Differentiate between Critical and High risk vendors


Quite Involved in Discussions
We have a vendor management procedure to distinguish between High, Medium, and Low Risk.

There is an ask to identify "Critical" vendors (CMO, Sterilization service provider) and having difficulty to differentiate between High and Critical vendors.

Any guidance is highly appreciated!

Thank you!


Trusted Information Resource
High risk to me would mean things like financial strength, availability of competitors, how their business is concentrated, etc. In other words, what is the risk that this supplier will be able to continue to supply me.

Critical, would mean they are really, really, really, important.

One could be critical and low risk -- for example a supplier who is essentially a captive supplier to the customer. He's a very important supplier but low risk in that the customer essentially controls the future.


Forum Moderator
Another way to look at it is:
  • Critical is an indispensable or vital supplier (e.g., sole source)
  • Risk is the probability of a consequence occurring (e.g., a supplier on the verge of bankruptcy, supplier is obsoleting the component, etc.)


Super Moderator
@Sidney Vianna provides the definition from the NBOG in this post. In practice, this includes contract manufacturers and (product) software development firms as well as the ones mentioned in the OP.

So, yes, "really, really, really important." :) But certainly use the definition posted for making your determinations.
Top Bottom