SQF Edition 10 Supplier-Document Gap Checklist

Use this checklist to assess whether your supplier-document control process is ready for SQF Edition 10.

Download the template

• Download PDF template
• Download Excel template

This is a practical working template, not an official SQFI checklist. It is designed to help sites assess supplier-document controls against the themes and requirements reflected in the applicable SQF Code, especially around approved suppliers, document control, records, management review, and training.

Important

• Validate this checklist against your applicable SQF Code, Food Sector Category, customer requirements, regulatory requirements, and certification body advice.
• This checklist is intended to support implementation. It is not a substitute for the auditable SQF Code.

What this checklist is designed to help you assess

This checklist helps you assess whether your site can consistently:

• document and implement an approved supplier program
• evaluate suppliers using a risk-based approach
• maintain supplier approval evidence and supporting records
• control supplier-related documents so current versions are identifiable
• keep records legible, accessible, retrievable, and securely stored
• show management oversight of supplier-document controls
• demonstrate personnel training and competency for supplier-document activities

For a broader cross-scheme walkthrough of what a practical supplier evaluation process should include, see our Food Supplier Approval Checklist.

How to use this checklist

For each item, mark one:

• Yes = fully in place and evidenced
• Partial = partly in place, inconsistent, or not fully evidenced
• No = not in place
• N/A = not applicable

Optional tracking fields you can add:

• Owner
• Evidence
• Gap
• Priority
• Target Date
• Status

Optional internal scoring method

This scoring model is for internal use only. It is not an SQFI scoring system.

• Yes = 2 points
• Partial = 1 point
• No = 0 points

Optional internal readiness bands

• 85–100%: strong baseline
• 70–84%: moderate risk / improvement needed
• Below 70%: high risk / control weaknesses likely

1) Applicability and scope

• We have identified the applicable SQF Code and Food Sector Category for our site.
• We have confirmed which supplier-document requirements apply to our products, processes, and inputs.
• We understand that this checklist is a practical working tool and not the auditable SQF standard.
• We have considered any customer-specific, regulatory, or market-specific supplier-document requirements in addition to SQF.

Evidence examples

• selected SQF Code and FSC reference
• site scope statement
• internal interpretation notes
• certification body guidance notes

2) Approved supplier program and documented responsibility

• We have a documented approved supplier program.
• The approved supplier program defines how suppliers are selected, evaluated, approved, monitored, and reviewed.
• Responsibilities for supplier approval and supplier-document control are documented.
• Personnel responsible for supplier-document activities are identified.
• Backup responsibility is defined for key personnel where needed.

Evidence examples

• approved supplier program procedure
• responsibility matrix
• job descriptions
• supplier approval workflow

3) Approved supplier list / register

• We maintain a current list or register of approved suppliers.
• The register includes sufficient supplier identification and contact information.
• The supplier register is kept current.
• We can distinguish suppliers that are approved from those that are pending, not approved, or no longer in use.
• Emergency suppliers, where used, are identified and handled under controlled conditions.

Evidence examples

• approved supplier register
• supplier contact records
• emergency supplier log
• status review records

4) Risk-based supplier evaluation and monitoring

• Supplier approval decisions are based on documented risk.
• We can explain how supplier risk is determined.
• Higher-risk suppliers are subject to stronger evaluation or monitoring.
• Supplier audits, where used, are based on risk.
• Supplier monitoring is documented.
• We can show periodic review of supplier performance and approval status.

Evidence examples

• supplier risk assessment
• supplier evaluation criteria
• supplier audit records
• review records
• monitoring logs

5) Supplier approval evidence

• We maintain records that support supplier approval.
• Supplier approval evidence is linked to the relevant supplier.
• We can show the basis on which a supplier was approved.
• We can show follow-up where supplier approval evidence was incomplete, missing, or required review.
• We can show that supplier approval records are maintained as part of the food safety management system.

Evidence examples

• supplier approval forms
• risk assessments
• audit reports
• audit certificates
• certificates of analysis where applicable
• complaint / performance records
• purchase records
• review notes

6) Supplier-related specifications and change control

• Specifications and/or descriptions for raw materials and packaging that impact product safety are documented and kept current.
• We can show how supplier-related specifications are reviewed and maintained.
• We require suppliers to notify us of relevant changes in product composition or other changes that may impact food safety where applicable.
• We can show how supplier-related changes are reviewed and communicated internally when needed.

Evidence examples

• raw material specifications
• packaging specifications
• supplier change notification requirements
• specification review records
• change assessment records

7) Document control for supplier-related documents

• Supplier-related documents are subject to document control.
• Current versions are identifiable.
• Obsolete or superseded documents are controlled to prevent unintended use.
• There is a documented method for maintaining, updating, and replacing controlled documents.
• We can show who reviewed or updated controlled supplier-related documents where applicable.

