Your business doesn’t operate in a vacuum, and it can’t work without its supply chain. It therefore stands to reason that your supply chain should be set up as you would your internal operations.
There’s one sure-fire way to ensure this is the case, and that’s by carefully quizzing suppliers before they come on board.
Supply chain questionnaires are very common. They’re also, sometimes, unfathomable and incredibly time consuming. The longest we’ve seen contained 750 questions!
This guide is for any business that needs to construct a questionnaire or has one sitting unanswered on their desk.
What are supply chain questionnaires for?
A supply chain questionnaire will help you assess whether or not a supplier can potentially deliver the service you require.
More importantly, it assesses whether or not they can do it to a standard that befits your organisation. Can they do things on time and without causing you any headaches in the form of additional overheads, poor service, unhappy customers and potentially reputational damage?
In other words, it’s a risk assessment.
What’s the main goal?
From a data privacy perspective, you want to find out about the service on the table and any inherent risks.
How can you mitigate – or avoid entirely – any incidents that may lead to data loss, delays in responding to individuals rights (eg. subject access rights) and ultimately complaints, investigations and worse case, fines.
If the supplier is likely to interact with clients, you’ll also need reassurance that their customer service is up to scratch.
Any failure within the supply chain will reflect badly on your business. The buck stops with you, and it’s the questionnaire’s job to sniff out any potential issues before you sign an agreement.
What shouldn’t it do?
The worst supply chain questionnaires simply contain a bunch of questions someone has downloaded from the internet and pasted into a document, with no understanding of what they’re supposed to achieve.
This lack of personal touch or consideration for the supplier usually results in one thing: a disregarded questionnaire on their behalf.
A good questionnaire will consider the service that you’re buying. So, for example, if you are sending a questionnaire to a new office cleaning company, think about the data that they may see e.g. paper on desks, security of the building etc. We had a client recently who received a spreadsheet with 115 deeply technical questions about their IT infrastructure and which asked them to provide a copy of their network diagram. It was laborious, pointless and an absolute waste of everyone’s time.
It shouldn’t be a ‘tick box’ exercise. It should ask for some evidence that supports the answer. For example, ‘Do you have a Data Privacy Policy?’ shouldn’t be a yes / no reply but instead a ‘please provide a copy of … ‘.
It shouldn’t deter your supplier from wanting to do business with you. Remember that questionnaire we mentioned at the beginning with 750 questions and the 30-minute turnaround? It’s there to assess your risk and not to provide an excel assault course to companies that you want to have as a trusted partners
Remember, it’s OK to challenge – on both sides
If you’re the sender of the questionnaire, you’re certainly challenging the potential supplier, but if you’ve received one yourself and have questions, there’s absolutely nothing wrong with doing the same.
So, pick up the phone and ask the sender exactly what it is they want to know – and why.
If you’re the sender, take some time to listen to (or read) the question and respond honestly. If a supplier takes time to get back to you, that’s a good thing – they clearly want to work with your business.
We once helped a client fill out a huge questionnaire. It took us two days and we sent the completed questionnaire back with lots of attachments. Thirty minutes later, we received the ‘thumbs-up’ that it was all ok. Really? Should we have sent our cycling proficiency certificate in to test if anyone would read it?
What to ask
So, what does a good supplier questionnaire look like?
Here’s some quick-fire tips to get you started:
- Ask open questions; you want the respondent to describe what they do in a way that feels comfortable to them. Review the questions you ask on a regular basis to ensure that they are still relevant
- Ask if they have achieved any standards – i.e. has anyone else checked them out for the quality of their products and services?
- Ask if any standards they have cover all the organisation. There’s little point in them having a certification for a part of the business you won’t be using.
- Make sure any standards they have are current. For instance, ISO9001:2008 was withdrawn last year so don’t ask if the company complies with it!
- Ask if they have a business continuity plan; if a fire breaks out in their server room, how can you be sure that won’t impact your business?
- Remember to resend to current suppliers. They may have been great at what they did when you first engaged them 10 years ago, but can they still meet your more stringent requirements ?
- Ask if you can go and audit their business to have a look for yourself. If they so “no” to this – ask why! Under the GDPR, any data controller (that’ll be you) has a legal right to audit any data processors (that’s them).
Still need help?
We’ve helped countless businesses to construct and respond to supplier questionnaires. Get in touch with our friendly team today if you need help with your supply chain questionnaires.
