Skip to content
InspectionPublished Feb 28, 2026 · 7 min read

Vendor surveillance: scoping your way out of risk.

Uniform vendor surveillance is the most common way to spend a lot of money and still miss the defects that matter. A risk-tiered approach concentrates inspection effort where consequence-of-failure is highest, and reduces it where the supplier's track record earns lower oversight — without ever going to zero.

Key takeaways
  • 01Tier every vendor by consequence-of-failure, not by spend.
  • 02Pre-qualify before purchase order — never rely on surveillance to catch what pre-qual should have caught.
  • 03Surveillance intensity must be re-tiered after every material NCR or supplier change.
  • 04Even Tier 3 (low-risk) vendors need an annual verification check — 'trusted supplier' is not a status, it is a hypothesis.

The three-tier model

Tier 1 — Critical: safety-related, single-source, or long-lead items where failure has regulatory or catastrophic consequence. Full source inspection, resident inspector or high-frequency visits, 100% ITP witness, first-article inspection on every lot, and mandatory pre-shipment release.

Tier 2 — Important: significant to project outcome but not safety-critical, with qualified alternates. Sampled source inspection, mid-frequency visits, hold-point witness on the top 20% of ITP rows by risk, pre-shipment surveillance on lots above a threshold value.

Tier 3 — Standard: commodity items with proven suppliers and low consequence-of-failure. Receiving inspection with periodic supplier audit, annual verification visit, and NCR-triggered re-tiering.

Pre-qualification is not surveillance

Pre-qualification confirms a supplier is capable of doing the work — QMS certification, financial stability, prior work references, technical capacity, capability audits. Surveillance confirms they are actually doing the work correctly on your order. Owners that under-invest in pre-qualification try to use surveillance to close the gap; this is expensive and unreliable. Every dollar spent on pre-qualification saves several dollars in surveillance cost and rework.

Re-tiering triggers

A vendor's tier is not fixed. Re-tier upward on: any Major NCR, ownership change, key personnel departure, expansion into a new product line, or lapsed certification. Re-tier downward only after documented performance over a minimum window (typically 12 months) with defined KPIs met — on-time delivery, NCR rate, first-pass yield, corrective action closure time. Downward re-tiering without evidence is how surveillance programmes silently erode.

What to measure

Track four metrics per vendor: NCR rate per PO, average NCR closure time, on-time delivery, and audit finding density. Roll these up to a supplier scorecard reviewed quarterly. Suppliers trending badly on any two metrics move up a tier before the next purchase order. Suppliers with three quarters of clean data move down — but never below Tier 3.

Frequently asked

Questions we get on this topic

What is vendor surveillance?

Vendor surveillance is the ongoing quality oversight a purchaser applies to a supplier during the manufacture or execution of a purchase order — including source inspection, audits, hold-point witnessing and pre-shipment verification — to confirm the supplier is meeting the specification and code requirements.

How do you tier suppliers for surveillance?

Score each supplier by consequence-of-failure, criticality to the project, availability of qualified alternates and past performance. Group into three tiers with defined surveillance intensity per tier. Re-score after every material NCR or supplier change.

What is the difference between supplier pre-qualification and surveillance?

Pre-qualification confirms a supplier is capable and eligible to bid or receive a purchase order. Surveillance confirms they are actually performing to specification on that order. Pre-qualification is a gate; surveillance is a continuous control.

How often should vendor audits be performed?

Tier 1 vendors: annually plus event-driven audits after NCRs or changes. Tier 2: every two years plus event-driven. Tier 3: every three years or on NCR trigger. Certification bodies audit the supplier's QMS; your audits should focus on the specific processes making your product.

Get in touch

Need this delivered on your project?

We provide independent quality management, inspection and audit services across North America.

Talk to a Practitioner