Evidence examples

• document control procedure
• revision history
• version-controlled templates
• controlled document register

8) Records control, storage, and retrieval

• Records supporting supplier approval and supplier-document control are maintained.
• Records are legible.
• Records are readily accessible.
• Records are retrievable when needed.
• Records are securely stored to prevent unauthorized access, loss, damage, or deterioration.
• We can retrieve supplier approval and supplier-document records in a reasonable timeframe during an audit or investigation.
• Electronic and/or paper records are controlled appropriately.

Evidence examples

• supplier approval records
• supplier monitoring records
• document retrieval examples
• storage and retention procedure
• audit evidence pack

9) Record retention and completeness

• We have defined retention practices for supplier-related records.
• Supplier approval records are complete enough to support audit and investigation needs.
• We can show historical records where needed.
• Records demonstrate implementation of the supplier approval process, not just the existence of a procedure.

Evidence examples

• retention policy
• archived supplier records
• historical approval evidence
• closed review records

10) Monthly management updates and annual management review

• Supplier-document control issues are included in monthly management updates where relevant.
• Records are maintained of monthly management updates where supplier-document issues were discussed.
• Supplier-related issues can be escalated to site management when they impact or could impact the food safety system.
• Supplier approval and supplier-document performance can be included within the annual management review where relevant.
• Follow-up actions from reviews are tracked to completion.

Evidence examples

• monthly management update records
• escalation records
• annual management review records
• follow-up action logs

11) Nonconformities, corrections, and corrective action

• We document supplier-document nonconformities or gaps when identified.
• We document corrections and corrective actions where required.
• We can show investigation and resolution of supplier-document-related nonconformities where applicable.
• Repeated supplier-document issues are reviewed for recurring causes.

Evidence examples

• nonconformity records
• corrective action records
• root cause analysis records
• closure evidence

12) Training and competency

• Personnel involved in supplier approval and supplier-document control are trained for their responsibilities.
• Training needs are identified for relevant roles.
• A means to assess competency is included as part of the training process.
• Training records are maintained.

Training record fields to verify

• participant name
• description of necessary skills
• description of training provided
• date training completed
• trainer or training provider
• verification that the trainee is competent to complete the required tasks

Evidence examples

• training matrix
• competency assessments
• training attendance records
• signed training records

13) Common control weaknesses to test for internally

Mark any that apply.

• Approved supplier list is not current
• Supplier approval evidence is incomplete
• Supplier approval cannot be linked clearly to the supplier record
• Document versions are unclear
• Obsolete supplier documents are still accessible without clear control
• Records exist but are difficult to retrieve
• Supplier-related changes are not captured consistently
• Management does not receive regular visibility of supplier-document risks
• Training records are incomplete or do not show competency verification
• Corrective actions are not clearly closed out

14) Optional items that may apply, but are not core SQF requirements in every case

These may still be valid depending on customer, regulatory, product, or company requirements. Treat them as conditional, not universal SQF requirements.

• insurance certificates
• environmental compliance documents
• social compliance documents
• customer-specific declarations
• market-specific compliance statements
• additional supplier questionnaires beyond core approval evidence

15) Priority action plan

Use the Priority action plan section in the downloadable template to convert findings into an execution plan.

At minimum, do the following:

• categorize gaps by high, medium, and low priority based on food safety impact and audit risk
• define a clear corrective action for each gap
• assign an accountable owner
• set realistic due dates
• track implementation status until closure

Prioritize actions that affect supplier approval validity, document control integrity, and record retrieval during audit.

16) Readiness summary

Use the Readiness summary section in the downloadable template to consolidate your current position.

Your summary should clearly state:

• your current internal readiness level
• the most significant control weaknesses identified
• the immediate next steps required before audit
• whether remaining gaps are acceptable, escalated, or require urgent correction

Keep the summary concise, evidence-based, and aligned with your management update and review process.

17) Internal audit prompts

Use these to pressure-test your process.

Questions for supplier quality / QA

• Can you show me the current approved supplier list?
• What evidence supports approval of this supplier?
• How was this supplier’s risk determined?
• What monitoring or review has been done for this supplier?
• Can you show the current specification for this input?
• Can you show the current version and review status of this supplier-related document?
• Can you retrieve the approval and review records for this supplier now?
• What happens when supplier approval evidence is incomplete or no longer acceptable?

Questions for management

• How are supplier-document issues escalated when they may impact food safety?
• Where are monthly management updates recorded?
• How are follow-up actions tracked after review?
• How do you know supplier approval controls are working in practice?
• What recurring supplier-document weaknesses have you identified?

Final note

This checklist is strongest when used as an implementation and audit-preparation tool, not as a substitute for the Code itself.

If your supplier-document process cannot clearly show:

• who is approved,
• on what basis they were approved,
• what records support that approval,
• whether those records are controlled and retrievable, and
• how management is kept informed,

then your issue is not just missing paperwork. It is a system control weakness.