Food Safety

SQF Supplier Approval Program: Minimum Requirements

By
Serhii Uspenskyi
June 11, 2026

Your supplier approval program tells an SQF auditor how much control you have over the materials entering your facility.

It shows whether suppliers are evaluated before purchasing begins, whether ingredient and packaging risks affect approval decisions, whether certificates and specifications remain current, and whether incoming materials are checked against established requirements.

Many food manufacturers maintain an approved supplier list in a spreadsheet. That may be one part of the program, but the list alone is not enough.

Under the SQF Food Safety Code: Food Manufacturing, the site must maintain a documented and implemented process for selecting, evaluating, approving, and monitoring suppliers. The process must be based on risk and supported by records that show how each supplier earned and retained its approval status.

A reliable program, therefore, connects several activities:

  • Supplier risk assessment
  • Initial qualification
  • Document collection and review
  • Approved supplier status
  • Incoming material verification
  • Supplier performance monitoring
  • Periodic re-evaluation
  • Emergency supplier controls

This guide explains what SQF requires, how to structure the program, what auditors normally examine, and how to correct common weaknesses before they become audit findings.

What an SQF Approved Supplier Program Actually Means

The official SQFI approved supplier guidance describes an approved supplier as a supplier that has been assessed and approved by the site, based on risk, as capable of meeting the site’s food safety and quality requirements.

Three parts of that definition are important.

First, the supplier must be assessed. A purchasing history, verbal recommendation, or familiar company name does not automatically demonstrate assessment. The site needs evidence that someone reviewed the supplier against defined criteria.

Second, the supplier must be approved. The program should show who made the decision, when it was made, what evidence supported it, and whether any conditions were attached.

Third, the decision must be based on risk. Suppliers should not all pass through the same approval process regardless of what they provide. A supplier of a ready-to-eat dairy ingredient presents a different risk profile from a supplier of corrugated shipping cases that never contact food.

The depth of the assessment should reflect factors such as:

  • The hazards associated with the material
  • Whether the supplier controls a significant hazard
  • Intended use of the material
  • Allergen status
  • Microbiological sensitivity
  • Regulatory requirements
  • Country of origin
  • Supplier certification status
  • History of complaints or non-conformances
  • The site’s ability to detect a problem at receiving
  • The severity of the potential consequence

This is why an approved supplier program is more than document storage. It is a control system for deciding which suppliers can introduce materials into your operation and under what conditions.

SQF Edition 9 Requirements for Supplier Approval

The approved supplier requirement does not use the same clause number across every SQF Edition 9 Code. SQFI clarifies that it appears under clause 2.3.3 in the primary food safety codes and under clause 2.3.4 in the other applicable codes, except the Storage and Distribution Code. Manufacturers should therefore confirm the exact clause number in the SQF Code that applies to their Food Sector Category. The official SQFI Edition 9 approved supplier amendment provides the applicable clause references by code.

For sites certified under the SQF Food Safety Code: Food Manufacturing, Edition 9, the approved supplier program is addressed in clause 2.3.4 and is mandatory. The clause requires the site to maintain a documented and implemented system for selecting, evaluating, approving, and monitoring suppliers. It also requires current records of approved suppliers, receiving inspections, and supplier audits.

The approved supplier program should define:

  • Who collects and reviews supplier information
  • Who performs the supplier risk assessment
  • Who has the authority to approve, conditionally approve, suspend, or reject a supplier
  • What evidence is required for each supplier risk category
  • How supplier performance is monitored
  • How often are suppliers re-evaluated
  • How emergency suppliers are authorized and controlled
  • How supplier changes are communicated to purchasing, receiving, and QA personnel

The procedure must reflect the process employees actually follow. A generic policy copied from a template may create an audit problem when purchasing, receiving, or QA personnel describe a different process.

For example, if the procedure states that QA must approve every ingredient supplier before the first purchase, but the purchasing team can activate a new supplier without QA authorization, the documented program has not been fully implemented.

Documented responsibility and procedure

The site must document responsibility for selecting, evaluating, approving, and monitoring suppliers.

