Training Module
Training Module
Supplier Management Foundations
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
Understand
Implement
Manage
Audit
Training module overview
Suppliers and outsourced processes are essential to most management systems, but control frequently breaks down after onboarding: requirements remain vague, monitoring becomes irregular, and evidence is missing when incidents or audits occur. The result is avoidable operational, security, compliance, and financial exposure.
This foundation module shows how to build a practical supplier and outsourced-process lifecycle that can be run with limited resources: categorise external provision, qualify and onboard proportionately, embed clear requirements into agreements and working practices, and run monitoring and re-evaluation cycles. The module focuses on manager/implementer control design and operation; it does not teach risk management methods or audit execution craft.
Suppliers and outsourced processes are essential to most management systems, but control frequently breaks down after onboarding: requirements remain vague, monitoring becomes irregular, and evidence is missing when incidents or audits occur. The result is avoidable operational, security, compliance, and financial exposure.
This foundation module shows how to build a practical supplier and outsourced-process lifecycle that can be run with limited resources: categorise external provision, qualify and onboard proportionately, embed clear requirements into agreements and working practices, and run monitoring and re-evaluation cycles. The module focuses on manager/implementer control design and operation; it does not teach risk management methods or audit execution craft.
Target audience
Procurement and vendor management roles coordinating supplier onboarding and oversight
Management system implementers (quality, information security, environmental, OH&S, compliance)
IT and operations managers accountable for externally provided services
Internal audit coordinators and control owners supporting supplier-related assurance activities (non-auditor craft)
Procurement and vendor management roles coordinating supplier onboarding and oversight
Management system implementers (quality, information security, environmental, OH&S, compliance)
IT and operations managers accountable for externally provided services
Internal audit coordinators and control owners supporting supplier-related assurance activities (non-auditor craft)
Agenda
External provision in management systems
Suppliers, service providers, outsourced processes, and shared-responsibility arrangements
Where control typically fails in practice (and what “evidence” usually goes missing)
Defining responsibility and boundaries
What stays with the organisation even when work is outsourced
Interfaces across procurement, operations, and control owners
Categorisation and proportional control
Categorising suppliers by impact and criticality
Using existing risk outputs to calibrate control depth (without turning this into a risk-method workshop)
Selection and pre-qualification
Practical selection criteria (capability, capacity, compliance, resilience)
Screening, red flags, and proportionate evidence requests
Due diligence and onboarding
Due diligence packages by category (what to ask for, what to verify)
Onboarding that prevents “paper compliance” and clarifies who does what
Contractual and operational requirements
Translating management system needs into usable requirements (not generic clauses)
Aligning agreements, day-to-day controls, and documented expectations
Monitoring, re-evaluation, and change handling
Monitoring routines: performance signals, incidents, and control evidence
Trigger-based re-evaluation (changes in service, ownership, subcontracting, technology)
Working with critical suppliers
Escalation, remediation plans, and decision points (develop, constrain, or replace)
Handling low-transparency suppliers without creating unmanageable overhead
Technology as an enabler
Using tools to track evidence, changes, and obligations
Optional AI support for summarising supplier documentation and flags (supporting—not replacing—judgement)
Workshop
Map one key supplier or outsourced process lifecycle (category → onboarding → monitoring → re-evaluation)
Define evidence expectations and practical operating routines
External provision in management systems
Suppliers, service providers, outsourced processes, and shared-responsibility arrangements
Where control typically fails in practice (and what “evidence” usually goes missing)
Defining responsibility and boundaries
What stays with the organisation even when work is outsourced
Interfaces across procurement, operations, and control owners
Categorisation and proportional control
Categorising suppliers by impact and criticality
Using existing risk outputs to calibrate control depth (without turning this into a risk-method workshop)
Selection and pre-qualification
Practical selection criteria (capability, capacity, compliance, resilience)
Screening, red flags, and proportionate evidence requests
Due diligence and onboarding
Due diligence packages by category (what to ask for, what to verify)
Onboarding that prevents “paper compliance” and clarifies who does what
Contractual and operational requirements
Translating management system needs into usable requirements (not generic clauses)
Aligning agreements, day-to-day controls, and documented expectations
Monitoring, re-evaluation, and change handling
Monitoring routines: performance signals, incidents, and control evidence
Trigger-based re-evaluation (changes in service, ownership, subcontracting, technology)
Working with critical suppliers
Escalation, remediation plans, and decision points (develop, constrain, or replace)
Handling low-transparency suppliers without creating unmanageable overhead
Technology as an enabler
Using tools to track evidence, changes, and obligations
Optional AI support for summarising supplier documentation and flags (supporting—not replacing—judgement)
Workshop
Map one key supplier or outsourced process lifecycle (category → onboarding → monitoring → re-evaluation)
Define evidence expectations and practical operating routines
Course ID:
HAM-SMF-1
Audience:
Manager
Domain:
Agnostic
Available in:
English
Duration:
7 h
List price:
CHF 550
Excl. VAT. VAT may apply depending on customer location and status.
