Selecting a new vendor: Free checklist

Selecting a new vendor checklist

This checklist covers the main steps your organization should take when choosing a new vendor. It helps you address key factors such as defining requirements, conducting due diligence, issuing an RFP, and evaluating risks related to potential vendors. By following these steps, you can make well-informed decisions, choose reliable vendors, and reduce risks tied to vendor relationships.

Using this checklist ensures you thoroughly evaluate each vendor option, aligning with your organization’s goals while staying compliant with relevant standards.

How to use this selecting a new vendor checklist

To streamline your vendor selection process, follow this checklist step by step:

• Work through each phase in order: Start by defining your needs, then move through due diligence, RFP issuance, and risk assessment to create a comprehensive evaluation process.
• Collaborate with relevant teams: Engage key stakeholders, legal, compliance, and procurement teams to ensure that every aspect—from contracts to regulatory compliance—is covered.
• Keep records: Document all stages, including requirements, proposals, evaluations, and final decisions. Detailed records support transparency and help manage future vendor relationships.
• Customize as needed: Adapt the checklist to fit your organization’s specific needs, especially for high-risk or unique vendor relationships.
• Regularly review and update: Ensure the checklist remains effective by updating it periodically to account for changes in industry standards, internal policies, and regulatory requirements.

Checklist

Preliminary considerations

[ ] Work with key stakeholders, business units, and legal counsel to identify the type, quality, quantity, and location of goods or services needed.

[ ] Establish a budget and timeframe to ensure timely and cost-effective fulfillment of your organization’s needs.

[ ] Identify your organization’s main goals for selecting a new vendor. Common goals might include:

[ ] Outsourcing specific business functions.

[ ] Maximizing value while minimizing costs.

[ ] Improving customer service.

[ ] Boosting operational efficiency, quality, or productivity.

[ ] Gaining a competitive edge.

[ ] Enhancing environmental sustainability.

[ ] Replacing an underperforming or defunct vendor.

[ ] Securing consistent supply in case of vendor shortages.

[ ] Strengthening existing business relationships or exploring new ones.

[ ] Decide whether to:

[ ] Use an RFP to gather competitive bids, especially if multiple vendors can supply similar goods or services.

[ ] For highly customized goods or services, get estimates from two or three vendors and select based on suitability in cost, quality, and other factors.

[ ] If sharing sensitive data with vendors, review relevant privacy and data protection laws to ensure compliance.

[ ] If legal counsel is involved, evaluate any potential ethical concerns related to vendor selection and use.

Prepare a list of potential vendors

[ ] Reach out to business colleagues inside and outside the organization for vendor referrals and insights into each vendor’s reputation within the industry.

[ ] Research and record essential details for each potential vendor, including:

[ ] Business name and address.

[ ] Primary contact’s name, title, and contact information.

[ ] Key information about shareholders, principals, management, and key employees.

[ ] Ask vendors for a catalog, product samples, and any other marketing materials to help evaluate their offerings.

[ ] Review various sources for relevant background information on each vendor, including:

[ ] Vendor’s website and social media channels for updates, news, or press releases.

[ ] Third-party websites and social media for any negative reviews or feedback on the vendor's products or services.

[ ] News articles, trade journals, and reports for additional insights.

[ ] Securities filings if the vendor is publicly held.

[ ] Public documents for any criminal sanctions, regulatory issues, litigation history, or other reported violations related to health, safety, labor, or compliance.

Issue an RFP

[ ] Ensure each potential vendor has signed a non-disclosure agreement (NDA) before receiving the RFP.

[ ] Structure your RFP to gather key details from each vendor, including:

[ ] Company background, including history, bios, and key management profiles.

[ ] Corporate structure and incorporation documents.

[ ] Evidence of financial stability, like financial and tax statements.

[ ] Overview of the vendor's technology, including any patents or unique intellectual property (IP).

[ ] Details of business locations.

[ ] Workforce specifics, including skills, training, diversity, and background information.

[ ] Comprehensive list of goods or services offered.

[ ] Service capacity, scalability, and flexibility for service providers.

[ ] Past experience with similar clients or projects.

[ ] Required regulatory consents, permits, licenses, and certifications.