Your procedure should identify:

  • Who collects supplier information
  • Who performs the risk assessment
  • Who can approve or reject a supplier
  • What evidence is required for each risk level
  • How conditional approval is managed
  • How supplier performance is monitored
  • How frequently are suppliers re-evaluated
  • When approval can be suspended or withdrawn
  • How emergency suppliers are controlled

The procedure should describe what actually happens at your site. A generic policy copied from a template can become a problem when employees describe a different process during interviews.

For example, if the procedure says that QA approves all ingredient suppliers before the first order, but purchasing can create suppliers in the ERP without QA authorization, the documented system and operational system do not match.

That inconsistency is often more concerning to an auditor than an imperfectly written procedure.

Risk-based approval methods

The methods used to approve and monitor suppliers must be based on risk.

SQF does not prescribe one universal supplier-risk matrix. The site can design a method appropriate to its products, processes, customers, and regulatory obligations.

However, the reasoning must be documented and consistently applied.

A supplier should not be marked “high,” “medium,” or “low” without an explanation. The record should show which factors were considered and how the final rating was reached.

The program must also define the methods and frequency used to monitor supplier performance. Higher-risk suppliers normally require more extensive qualification and more frequent review.

Approved supplier register

The site must maintain an approved supplier register, commonly called an approved supplier list or ASL.

The SQF Edition 9 approved supplier amendment clarifies that supplier contact details must be included and that both approved and emergency suppliers must be registered.

At a minimum, a useful register should include:

  • Supplier legal or trading name
  • Facility location, where relevant
  • Primary contact information
  • Materials or services supplied
  • Supplier risk classification
  • Approval status
  • Approval date
  • Approval basis
  • Re-evaluation frequency
  • Next review date
  • Emergency supplier designation, where applicable
  • Restrictions or conditions
  • Current certification status

A register containing only supplier names does not provide enough information to demonstrate how the program is controlled.

Emergency use of non-approved suppliers

SQF permits the use of a non-approved supplier in an emergency, but the exception is not unrestricted.

Before the material is used, the site must perform and record an appropriate receiving inspection or analysis.

The supplier procedure should define what qualifies as an emergency. Examples may include an unexpected interruption by an approved supplier, a major transportation disruption, a natural disaster, or a critical material shortage that threatens production.

Poor planning should not automatically be treated as an emergency.

The procedure should also define:

  • Who can authorize the emergency purchase
  • What documents must be collected
  • What inspection, testing, or verification is required
  • Whether the material must be placed on hold
  • Who can release it for production
  • How the supplier will be assessed after the emergency
  • Whether the supplier should be added to the emergency supplier register

Where a site already knows which backup suppliers may be needed for critical materials, it is better to assess and register them in advance.

Suppliers under common ownership

Materials received from another facility within the same corporate group are still subject to supplier approval controls.

A sister plant, central warehouse, parent company, or affiliated production facility should not be treated as automatically approved simply because it belongs to the same organization.

The supplying location must still meet applicable specification, approval, receiving, and verification requirements.

Supplier audits

When supplier audits are used as part of approval or verification, they must be conducted by a person with appropriate food safety and regulatory knowledge who is trained in auditing techniques.

The audit scope should reflect the material and risks being evaluated. A brief general questionnaire is not equivalent to an audit of controls for a significant microbiological, chemical, or allergen hazard.

Approved Supplier List Versus Approved Supplier Program

An approved supplier list is a controlled record showing which suppliers currently hold an approved or otherwise authorized status.

The supplier approval program is the system that produces and maintains that list.

The program explains:

  • How suppliers are identified and screened
  • How risk is calculated
  • Which documents are required
  • What qualifies a supplier for approval
  • Who authorizes the decision
  • How incoming materials are checked
  • How supplier performance is measured
  • How often is approval reviewed
  • How failures are handled
  • How emergency purchases are controlled

A site may have an accurate list while still having a weak program.

The opposite problem also occurs. A site may keep detailed questionnaires and certificates in separate folders but fail to update the central register when a certificate expires, or a supplier is placed on hold.

A well-controlled program keeps supplier status, supporting documents, material requirements, and performance history connected.

How to Classify Suppliers by Risk

A practical risk model should be detailed enough to support consistent decisions but simple enough for the QA team to maintain.

For many small and mid-sized manufacturers, three levels are sufficient.

