Jump to content

  • Quick Navigation

Categorizing Suppliers Using Risk Assessment

Share this

  • You cannot start a new topic
  • Please log in to reply
3 replies to this topic


    Grade - Active

  • IFSQN Active
  • 4 posts
  • 0 thanks

  • Malaysia

Posted 29 October 2012 - 03:22 AM


I have 70+ supplier in my Approved supplier list. According to ISO 22000 standard we have to audit all suppliers. It is impossible to audit all 70+ suppliers due to operational and other reasons. Therefore the auditor had suggested to determine and categorize the supplier according to the risk, with that we can focus to conduct the on-site audit on high risk supplier and desk audit on low risk supplier. I have something in my mind to work with but when I draft it on the paper I get stuck on certain items. Appreciate if anyone can help me with the risk assessment template and scoring method.

1) We are catering company
2) Type of supplier: We have manufacturer and also trader (trading company)
3) Our suppliers supply : food (persihables and non perishables - including RTE food) and non food supplier

Thank you.


    Grade - FIFSQN

  • IFSQN Moderator
  • 20,542 posts
  • 5651 thanks

  • Earth
  • Gender:Male
  • Interests:SF

Posted 29 October 2012 - 05:54 AM

Dear izanis,

According to ISO 22000 standard we have to audit all suppliers

Which paragraph in the standard is this ?

By “high risk supplier” I presume you mean a supplier providing a high risk product. On-site audits can also be involved as part of a supplier performance monitoring scheme.

Perhaps you hv already done such a product input risk analysis for yr HACCP portion of the standard.?

The definition / interpretation of a "high risk product" has been discussed many times on this forum. It can depend on a variety of items such as local regulations, specific food standard involved, it also typically relates to intended consumption procedure, storage stability considerations, relative volume (from a sampling POV).

I don’t recall ISO 22000 offering any specific classification for this (?), local regs no idea.

Some examples of possible definitions / listed categories are in this lengthy thread, eg posts #4, #6 and #24 –

I daresay the complexity, or not, may depend on yr actual product range ?.

Rgds / Charles.C

Kind Regards,



George @ Safefood 360°

    Grade - SIFSQN

  • Corporate Sponsor
  • 374 posts
  • 326 thanks

  • United States
    United States
  • Gender:Male
  • Location:Ireland and USA

Posted 30 October 2012 - 10:56 AM

I'm also not sure where this requirement comes from within the ISO 2200. From my reading Supplier Control is refered to under the PRP section but not addressed within the standard. PAS 220 is where you miay need to go for more prescriptive requirements.

Auditing all suppliers is obviouosly not required. Following a risk assessment of each material and supplier based on information you gather and a good HACCP study you can seperate out those where an audit may need to be conducted.



    Grade - MIFSQN

  • IFSQN Member
  • 239 posts
  • 54 thanks

  • Canada
  • Gender:Male

Posted 30 October 2012 - 04:16 PM

Typically you can shorten your audit list if your suppliers are already ISO 22000 / BRC / SQF etc. Further information can be gathered via supplier questionnaires, allergen statements etc and by sending them your audit check-list to fill out as a self-audit when they are determined to be lower risk.

Share this

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users