[ ] Industry certifications or accreditations.

[ ] Compliance record and litigation history.

[ ] Relevant company policies.

[ ] Insurance policies and coverage.

[ ] Disaster recovery and business continuity plans.

[ ] Data security practices and systems.

[ ] Client or customer list.

[ ] Subcontracting details and third-party relationships.

[ ] Disclosures of any potential conflicts of interest or connections with competitors.

[ ] Customer references.

[ ] Vendor’s approach to meeting your organization’s goals and objectives.

[ ] Key differentiators from competitors.

[ ] Pricing structure, potential for future cost increases, and underlying bid assumptions.

[ ] Include a draft agreement template with your RFP to set clear expectations for terms if the vendor is selected.

Review vendor proposals

[ ] Once the bid submission deadline has passed, thoroughly review all submitted proposals to ensure they meet your organization’s requirements.

[ ] Arrange meetings with shortlisted vendors to discuss any questions and clarify specifics in their proposals.

[ ] If possible, visit vendors' offices, equipment, warehouses, or other facilities to assess their operations and verify capabilities.

Prepare a vendor short list

[ ] After reviewing proposals and interviewing selected vendors, reduce your list to the top three vendors that best fit your needs.

[ ] Share key details of the top three bids with these vendors and ask each to submit a final, revised bid.

Assess privacy and data security risk

[ ] If your organization will be sharing data, send a vendor due diligence questionnaire to gather information on their privacy and data security measures.

[ ] Ensure the questionnaire addresses the following:

[ ] How the vendor will provide services, including IT systems, data, and network design.

[ ] The vendor’s current privacy and data security programs and practices.

[ ] How the vendor complies with relevant laws, regulations, and industry standards, as well as your organization’s security policies.

[ ] Results from recent security risk assessments, including identified risks and remediation plans.

[ ] Any previous privacy or security incidents, including data breaches and steps taken to resolve them.

[ ] Any privacy or data security-related litigation, regulatory enforcement actions, or penalties.

Assess reputational risk

[ ] For vendors on your short list:

[ ] Check for past litigation or settlements involving the vendor to assess potential legal risks.

[ ] Use agencies like Dun & Bradstreet, Experian, or NACM to evaluate the vendor's financial stability.

[ ] Verify if the vendor follows ethical sourcing practices throughout its supply chain, ensuring high standards from production to final goods.

[ ] Ensure the vendor has a documented code of ethics and provides employee training on this topic. Confirm their willingness to align with your organization’s ethics and compliance standards.

[ ] Check the vendor’s name against restricted party lists from agencies like OFAC, BIS, and DDTC.

[ ] Contact at least three references and ask questions such as:

[ ] Why they chose the vendor.

[ ] How the vendor stands out in quality or service.

[ ] Satisfaction with the goods or services.

[ ] Professionalism and adherence to budgets and timelines.

[ ] How well the vendor handled any disputes.

[ ] Whether they would rehire the vendor and why (or why not).

Select the winning vendor

[ ] Review final bids and reference feedback to make an informed decision on the winning vendor.

[ ] Inform the chosen vendor of their selection and proceed with next steps.

[ ] Work with in-house counsel to complete the contract for goods or services with the new vendor.

[ ] Inform the vendors not selected for the contract.

[ ] Keep positive connections with the other shortlisted vendors as potential back-ups if needed.

Benefits of using a selecting a new vendor checklist

Using a vendor selection checklist provides several advantages for a smooth and reliable vendor sourcing process:

• Reduce risks: The checklist guides you in evaluating potential risks, from compliance and data security to financial stability, ensuring you choose a vendor who meets your standards.
• Make informed decisions: With a structured approach, you can compare vendors effectively, focusing on criteria like quality, pricing, experience, and ethical standards.
• Enhance efficiency: The checklist keeps the vendor selection process organized, helping you cover all necessary steps without missing key factors or spending unnecessary time.
• Ensure compliance: By following a clear process, you can meet internal policies and external regulatory requirements, lowering the chance of compliance issues later on.
• Build strong vendor relationships: The checklist supports clear, documented selection criteria and communication, which builds transparency and trust with chosen vendors from the start.

Frequently asked questions (FAQs)