High-risk suppliers

High-risk suppliers may include those providing:

  • Ready-to-eat ingredients
  • Ingredients associated with microbiological hazards
  • Allergen-containing materials
  • Materials in which the supplier controls a significant hazard
  • Ingredients with heavy-metal, pesticide, mycotoxin, or chemical contamination risks
  • Materials with complex or vulnerable international supply chains
  • New ingredients without an established performance history
  • Materials that receive no further kill step at your facility

Possible approval evidence may include a current certification recognized by a suitable food safety program, a supplier audit, a detailed questionnaire, regulatory compliance checks, product specifications, allergen documentation, and lot-specific COAs.

The exact combination should reflect the identified hazards. Certification should not replace the evaluation of whether the certification scope covers the actual facility, process, and product being purchased.

Medium-risk suppliers

Medium-risk suppliers may include:

  • Food-contact packaging suppliers
  • Processing-aid suppliers
  • Lower-risk ingredient suppliers
  • Established suppliers with a strong performance history
  • Suppliers whose materials receive an effective control step at your facility

Approval may involve a questionnaire, specifications, relevant certificates, declarations of compliance, migration documentation for packaging, and review of the supplier’s performance history.

Low-risk suppliers

Low-risk suppliers may include:

  • Non-food-contact packaging providers
  • Office or secondary packaging suppliers
  • Certain service providers
  • Suppliers whose products do not create a direct food safety risk

Approval may be based on a simplified questionnaire, specification review, licensing evidence, contractual requirements, or documented history.

However, “low risk” should not mean “uncontrolled.” Sanitation chemicals, pest-control providers, laboratories, calibration services, and transport companies may require specific competency, licensing, accreditation, or service documentation even if they do not supply ingredients.

A Practical Supplier Risk Assessment

A supplier risk assessment should consider both the material risk and supplier-specific risk.

A practical scoring assessment may include:

Hazard severity

What would happen if the supplied material failed to meet requirements?

A pathogen in a ready-to-eat ingredient may create a severe consumer-safety consequence. A minor color variation in a non-food-contact box normally would not.

Likelihood of occurrence

Is the material commonly associated with recalls, contamination, adulteration, allergen errors, or regulatory enforcement? 

Historical data, scientific literature, recall databases, and regulatory alerts can support this decision.

Detectability at receiving

Can the problem be detected before the material enters production? 

A damaged package may be visible. Undeclared allergens, pathogens, pesticide residues, or economically motivated adulteration may not be.

Supplier controls

Does the supplier have a current certification, documented preventive controls, validated processes, competent personnel, testing programs, and traceability procedures?

Supplier performance

Consider rejected loads, specification failures, complaints, late COAs, expired certificates, corrective-action responsiveness, audit results, and recall history.

Country and supply-chain complexity

Long or opaque supply chains may increase vulnerability. Brokers, consolidators, multiple production sites, and changing countries of origin can make verification more difficult.

The final classification should have a written rationale. A short explanation is often enough:

“High risk because the supplier provides a ready-to-eat allergen-containing ingredient with no further lethality step at our facility. Annual certification review, lot-specific COA verification, and annual performance review required.”

That statement gives an auditor a clear line from hazard to control.

What Should Be Included in Each Supplier File?

Supplier files do not all need to contain identical documents. The contents should reflect the supplier’s risk level, supplied materials, and approval basis.

A complete file may include:

  • Completed supplier questionnaire
  • Documented risk assessment
  • Approval decision and date
  • Current contact information
  • Product or material specifications
  • Food safety certification
  • Certification scope
  • Audit report
  • Corrective actions from supplier audits
  • Allergen statements
  • Ingredient declarations
  • Country-of-origin information
  • Regulatory licenses or registrations
  • Insurance documentation, where required
  • Letters of guarantee or continuing guarantees
  • Organic, halal, kosher, non-GMO, or other claim certificates
  • Packaging declarations of compliance
  • COAs or certificates of conformance
  • Complaint and rejection history
  • Supplier corrective-action records
  • Re-evaluation records
  • Approval restrictions or conditions

The file should also make document validity visible.

A certificate may be present but expired. An audit report may cover a different production location. A certification scope may not include the material your site purchases. An allergen statement may predate a formulation change.

