Vendor Onboarding Checklist: 9 Things to Verify Before You Issue Your First PO

Why Most Vendor Onboarding Checklists Miss the Point

Search for vendor onboarding checklists and you'll find versions that cover the basics: signed contracts, tax forms, banking information, system access credentials. These are administrative checklists. They confirm that a vendor can receive a payment and that your procurement team has signed the right papers.

They say almost nothing about whether the vendor can actually deliver, or whether they'll exist in 18 months.

A real vendor onboarding checklist has two tracks: administrative setup (which most checklists cover adequately) and risk verification (which most checklists skip). This guide covers both. The risk verification items are the ones that prevent supply chain failures.

Track 1: Administrative Onboarding

These items should clear in the first week. They are largely process work, but they still need to happen before the first purchase order.

1. Legal and registration verification. Confirm the vendor is a registered legal entity with a valid EIN or equivalent. Check that formation documents match the contracting entity name. This prevents payment to shell companies and catches name discrepancies before they become legal disputes.

2. Signed master services agreement or purchase order terms. Depending on your procurement structure, vendors sign either a standalone MSA or they accept your standard PO terms. Either way, a signed agreement must exist before the first purchase order goes out.

3. W-9 or W-8 on file. Required for 1099 reporting. Non-US vendors need a W-8BEN or W-8BEN-E depending on entity type. Frequently missed with international vendors and expensive to chase down at year-end.

4. Banking and payment information verified. Confirm bank name, routing, and account numbers. For ACH vendors, run a small verification payment before loading them for full AP volume. Wire fraud via vendor impersonation is a real risk at this step and the verification payment costs almost nothing to run.

5. Insurance certificates collected and current. Verify active coverage for general liability, workers' compensation, and any specialized coverage your contract requires — errors and omissions, cyber, professional liability. Collect certificates before first delivery. A lapsed certificate at delivery time is not a technicality; it is often a signal of cash flow strain.

6. System access provisioned. If the vendor needs access to your systems — supplier portal, order management, data feeds — provision access only to what they need. Record what access was granted and when. Access creep in vendor accounts is a real security risk that starts at onboarding.

Track 2: Risk Verification

This is where most vendor onboarding checklists stop being useful. These items take more work and more tools, but they are the items that prevent supply chain disruptions and financial losses. Running them at onboarding is the only time you have before you depend on the vendor.

7. Financial health check. Pull the vendor's trade credit history. How do they pay their own suppliers? A vendor who consistently pays their trade creditors late is a vendor under financial stress. That stress will show up in your relationship eventually, as quality problems, delayed deliveries, or outright failure. This check takes ten minutes and catches the single most predictive indicator of vendor viability.

Look specifically for: days payable outstanding trend (is it growing?), trade reference quality from peer suppliers, UCC lien filings — especially secured party filings that suggest the vendor is pledging assets — and any recent judgment liens.

The vendors that have blown up supply chains in recent years — Harvest Sherwood Food Distributors, Envelope 1 — had financial signals that preceded their collapses by months. Those signals were in trade credit data, not in questionnaire responses. Procurement teams who were monitoring financial health had time to act. Those relying on annual check-ins found out when payments stopped.

8. Bankruptcy and litigation search. Run a public records check for active bankruptcy filings, judgment liens, and significant pending litigation. A vendor in Chapter 11 reorganization is not automatically disqualifying, but you need to know about it before you depend on them for critical inputs. A vendor with multiple recent judgments against them is showing you something about how they operate.

9. Sanctions and watchlist screening. OFAC, SDN list, and any applicable international sanctions screens. Required for regulated industries and good practice for everyone. Most procurement systems can automate this screen at onboarding.

10. Vendor concentration risk assessment. How dependent is your business on this vendor? If they supply a single-source component, are the sole provider of a critical service, or represent more than 20% of a category, they need enhanced financial monitoring — not just a standard onboarding check. Document this dependency and set a review frequency before you close onboarding.

11. Cybersecurity and compliance documentation. For vendors who will access your systems, data, or networks: collect their most recent SOC 2 report or equivalent, confirm documented security policies, and send a SIG or SIGlite questionnaire for critical vendors. This belongs in your onboarding checklist, not only in your annual review cycle. OneTrust, ProcessUnity, and Venminder all support this workflow. The limitation is that questionnaires are self-reported and annual — they catch policy documentation, not current financial condition.

12. Reference check with current customers. Call two or three of their existing customers who handle similar volume and purchase category. Ask specifically about delivery reliability, how the vendor handles problems, and whether the vendor has shown any signs of operational strain. A vendor's provided references will be their best customers. Ask them the uncomfortable questions anyway.

Setting the Monitoring Cadence After Onboarding

Vendor onboarding is not a one-time event. The checklist above gets you to the first purchase order. What happens in month seven, when financial conditions change, requires a separate answer that most onboarding processes do not provide.

Before closing the onboarding process, set the monitoring parameters explicitly:

For critical or high-concentration vendors: continuous financial monitoring plus annual security questionnaire review. The financial monitoring should run in the background without requiring analyst intervention — automated alerts when payment behavior shifts, when UCC activity increases, or when trade credit signals deteriorate.

For standard vendors: quarterly review of trade credit signals plus annual full review. Document who owns the review and where alerts route.

For low-risk, low-concentration vendors: annual review is sufficient. The most common failure mode in vendor risk programs is that the annual review becomes informal and infrequent. Build the review into a calendar with an owner.

What to Do When a Vendor Fails an Item

Not every flag is disqualifying. The question is whether you know about it before you depend on the vendor.

Financial health concerns (late trade payments, UCC liens): escalate to a financial health review before proceeding. Get two to three years of financial statements if available. Understand the trajectory. A vendor who is financially stressed but stabilizing is different from one in active deterioration. Document your risk decision either way.

Bankruptcy history (discharged, completed): understand the timeline and circumstances. A vendor who completed Chapter 7 five years ago and rebuilt operations is not the same as one currently in Chapter 11 reorganization. The current restructuring scenario requires active monitoring of reorganization progress and alternative supplier development in parallel.

Insurance gaps: do not proceed until coverage is current and confirmed. Insurance lapses are rarely accidental. They often indicate cash flow strain that is showing up first in payments to insurers before it shows up in payments to suppliers.

Litigation flags: get specifics. One employment dispute is different from a pattern of supplier non-payment claims. A pattern of trade creditor suits tells you how this vendor treats its own supply chain — and gives you a preview of how they may eventually treat yours.

Questionnaire exceptions: depending on severity, either require remediation before onboarding or accept with documented compensating controls and a remediation timeline. Never silently waive an exception with no documentation.

The Difference Between Administrative Onboarding and Vendor Risk

OneTrust, Venminder, and ProcessUnity have built platforms around managing vendor questionnaires and compliance documentation. That workflow matters and those platforms handle it well. The documentation trail they create is a real compliance asset.

The risk that ends supply chains — vendor financial failure — is almost entirely absent from questionnaire-centric platforms. A vendor can be fully compliant on paper, with a clean SIG and current certificates, and be three months from a bankruptcy filing that none of your questionnaire data predicted.

The onboarding checklist above costs more to run than a basic administrative checklist. The financial health check, the bankruptcy search, the concentration risk assessment all require time and data. That cost is front-loaded and small relative to the cost of a supply chain disruption or a significant write-off from a vendor who failed while your team was waiting for the next annual review.

For financial monitoring that runs continuously after onboarding, see Credit Pulse's approach to vendor financial risk. For the parallel workflow on the customer credit side, see the B2B customer onboarding guide.