What you get
Learning outcomes
Distinguish supplier types and outsourced-process arrangements, and identify where organisational responsibility remains internal
Categorise suppliers and outsourced processes and define proportionate control expectations
Run a structured pre-qualification and due diligence process with appropriate evidence requests
Define clear, usable requirements for external providers and align them with operational reality
Design a monitoring and re-evaluation cycle with meaningful criteria, evidence, and triggers
Manage supplier changes (service scope, ownership, subcontracting, technology) without losing control or traceability
Distinguish supplier types and outsourced-process arrangements, and identify where organisational responsibility remains internal
Categorise suppliers and outsourced processes and define proportionate control expectations
Run a structured pre-qualification and due diligence process with appropriate evidence requests
Define clear, usable requirements for external providers and align them with operational reality
Design a monitoring and re-evaluation cycle with meaningful criteria, evidence, and triggers
Manage supplier changes (service scope, ownership, subcontracting, technology) without losing control or traceability
Learning materials
Slide deck
Participant workbook
Certificate of completion
Slide deck
Participant workbook
Certificate of completion
Templates & tools
Supplier evaluation & due diligence checklist
Contract requirement checklist (cross-domain, standard-agnostic wording)
Supplier monitoring and review log (criteria + evidence prompts)
Re-evaluation review sheet
Change impact checklist (supplier/service/ownership/technology changes)
Optional AI prompt set for supplier documentation summarisation (with verification cautions)
Supplier evaluation & due diligence checklist
Contract requirement checklist (cross-domain, standard-agnostic wording)
Supplier monitoring and review log (criteria + evidence prompts)
Re-evaluation review sheet
Change impact checklist (supplier/service/ownership/technology changes)
Optional AI prompt set for supplier documentation summarisation (with verification cautions)
Prerequisites
This module assumes general familiarity with management system concepts and basic procurement/outsourcing realities (e.g., contracts, service delivery, and operational ownership). No prior standard-specific knowledge is required.
Helpful background includes:
Familiarity with internal roles, responsibilities, and operational controls
Experience working with external providers and service dependencies
This module assumes general familiarity with management system concepts and basic procurement/outsourcing realities (e.g., contracts, service delivery, and operational ownership). No prior standard-specific knowledge is required.
Helpful background includes:
Familiarity with internal roles, responsibilities, and operational controls
Experience working with external providers and service dependencies
Strongly recommended preparatory modules
Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Risk Management Foundations: Consistent Risk and Opportunity Logic Across Management Systems
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Documentation & Knowledge Foundations: Documented Information, Records, and Organisational Knowledge
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Continuous learning
Follow-up modules
Follow-up modules
After completion of this module, the following modules are ideal to further deepen the participant's competence.
After completion of this module, the following modules are ideal to further deepen the participant's competence.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.