The purpose of document control is not simply to collect files. It is to confirm that the evidence remains current and applicable.

Manufacturers managing a large number of supplier documents may benefit from a structured supplier quality management system rather than relying on disconnected folders, inboxes, and spreadsheets.

See how IONI’s food safety software helps QA teams centralize supplier records, monitor missing evidence, and keep audit documentation ready.

COA Verification: What Auditors Expect to See

A certificate of analysis is not useful merely because it has been received and saved.

The site must determine whether the reported results meet the approved specification for the material and lot.

A workable COA verification process should show:

  1. Which incoming lot was reviewed
  2. Which supplier COA applies to that lot
  3. Which parameters were checked
  4. What the approved specification limits were
  5. What values did the supplier report
  6. Whether each requirement passed or failed
  7. Who completed the review
  8. When the review was completed
  9. What happened when a requirement was not met

Consider a dry ingredient with limits for moisture, microbiological indicators, heavy metals, and allergen status.

The receiving or QA record should not simply say “COA received.” It should show that applicable results were compared with the current specification.

For example:

  • Specification: Moisture maximum 5.0%
  • COA result: 4.2%
  • Decision: Accept

If a result falls outside the specification, the material should be controlled under the site’s non-conforming product procedure. Depending on the issue, the lot may be placed on hold, rejected, tested, returned, or accepted only through a documented deviation process supported by an appropriate risk assessment.

The FDA supply-chain program guidance also emphasizes risk-based supplier verification, where a supplier controls a hazard requiring a supply-chain control. Although SQF certification and FDA compliance are separate obligations, manufacturers can often align the evidence used for both systems.

Explore IONI Ingredients Intelligence to connect supplier COAs with ingredient specifications, identify missing or out-of-range results, and track supporting supplier documents in one place.

Incoming Material Controls Should Match Supplier Risk

Supplier approval does not eliminate the need for receiving controls.

The receiving process should confirm that the delivered material matches the purchase and specification requirements.

Checks may include:

  • Supplier approval status
  • Material name and item code
  • Lot or batch number
  • Seal integrity
  • Packaging condition
  • Trailer cleanliness
  • Delivery temperature
  • Allergen labeling
  • Country of origin
  • COA availability
  • Certificate of conformance
  • Shelf life
  • Pest or contamination evidence
  • Tampering or damage
  • Quantity and purchase-order match

Higher-risk materials may require QA release before use. The system should prevent materials from being released merely because production needs them urgently.

Where an organization uses an ERP, warehouse system, or food safety platform, supplier status should be visible to purchasing and receiving personnel. Ideally, inactive, suspended, or unapproved suppliers should not be available for routine ordering.

How Frequently Should Suppliers Be Re-evaluated?

SQF requires the site to document its review methods and frequency. Edition 9 does not impose one universal re-evaluation interval for every supplier.

The frequency should reflect risk.

A common structure is:

  • High-risk suppliers: at least annually
  • Medium-risk suppliers: annually or every 18 months
  • Low-risk suppliers: every two years
  • Emergency suppliers: after use and before future routine use

However, a calendar-based review should not be the only trigger.

Immediate or early re-evaluation may be necessary after:

  • A supplier-related recall
  • A regulatory warning or enforcement action
  • A failed COA
  • Repeated specification failures
  • An undeclared allergen event
  • A serious customer complaint
  • A supplier audit failure
  • Loss or suspension of certification
  • A significant ownership or facility change
  • A change in manufacturing location
  • A formulation or process change
  • Poor corrective-action performance
  • Evidence of fraud or adulteration
  • A change in country of origin

A re-evaluation should review actual performance, not merely replace an old questionnaire with a new one.

The review may consider:

  • Certification and audit status
  • Delivery performance
  • COA compliance
  • Rejected material
  • Complaints
  • Corrective actions
  • Specification changes
  • Document expirations
  • Regulatory history
  • Traceability performance
  • Responsiveness during incidents

The outcome should be recorded as approved, conditionally approved, suspended, or removed.

Conditional Approval and Supplier Corrective Actions

Not every supplier issue requires immediate permanent removal.

A conditional approval process can allow the site to impose additional controls while the supplier resolves a defined problem.

