Ensure every supplier relationship begins on solid, compliant ground with our comprehensive Supplier Evaluation Form — a professionally structured template designed for medical device manufacturers and quality-driven organisations that need a rigorous, consistent, and audit-ready process for formally evaluating suppliers before approval and at each subsequent re-evaluation interval.

This Supplier Evaluation Form has been developed to satisfy the supplier evaluation requirements of three internationally recognised standards simultaneously: ISO 13485 for medical device quality management, ISO 9001 for general quality management systems, and ISO 27001 for information security management. Where a Supplier Risk Assessment identifies and scores the risks a supplier introduces, this form goes further — providing the structured framework through which those risks are formally evaluated, evidence is gathered, and an approval decision is reached and documented. Together, they form the backbone of a defensible, multi-standard supplier qualification process.

The form guides your team through a thorough evaluation of each supplier across the key dimensions that regulators and certification bodies expect to see assessed. Quality system capability is examined to establish whether the supplier operates a documented quality management system, holds relevant certifications, and can demonstrate consistent delivery of conforming products and services. Regulatory compliance is reviewed to confirm the supplier understands and meets the requirements applicable to the products or services they provide, including the ability to support your organisation's obligations under applicable medical device regulations.

Operational and delivery performance criteria are included to assess the supplier's reliability, capacity, and ability to meet agreed specifications, lead times, and quality standards under real-world conditions. For suppliers who handle sensitive data, operate connected systems, or have access to your organisation's proprietary information or infrastructure, the form incorporates information security evaluation criteria aligned with ISO 27001 — covering data handling practices, access control measures, security certifications, and incident management capability. This makes the form equally effective for evaluating traditional product and component suppliers as it is for assessing software vendors, cloud service providers, and other digital supply chain partners.

Scoring and weighting are built into the form's structure, enabling your team to reach an objective, evidence-based evaluation outcome that can be clearly communicated, documented, and defended. The form captures supporting evidence references, evaluator details, and the resulting approval decision — whether that is full approval, conditional approval pending corrective action, or rejection — along with the rationale behind that decision. This level of documented rigour is precisely what auditors and certification bodies look for when assessing the effectiveness of your supplier control process.

The form is designed to support the full supplier evaluation lifecycle, functioning equally well for initial qualification of new suppliers and for periodic re-evaluation of existing ones. Used alongside your Supplier Risk Assessment Form and Supplier Inventory Log, it completes a fully integrated, multi-standard supplier management framework that gives your organisation end-to-end visibility and control over its supply chain.

Fully customisable to your supplier categories, evaluation criteria, organisational structure, and internal processes, this template is suitable for organisations of all sizes operating in regulated industries. Whether you are establishing a new supplier qualification process, strengthening an existing one ahead of an audit, or aligning your supplier management practices across multiple ISO standards, this form provides the structured, consistent foundation your team needs to evaluate suppliers with confidence.