The Complete Guide to Conducting and Recording Supplier Due Diligence

The Complete Guide to Conducting and Recording Supplier Due Diligence

Supplier due diligence is an essential function of procurement teams everywhere. Finding the right product or service, at the right price, is only half the battle. Ensuring your suppliers are the kind of people you want your business to get into bed with is by far the most important factor to take into account when signing on the dotted line.

With procurement teams navigating increasingly globalised and complex supply chains, knowing exactly who your suppliers are and how their activities measure up in terms of the local regulatory demands placed on you is also increasingly tricky.

Your business is likely to now rely on third-party relationships that span huge geographical distances. This geographical distance is only part of the problem – the bigger issues to mitigate

are disparate economic, political and legislative factors that influence how third parties do business. And knowing what liability your business has in terms of being guilty by association.

That’s where supplier due diligence comes into play. This is the effort that you undertake to uncover and act on any risks associated with your supply chain or with a potential supplier. Supplier due diligence must be a standardised process that takes place before you engage any new suppliers or make any purchases for your business.

Supplier Due Diligence: Why you need to know who you’re doing business with

A robust supplier due diligence process helps your procurement function in multiple ways. Supplier due diligence makes sure that you are best placed for more efficient, faster decision-making. Knowing the hoops you need suppliers to jump through helps you manage the process and all expectations from the outset. Being transparent helps streamline processes – telling new suppliers in advance that if they want your business they need to provide the following information leaves the administration up to them.

Your due diligence process will allow you to have a standardised procedure to assess the credibility and integrity of your business partners, but more than anything due diligence is about protecting your business and your reputation. Your due diligence defence is what will mitigate your liability in any corrupt or unsavoury business practices that are discovered along the supply chain.

Supplier Risk Management Process

The process of managing risk in the supply chain starts with awareness of the risk landscape. Supplier risks can span multiple areas including

  • Financial, Environmental, Social and Governance (ESG)
  • Cyber Security and Compliance
  • Overt Crime, Bribery, Fraud and Corruption

Photo by FLY:D on Unsplash

Risk awareness is the first step, then risk identification is the next. Your suppliers must be classified by their risk level and subject to continuous measurement, monitoring and review.

Creating risk controls is the final and most important step in supplier risk management. Identifying risks but not acting on them would render the entire process pointless, after all.

Supplier Due Diligence checklist

There are six core areas to think about when completing your due diligence on a potential supplier.

Here is our six-point supplier due diligence checklist:

1.    Prove they are who they say they are

Information like proof of location and address, local registration documents, details of the CEO and senior leadership team and an overview of the structure of the business.

2.    Assess their financial status

You need to know that your suppliers are solvent and behave responsibly. Conduct a credit check on all suppliers but go beyond this. Consider asking for details on major assets, owners and directors and debt.

3.    Research their reputation

Choosing to work with a supplier means handing over an element of control of your business to someone else. Researching a supplier’s reputation is an essential aspect of your due diligence process.

4.    Ensure they are insured

The insurance status of your suppliers should be integral to your decision-making process. Understand your supplier’s general liability insurance and any insurance that is specific to the product or service they will be supplying.

5.    Explore data security issues

Any data is shared between your business and a supplier, not only do you need to ensure GDPR compliance but you need to perform a thorough vetting of your supplier’s information security measures. This will include collecting internal and external audit reports and full disclosure of any prior data breaches and how they were dealt with.

6.    Check their policies

All reputable businesses anywhere in the world will be built on exhaustive policies and procedures. If your potential vendor can’t supply policies surrounding data retention, privacy, security, change management or supply chain disruption they will not be able to navigate potential pitfalls and may leave your business vulnerable.


Of course, carrying out due diligence is only part of the process. Recording your due diligence efforts is also essential in terms of crafting a watertight due diligence defence system. Save time and money by tightening your due diligence record keeping, and keep your due diligence defence strong with the DUED app.

Find out more by emailing us at or calling 0800 999 1303.