Conditions might include:

  • Increased testing
  • COA required for every lot
  • QA hold at receiving
  • Additional supplier documentation
  • Completion of corrective action by a deadline
  • A follow-up audit
  • Restricted materials or production locations
  • Shortened re-evaluation frequency

Where a supplier fails to correct a serious or repeated issue, the program should define when approval is suspended or withdrawn.

Common SQF Supplier Approval Findings

The supplier register is incomplete

The register may omit contact details, emergency suppliers, supplied materials, approval dates, or status information.

Corrective action should include updating the register format, completing missing records, and assigning responsibility for maintenance.

The site has no documented approval criteria

The supplier is listed as approved, but no one can explain the evidence required for approval.

Create written criteria for each risk level and apply them retrospectively to active suppliers.

Supplier risk ratings have no rationale

Every supplier may be marked medium risk, or ratings may appear to have been selected without reference to material hazards.

Reassess suppliers using documented factors and record the reason for each classification.

Certificates are expired or do not cover the supplied product

The supplier file contains a certificate, but its validity, site address, or scope does not match the purchase.

Add certificate expiration monitoring and require scope verification during approval and re-evaluation.

COAs are collected but not reviewed

The COA is saved in a folder, but no comparison with the ingredient specification is documented.

Add a formal review and release step. Record the parameter, limit, result, decision, reviewer, and date.

Re-evaluations are overdue

The procedure requires annual review, but active suppliers have not been assessed for several years.

Create a risk-prioritized recovery plan. Review the highest-risk suppliers first instead of waiting until every file can be completed at once.

Emergency suppliers are used as routine suppliers

Repeated purchases are classified as emergencies to avoid normal approval requirements.

Define emergency use narrowly and require formal qualification before the supplier can be used routinely.

Purchasing can bypass QA approval

A supplier may be added or used without a food safety review.

Establish approval gates in the purchasing process and define who can activate a supplier.

Supplier performance is not connected to approval status

Complaints, rejected deliveries, and corrective actions are stored separately and never considered during re-evaluation.

Create a supplier scorecard or review summary that consolidates performance information.

Many of these problems also appear in broader audit preparation. The article Why Small Food Manufacturers Fail Food Safety Audits and How to Fix It Before the Auditor Arrives explains how document gaps, inconsistent implementation, and weak ownership develop across the food safety system.

How to Prepare the Program for an SQF Audit

Before the audit, select a sample of suppliers and review the files as an auditor would.

Include:

  • One high-risk ingredient supplier
  • One allergen supplier
  • One packaging supplier
  • One service provider
  • One recently approved supplier
  • One supplier with a previous non-conformance
  • One emergency supplier, if applicable

For each supplier, confirm that you can quickly demonstrate:

  • Current approval status
  • Risk classification and rationale
  • Approval basis
  • Applicable specifications
  • Current certificates
  • Recent incoming material records
  • COA-to-specification comparison
  • Complaint or non-conformance history
  • Latest re-evaluation
  • Any open corrective actions

Then trace one incoming lot from receiving back to the supplier file and forward into production.

This exercise tests whether supplier approval, traceability, receiving, specifications, and inventory controls operate as one system.

Companies starting certification because of a customer requirement should also review Your Retailer Requires SQF Certification: What to Do in the First 30 Days.

Sites working toward a compressed implementation deadline can use the practical sequence in SQF Certification in 90 Days: A Week-by-Week Plan for Small Food Manufacturers.

How Supplier Approval Connects With HACCP, FSMA, BRCGS, and SQF

Supplier approval should not operate as an isolated purchasing procedure.

It should connect directly with your hazard analysis.

When the HACCP or food safety team identifies a hazard associated with an ingredient, the team should determine:

  • Who controls the hazard
  • Whether the supplier’s control is relied upon
  • What approval evidence is necessary
  • Whether a COA is required
  • Whether incoming testing is needed
  • Whether receiving checks are sufficient
  • What happens when verification fails

The distinction between foundational HACCP controls and certification-system requirements is explained further in HACCP vs. SQF: What’s the Difference and What Do You Actually Need?.

Manufacturers operating across multiple customer and regulatory frameworks can also centralize evidence through a system designed for FSMA, BRCGS, and SQF compliance.

