A production line goes down on a Thursday afternoon. The critical-path supplier for the failed component was qualified 18 months ago: a positive reference call, a folder of scanned certificates, and the procurement manager's informal approval over email. The ISO certification in that folder expired eight months ago. Nobody noticed because there is no process for tracking document expiry on vendor records — there is a shared folder and the implicit assumption that someone is monitoring it. When the certification auditor arrives the following week, the company has an active critical supplier with a lapsed qualification and no approval trail to show.
A folder of certificates is not a qualification process. It's a filing system. The distinction matters enormously when an auditor, a regulator, or an enterprise customer asks you to demonstrate how a vendor was evaluated — not that they have certificates.
ISO 9001:2015 Clause 8.4 sets an explicit requirement: the organization shall determine controls applied to externally provided processes, products, and services, and shall establish documented criteria for evaluation, selection, monitoring, and re-evaluation of external providers. In an internal first-party audit, a quality engineer's scoring sheet usually passes. In a third-party certification audit or an enterprise customer's supply chain audit, the required evidence is a qualification record that shows: criteria applied, nonconformities found, corrective actions taken, and the approval attributed to a named role. 'We have a folder of vendor certificates' does not meet this standard.
In Cadenio, vendor onboarding is a Flow with distinct phases: document collection assigned to the procurement analyst, technical and risk review assigned to quality and legal, committee approval as a formal gate, and operational registration as the final phase. Each document has a collection owner and a due date. The committee gate requires explicit approval from each member — not a reply-all email. The phase cannot advance until all requirements are met.
Risk classification is where the flow adapts to vendor type. A service provider and a raw material supplier carry different compliance requirements and different audit exposure. Conditional logic in the Flow template activates the requirements appropriate for each vendor category at intake, rather than relying on the analyst to remember which checklist applies to which supplier.
The ongoing dimension of vendor management is as important as initial qualification. Annual re-qualification, SLA performance reviews, and audit cycles are recurring Flows that tie back to the original supplier record. When a vendor's certification is approaching expiry, Cadenio fires the renewal alert and opens the re-qualification run automatically — without a calendar reminder that may or may not reach the right person.
Most procurement teams underestimate the commercial dimension. Enterprise customers increasingly include supply chain audit requirements as contract conditions — asking not just whether your suppliers are qualified, but how they were qualified, who approved the decision, and what re-evaluation cadence is maintained. A qualification library built in Cadenio answers with run history, not a policy document. A policy describes intent. A run shows execution. For organizations competing on contracts where supply chain integrity is a selection criterion, the qualification record is part of the commercial proposition.