traceability.

6. Not documenting the rationale for approval

If you cannot explain why the supplier was approved, the process is fragile.

How the checklist changes under common food safety schemes

The core structure of a food supplier approval checklist stays similar across businesses, but some requirements change depending on the regulation or certification scheme you work under.

FSVP considerations for U.S. food importers

If you import food into the United States, your checklist may need to go beyond general supplier approval and reflect Foreign Supplier Verification Program obligations.

That usually means your checklist should explicitly cover:

• hazard analysis,
• evaluation of supplier and food risk,
• approval of foreign suppliers,
• verification activities,
• review of supplier records,
• corrective actions,
• periodic reassessment.

If your team needs a deeper breakdown, see our guide to the Foreign Supplier Verification Program checklist.

BRCGS considerations

If you work to BRCGS requirements, your checklist should be strong on:

• supplier approval and performance monitoring,
• raw material risk,
• ongoing review,
• documented approval criteria,
• controlled specifications,
• evidence that only approved suppliers are being used.

BRCGS aligned programs usually expect the approval process to be documented, repeatable, and linked to raw material and packaging control.

SQF considerations

If you work under SQF, your checklist should clearly show that supplier approval is risk based.

That often means stronger emphasis on:

• documented risk assessment,
• approval criteria,
• incoming material controls,
• specification compliance,
• evidence of review,
• ongoing monitoring of supplier performance.

A generic vendor onboarding checklist is not enough.

If you want a more SQF-specific working template, see our SQF Edition 10 Supplier-Document Gap Checklist.

FSSC 22000 considerations

If you work under FSSC 22000, the key is to connect supplier approval to the broader management system.

That means your checklist should support:

• control of purchased materials and services,
• documented records,
• evidence that the supplier program is operating effectively,
• clear links between risk, supplier controls, and material approval.

How to make a food supplier approval checklist actually usable

A checklist only helps if the process around it works.

In many businesses, the problem is not that the checklist is missing. It is that the checklist lives in one file, supporting documents live somewhere else, specs are stored in another folder, and approval status is tracked in a spreadsheet that only one person understands.

That is a weak operating model.

To make your checklist usable, you need:

• one place to store supplier records,
• one place to store the linked documents and specs,
• visibility into what is current, missing, expiring, or overdue,
• a review workflow with owners and status,
• an audit trail showing what was reviewed and approved.

That is the difference between having a checklist and having a supplier approval system.

Final thoughts

A strong food supplier approval checklist should do more than collect paperwork.

It should help your team make a defensible approval decision, apply the right level of scrutiny based on risk, control supporting documents and specifications, and maintain ongoing oversight after the supplier is onboarded.

If your current process depends on scattered files, inboxes, and spreadsheets, the checklist itself is only part of the fix.

At Evidash, we help food businesses turn supplier approval from a fragmented manual process into a controlled workflow. Teams use Evidash to keep supplier records, compliance documents, and specifications in one place, track expiries and review status, and maintain a clearer audit trail across supplier approval and ongoing monitoring.

If you are building or tightening your supplier approval process, take a look at Evidash’s supplier management software to see how it can support a more robust system.

Food supplier approval checklist template

Use this condensed version as a starting point.

Supplier details

• Legal name
• Site address
• Contact details
• Scope of supply
• Country of origin
• Supplier type

Risk assessment

• Product risk level
• Hazard profile
• Allergen risk
• Fraud vulnerability
• Country risk
• Supply chain complexity

Questionnaire and system review

• Supplier questionnaire completed
• HACCP or food safety controls reviewed
• Traceability confirmed
• Recall process confirmed
• Hygiene and training controls reviewed
• Change control reviewed

Certifications and audits

• Certificate received
• Certificate current
• Scope verified
• Site verified
• Audit reports or summaries reviewed
• Nonconformances reviewed if needed

Specifications and technical documents

• Product spec received
• Version controlled
• Allergen status confirmed
• Micro criteria confirmed
• Storage requirements confirmed
• Shelf life confirmed
• Label requirements confirmed

Supporting documents

• CoA examples reviewed
• Guarantee or conformance documents reviewed
• Insurance reviewed
• Additional compliance documents reviewed as needed

Verification activities

• Audit completed or justified
• Sample or trial completed
• History reviewed
• Additional checks completed for high risk suppliers

Decision

• Status assigned
• Approval scope recorded
• Conditions recorded
• Reviewer recorded
• Approval date recorded
• Next review date set

Ongoing monitoring

• Expiry tracking in place
• Spec review dates tracked
• Supplier performance monitored
• Complaints and nonconformances reviewed
• Reapproval triggers defined