For US facilities, supplier approval may also support the FSMA preventive controls supply-chain program when a hazard requiring a supply-chain-applied control is managed before the material reaches the receiving facility. Requirements depend on the facility, material, hazard analysis, and applicable exemptions, so the regulatory obligation should be assessed separately from SQF certification.

Preparing for SQF Edition 10

SQF Edition 10 was released in March 2026. According to the current SQFI Edition 10 FAQ, audits are anticipated to begin on January 2, 2027.

That date depends on progress through the GFSI benchmarking process and may move later. SQFI states that Edition 10 audits will not begin earlier than January 2, 2027.

Sites audited before the implementation date should continue to follow Edition 9.

Even where the immediate audit remains under Edition 9, supplier programs should be designed to handle operational changes in a controlled way.

Examples include:

  • Adding a new ingredient supplier
  • Changing the manufacturing location
  • Replacing a supplier after a disruption
  • Changing an ingredient specification
  • Introducing a new country of origin
  • Losing a supplier certification
  • Changing the supplier’s process
  • Changing allergen status
  • Moving from direct purchasing to a broker

Each change should trigger a review of hazards, specifications, approval evidence, labels, traceability, and receiving requirements.

A structured regulatory intelligence system can help teams monitor changes in standards and regulations and connect relevant updates with internal procedures and compliance tasks.

Managing Supplier Approval With IONI

Supplier programs become difficult to maintain when information is divided among spreadsheets, shared drives, inboxes, ERP records, and paper receiving logs.

A missing COA, expired certificate, outdated specification, or overdue re-evaluation may remain unnoticed until an audit or incident exposes it.

IONI’s food safety software helps food manufacturers organize supplier approval as a connected operational process.

Watch IONI Demo Video:

Teams can use the platform to manage supplier approval as one connected process rather than a collection of separate files and spreadsheets. This gives QA teams faster access to the information they need and helps manufacturers identify gaps before they affect production or audit readiness.

  • Centralize supplier and ingredient records: Keep approval status, risk classifications, specifications, allergen information, and compliance documents in one place instead of searching across inboxes and shared folders.
  • Reduce missed document expirations: Track supplier certificates, expiration dates, and renewal requirements so QA teams can follow up before documents lapse.
  • Strengthen COA and specification control: Connect COAs with product and ingredient specifications, making it easier to confirm whether incoming materials meet defined requirements.
  • Keep supplier reviews on schedule: Monitor re-evaluation dates and outstanding supplier actions so high-risk suppliers do not remain approved without current evidence.
  • Respond to issues faster: Link non-conformances, corrective actions, and supplier performance records to the relevant supplier, giving teams a clearer basis for suspension, conditional approval, or removal.
  • Prepare for audits with less disruption: Retrieve supplier files, approval evidence, corrective actions, and audit records quickly instead of assembling them manually before the auditor arrives.

IONI’s Ingredients Intelligence capabilities help connect incoming supplier documentation with material specifications. This gives QA teams a clearer view of whether required documents are present, whether certificates remain current, and whether supplied results meet defined requirements.

The goal is not simply to digitize an approved supplier list. It is to maintain an active system that shows which suppliers are approved, why they are approved, what evidence supports the decision, and whether they continue to perform as expected.

Build a supplier approval program that stays ready between audits. 

IONI connects supplier qualification, ingredient specifications, COAs, corrective actions, and compliance evidence across SQF, BRCGS, and FSMA requirements. Replace scattered supplier records with one controlled compliance workflow.

SQF Supplier Approval Program Checklist

Before your next audit, confirm that:

  • A documented supplier approval procedure is in place
  • Responsibilities are clearly assigned
  • Supplier approval is based on documented risk
  • Approval criteria are defined for each risk level
  • Every active supplier appears on the register
  • Supplier contact details are included
  • Emergency suppliers are identified
  • Approval evidence is available
  • Certification scopes match the supplied products and facilities
  • Certificate expiration dates are monitored
  • Specifications are current and approved
  • COAs are compared with specifications
  • Receiving controls reflect material risk
  • Supplier complaints and non-conformances are tracked
  • Corrective actions affect supplier status where appropriate
  • Re-evaluation frequency is documented
  • Re-evaluations are current
  • Purchasing cannot routinely bypass supplier approval
  • Emergency purchases are authorized and inspected
  • Supplier changes trigger food safety review
  • Supplier records can be retrieved quickly during an audit

If several of these items are missing, start with high-risk ingredients and suppliers. Correcting the most significant food safety exposures first is more effective than attempting to update every low-risk supplier file at the same time.

