GUIDE: Managing Supplier Certifications in the Compliance Module
If you’re looking to create and track supplier certificates and automate their renewals, this article is for you.
Supplier certificates, such as ISO or IATF, are essential compliance documents with defined valid-from and valid-to dates. When these certificates expire, it’s important to collect updated versions promptly to maintain compliance and supplier qualification.
With the Supplios Compliance module, you can easily create and manage supplier certifications, specify which suppliers require which certificates, and automate renewal workflows so that suppliers can upload their own documents.
This article provides a step-by-step guide to setting up and configuring your certificate management automations, helping you eliminate manual tracking and follow-ups for good.
Note: Only users with Admin permissions for a specific Document Type can set or modify supplier requirements and upload settings. For more information, see this article.
Creating a Document Type for Certifications
To create a new document type, go to Compliance in the left-hand menu of the Portal. Then, open the Document Types section and click the green Add Document Type button.
In the pop-up window, you’ll be asked to define several key properties of this Document Type.
Document Category
Document Categories are organization-specific and depend on your company’s configuration. Categories can be grouped by department or document purpose, for example:
- Quality Certifications
- Legal Contracts
- Sustainability Documents
By default, all Supplios customers start with at least two categories, typically Vendor Contracts and Vendor Certifications, but additional ones can be added easily.
If we take ISO 9001 as an example, a suitable Document Category could be Quality Certifications or simply Vendor Certifications.
Kind of Document
Kind of Document refers to the document format. Supplios provides a predefined list: Contracts, Certificates, Policies, Acknowledgements, and Forms.
For supplier certifications, select Certificate.
Document Name and Single vs Multiple Documents
Give the document type a clear, descriptive name (e.g., ISO 9001 Certificate) and specify whether a supplier can have one or multiple documents of this type.
- Most suppliers will have a single document per Document Type (or none, if not applicable). You are still allowed to have multiple document versions even if the Document Type is set to allow a single document per supplier.
- However, some suppliers may have multiple documents, such as several ISO 9001 certificates for different plant locations.
Expiration Tracking
Since supplier certificates usually have valid-from and valid-to dates, enable Expiration Tracking to monitor certificate validity and automate renewal reminders.
For more information on Document Categories, Kinds of Documents, and multiple vs. single document setup, see Compliance Module – Key Concepts.
Setting Document Requirements
Once you have created your Document Type, you may want to set Requirement Rules, which allow you to automatically enforce which documents each supplier must have on file, based on their profile data.
To configure Requirement Rules, go to the Compliance page on the left-side menu, select Document Types and choose the document type you want to manage, then open the Requirement Rules tab across the top.
If requirement tracking isn’t enabled yet, click Enable Requirement Tracking.
You can then define which suppliers have this Document Type Required, Optional, or Excluded.
These rules are based on supplier tags, and you can add multiple rules - the system will evaluate them in order until one applies. If no rule matches a supplier, the default rule is used, so make sure to configure that.
For example, suppliers with the tag Approved may have the document Required, while all other suppliers may have it Optional.
After saving the rules, the summary bar will show how many suppliers have the document type marked as required, optional, or excluded.
For more details on setting the Requirement Rules or viewing the Requirement Status Grid, see GUIDE: Setting Document Requirements in the Compliance Module.
Setting up Supplier Uploads of Certificates
To configure supplier visibility, submission workflows, and automations, open the Settings tab of the Document Type. This tab includes several sections, but we'll walk through only the most important ones, related to setting supplier visibility and supplier uploads.
Supplier Visibility
In the Supplier Access section, you can enable supplier visibility. By default, suppliers cannot see their documents. However, for certifications, you'll typically want suppliers to view and upload their own documents. To allow access, enable visibility for all supplier users or Supplier Admins only. These users will then be able to view the uploaded certificates.
Note that suppliers can only ever see documents related to their own company, never documents from others.
Supplier Submissions
To allow suppliers to upload certificates themselves, go to the Submission Workflow section and enable supplier submissions. By default, the workflow includes two steps: Supplier Upload and Internal Approval. This means that an internal user must review and approve supplier submissions before they're considered valid. If internal approval is unnecessary, you can disable this step.
Supplier Assignees
Once supplier submissions are enabled, assign which supplier contacts will receive upload tasks and reminders. You can do this in the Supplier Access section, where you previously enabled supplier visibility. You can select Supplier Admins, Sourcing Contacts, and/or Quality Contacts. Any user matching at least one selected role will receive tasks. We also recommend enabling Fallback to all supplier contacts in case no users match the selected roles.
Internal Team
In the Internal Team section, you can manage Document Type Admins - users who configure settings, review and approve/reject supplier submissions for this Document Type.
You can also add more Internal Teams, then add internal users to those teams. These Teams (Roles) can then be set as the assignees for Approval tasks, or as the recipients of Internal Reminder Tasks for the Documents of this Document Type.
Validity Date Settings
In the Validity Date Settings tab, you can define how validity dates are handled. By default, certificates require both “Valid From” and “Valid To” fields. You can adjust this to make dates optional or mark them as not applicable, if needed.
You can also control who can edit validity dates, for instance, if corrections are needed.
By default, only Internal Document Admins can edit validity dates, however, you can enable other internal users and supplier users to edit them as well.
Automations
In the Automations tab, you can enable automatic renewal and assign additional reminder tasks and emails.
Auto-renewal starts document collection (the submission workflow) automatically a set time - months, weeks, or days before expiration. Assigned supplier users will receive notifications and tasks to upload a new version. The task will "live" in their dashboard until it is completed. Supplios will also send regular (weekly/daily) emails to each internal and supplier user with their open tasks.
For certificates, you typically don't need to set any additional reminder tasks and emails as the supplier will already be receiving regular e-mails about their open tasks, which will include the task for uploading the certificate. However, if you wish to do so, you can add extra reminder tasks and emails to internal or supplier users. For example, you could create a task for the Document Type Admin to call the supplier if the certificate still hasn’t been uploaded 2 days before expiration.
For more detailed information on configuring supplier uploads, see this article: Setting up Supplier Uploads of Certificates & Contracts in the Compliance module.