FCG Food Compliance Guide Practical food labeling, HACCP, and compliance guidance for small food businesses.

Food Safety Systems

Supplier Approval Program for Food Manufacturers

A practical supplier approval program guide for food manufacturers covering supplier risk, specifications, COAs, allergens, letters of guarantee, audits, changes, monitoring, and approved supplier lists.

Updated May 13, 2026 supplier approval program food manufacturers

Why supplier approval matters

Supplier approval protects the food safety plan, allergen program, traceability system, label accuracy, and audit file. A supplier change can affect hazards, allergens, claims, Nutrition Facts, lot codes, country of origin, customer specs, and food fraud risk.

Use this program with the Food Safety Plan Template, Allergen Control Program, Traceability Plan Template, SQF Audit Checklist, and templates hub.

Who this is for

This guide is for small food manufacturers, bakeries, co-packers, food startups, QA coordinators, purchasing teams, and owners who need an approved supplier list for a food safety plan, customer approval, SQF audit, buyer onboarding, or internal compliance file.

It is most useful when the business buys ingredients, packaging, labels, co-manufacturing services, warehouse services, or private label materials that can affect food safety, allergens, claims, traceability, or customer specifications.

Supplier risk classification

Classify suppliers based on product risk, ingredient type, processing, allergen profile, history, country or market risk, customer requirements, and whether the supplier controls a hazard for you.

Risk levels do not need to be complicated. They need to be documented and used consistently.

Example: high-risk vs low-risk supplier documents

A ready-to-eat nut ingredient supplier may need a current specification, allergen statement, COA requirements, food safety certification or audit information, change notification agreement, and supplier risk review. A plain corrugated case supplier may need fewer food safety documents, but the business may still need packaging specifications, approval status, and change controls if the case label affects traceability or customer requirements.

Required supplier documents

Required documents may include:

  • Product specification.
  • Ingredient statement and sub-ingredients.
  • Allergen statement.
  • Certificate of analysis where applicable.
  • Food safety certification or audit summary.
  • Letter of guarantee or equivalent assurance.
  • Country of origin or import documents where relevant.
  • Change notification agreement.
  • Contact information.

COA and specification review

Specifications define what is being purchased. COAs may support specific lots or shipments. QA should define which COAs are required, what test results matter, who reviews them, and what happens when results are missing or out of specification.

Allergen information

Supplier allergen information should feed the allergen matrix and label review. If suppliers provide blended ingredients, flavors, seasonings, or rework-containing materials, sub-ingredient review is especially important.

Letter of guarantee

Some businesses use letters of guarantee or supplier assurance letters as part of approval. These documents should not replace risk review, but they can support the supplier file when appropriate.

Audit or certification review

Certifications and audits can support approval, but QA should verify scope, expiration, product category, and whether the certification covers the ingredient or process supplied.

New supplier approval

Before using a new supplier, define what must be reviewed and who approves release for purchasing. Emergency supplier approval should be controlled and documented.

Supplier change review

Supplier changes can affect formula, allergens, nutrition data, claims, traceability, and food safety plan controls. Require notification for changes that matter to your product.

Ongoing monitoring

Monitor supplier performance through complaints, COA failures, late documents, receiving issues, foreign material, allergen discrepancies, customer feedback, and audit findings.

Approved supplier list

Maintain an approved supplier list with supplier name, material, approval status, risk level, review date, next review date, and restrictions.

What to include

A supplier approval program should include supplier scope, risk classification, document requirements by risk level, specification review, allergen data review, COA expectations, certification or audit review, supplier change notification, new supplier approval, emergency supplier approval, ongoing monitoring, supplier nonconformance, and approved supplier list control.

Records to keep

Keep approved supplier lists, supplier specifications, allergen statements, COAs where required, food safety certificates or audit summaries, supplier questionnaires, letters of guarantee or equivalent assurances where used, risk review notes, change notifications, receiving nonconformance records, complaint trends, and supplier review dates.

Practical checklist

  • Create supplier risk categories.
  • Define required documents by risk.
  • Review specs before first purchase.
  • Verify allergen and sub-ingredient data.
  • Define COA requirements.
  • Review certification scope and expiration.
  • Maintain supplier change expectations.
  • Keep an approved supplier list.
  • Monitor supplier nonconformance.
  • Reassess suppliers on schedule.

Common audit or customer request

Auditors and customers commonly ask to see the approved supplier list, supplier risk logic, current specifications, allergen documentation, COA review evidence, supplier certifications, change notification records, and how supplier issues are investigated through CAPA.

For private label or co-packed products, customers may ask whether the supplier file supports their specifications and claims.

Common mistakes

Common mistakes include approving suppliers by price only, missing allergen data, accepting expired certifications, failing to review supplier changes, and not connecting supplier specs to label review.

Another mistake is collecting documents without reviewing them. A supplier file is useful only if QA knows what the documents say.

QA perspective

From a QA perspective, supplier approval is upstream food safety control. It is easier to prevent a problem by approving the right supplier than to fix undeclared allergens, failed COAs, traceability gaps, or formula changes after production.

Supplier approval should be practical, risk-based, and current. The approved supplier list should agree with purchasing, receiving, label review, allergen matrix, and food fraud records. If purchasing can buy from a supplier QA has not approved, the program is not controlled.

Source notes

Verify supplier control expectations with applicable official and certification sources:

FAQ

What documents should be collected from suppliers?

Common documents include specifications, allergen statements, COAs where applicable, certifications, letters of guarantee, food safety questionnaires, and change notification expectations.

Does every supplier need the same review?

No. Supplier review should be risk-based. A high-risk ingredient supplier may need more review than a low-risk packaging supplier.

How often should suppliers be reviewed?

Frequency depends on risk, customer expectations, certification program, complaints, nonconformances, and changes. The procedure should define review frequency.

Food Labeling

Allergen Control Program for Food Manufacturing

A practical allergen control program guide for food manufacturers covering supplier review, allergen matrix, storage, scheduling, sanitation, label verification, rework, training, complaints, and CAPA.

SQF & Audits

Food Fraud Vulnerability Assessment Template

A practical food fraud vulnerability assessment template for reviewing ingredient risk, supplier risk, market risk, economically motivated adulteration, mitigation plans, and review frequency.