Frequently Asked Questions

What is an SQF supplier approval program?

An SQF supplier approval program is a documented system for selecting, evaluating, approving, monitoring, and periodically re-evaluating suppliers. It includes risk-based approval criteria, defined responsibilities, an approved supplier register, supplier records, incoming material controls, performance monitoring, and emergency supplier procedures.

Which SQF clause covers approved suppliers?

For the SQF Food Safety Code: Food Manufacturing, Edition 9, the approved supplier program is addressed in clause 2.3.4. Approved supplier clause numbering may differ among other SQF sector codes, so sites should confirm the requirement in the code applicable to their Food Sector Category.

Is an approved supplier list enough for SQF?

No. The list is only one record within the broader program. The site must also demonstrate how suppliers are assessed, approved, monitored, re-evaluated, suspended, and removed.

Do all suppliers need GFSI-recognized certification?

No. SQF requires a risk-based approach rather than universal certification for every supplier. Certification can provide strong approval evidence, particularly for higher-risk suppliers, but the site must confirm that the certificate is current, issued for the correct facility, and relevant to the supplied products.

An uncertified supplier may still be approved when the site has sufficient evidence to demonstrate control. Depending on risk, that evidence may include questionnaires, audits, testing, specifications, regulatory records, and performance history.

How often should SQF suppliers be re-evaluated?

The site must define a risk-appropriate frequency. Many facilities review high-risk suppliers annually and lower-risk suppliers less frequently. Serious complaints, failed COAs, recalls, regulatory action, certification loss, or significant changes should trigger an earlier review.

Can a site use a non-approved supplier?

Yes, but only in an emergency, with a documented inspection or analysis before the material is used. The site should define emergency conditions, authorization requirements, hold-and-release controls, and follow-up assessment.

Does a COA automatically prove that an ingredient meets requirements?

No. The site should compare relevant COA results against the approved material specification and document the decision. Merely saving the COA does not show that the values were reviewed.

What supplier records will an SQF auditor request?

An auditor may request the supplier procedure, approved supplier register, risk assessments, questionnaires, certificates, audit reports, specifications, COAs, receiving records, re-evaluations, complaints, corrective actions, and emergency supplier records. The auditor may also trace a received lot back to its approval and verification evidence.

What is the fastest way to improve a weak supplier approval program?

Begin with the highest-risk materials. Confirm that the suppliers are approved, risk-assessed, supported by current evidence, and subject to effective COA and receiving verification. Then address overdue re-evaluations, incomplete register fields, document expirations, and lower-risk suppliers.

Our Latest Blog Posts

June 11, 2026
SQF Audit Checklist for Small Food Manufacturers
June 7, 2026
Food Safety Compliance Readiness Report 2026
June 7, 2026
The Smart Way to Meet All 7 HACCP Principles - With AI

Interested in Learning More?

Book a free consultation with our expert

Val Verbovetskyi

AI Expert

Book a Call
Headquarters: Burnaby, Canada 🇨🇦
Operations: Faro, Portugal 🇵🇹
Legal name: IONI AI INC.
Incorporation number: BC1556617
BURNABY, CANADA
Solutions
Food Safety Software
Ingredient Intelligence
Regulatory Intelligence
AI Internal Audit
HACCP Plan Builder
Company
About
Security
Contact Us
Blog
Legal
Privacy Policy
Terms & Conditions
Data Processing Agreement
Consent Management Form
Disclaimer
© Copyright 2026 IONI AI INC.  All rights reserved.
cookie
Cookie Policy
IONI uses cookies to enhance your experience, analyze traffic, and personalize content. By continuing to browse, you agree to our use of cookies. You can manage your preferences in the settings.
Disagree
Agree
Manage Cookies
Cookie settings
By clicking "Accept all cookies", you agree to storing cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts as outlined in our privacy policy.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings