ISO 9001 Supplier Certification — Questions & Answers

Does an ISO 9001 supplier need to be certified?

ISO 9001:2015 does not require that your suppliers be ISO 9001 certified. Clause 8.4 requires you to evaluate and select external providers based on their ability to provide processes, products, and services in accordance with your requirements — but the method of evaluation is left to your organization.

ISO 9001 supplier certification is one option, but not the only one. An uncertified supplier who consistently delivers conforming products may be considered more reliable than a certified supplier with a poor track record. What matters is evidence that the supplier can meet your requirements.

What are the options for supplier certification?

Organizations have several options for qualifying suppliers under ISO 9001:2015 clause 8.4:

• Third-party certification — accept an ISO 9001 certificate issued by an accredited certification body as evidence of supplier quality capability
• Second-party audit — conduct your own audit of the supplier's quality management system
• Supplier self-assessment — request the supplier to complete a quality capability questionnaire
• Performance history — qualify a supplier based on their track record of delivering conforming products and services
• Combination approach — use a mix of the above methods based on the risk and importance of the supplied item

The chosen approach should be proportionate to the potential impact of the externally provided process, product, or service on your organization's ability to meet customer requirements.

What is the difference between supplier certification and supplier approval?

Supplier certification typically refers to third-party ISO 9001 certification — an independent assessment by an accredited certification body that the supplier's QMS meets ISO 9001 requirements.

Supplier approval (or qualification) is your organization's internal process of evaluating and approving a supplier for use. Approval may or may not include a requirement for third-party certification. An approved supplier list (ASL) is the documented outcome of the approval process.

Under ISO 9001:2015, you are responsible for maintaining your own approved supplier list and the criteria for including or removing suppliers from it — regardless of whether those suppliers hold ISO 9001 certificates.

How to evaluate ISO 9001 certified suppliers?

Even when a supplier holds an ISO 9001 certificate, you should still evaluate their performance against your specific requirements. Effective evaluation approaches include:

• Review the certificate scope — ensure the certification scope covers the products or services you are purchasing
• Check the certification body — verify that the certificate was issued by an accredited certification body (IAF-recognized accreditation body)
• Monitor delivery performance — track on-time delivery rates, nonconformance rates, and complaint response times
• Product/service inspection — incoming inspection or verification of externally provided items
• Periodic re-evaluation — scheduled review of supplier performance at defined intervals (e.g., annually)
• Supplier audits — periodic second-party audits for critical or high-risk suppliers

What records should be kept for supplier certification?

ISO 9001:2015 clause 8.4 requires you to retain documented information on the results of evaluations, monitoring of performance, and re-evaluations of external providers. Records to maintain include:

• Approved supplier list (ASL) — current list of qualified suppliers with their approval status
• Supplier evaluation records — initial qualification assessment results
• Copies of supplier ISO 9001 certificates (if used as qualification evidence)
• Supplier performance monitoring records — delivery, quality, and responsiveness data
• Re-evaluation records — periodic reviews of supplier performance
• Records of actions taken when supplier performance is unsatisfactory
• Purchasing information — specifications, purchase orders, and supplier agreements

These records provide the evidence needed during ISO 9001:2015 certification audits that your organization is effectively controlling external providers.

Related Products

All ISO Products