Onboarding New Suppliers in Maintenance: A 30-Day Compliance Checklist

By Mark strong on July 7, 2026

onboarding-new-suppliers-in-maintenance-a-30-day-compliance-checklist

A new maintenance supplier who starts work before their insurance is verified, their ISO certs are filed, or their GDPR agreement is signed is not a time-saver — it's a liability sitting on your asset register. Most UK facilities teams know the checks that matter. What breaks down is the sequence and the paper trail. Start a free trial to see how Oxmaint turns a 30-day onboarding plan into a tracked workflow instead of a spreadsheet nobody updates.

30
Days from signed contract to first purchase order in a properly sequenced onboarding process
6
Compliance documents procurement teams must collect and verify before any work order is raised
4
Weekly stages that keep onboarding moving instead of stalling on a single missing certificate
1
Central onboarding portal is enough to stop the same expired certificate slipping through twice
Before You Start

Onboarding fails when it runs as one long checklist instead of four sequenced weeks. Legal and insurance checks come first — nothing else matters if the supplier isn't covered to be on site. Financial and quality checks follow. Portal setup and the first PO come last, once everything above is verified and filed.

The 3 Pillars of Supplier Compliance

Every document you chase during onboarding exists to protect one of three things. Knowing which pillar a check belongs to tells you how urgent it is and who should own it.

Pillar 1
Legal & Insurance
Public liability, employer's liability, RAMS. Non-negotiable before a supplier sets foot on site.
Pillar 2
Financial Health
Companies House status, credit checks, bank verification. Protects continuity of supply.
Pillar 3
Quality & Ethics
ISO certs, Modern Slavery statement, GDPR agreement. Protects your audit trail and reputation.

Your 30-Day Onboarding Checklist, Week by Week

01
Days 1–7: Legal and Insurance Verification
Nothing proceeds until this stage is signed off
Collect the PQQ response, public and employer's liability certificates, and a method statement (RAMS) for the work type. Verify insurance directly with the underwriter, not just the certificate — expired or lapsed cover is the single most common gap found after the fact.
Documents Needed
PQQ, PL and EL certificates, RAMS, right-to-work confirmation
Owner
Procurement, sign-off from Health & Safety
02
Days 8–15: Financial and Continuity Checks
Protects supply, not just today's invoice
Run a Companies House filing check and a third-party credit score. A supplier with overdue accounts or a dissolution notice is a continuity risk, not just a credit risk. Verify bank details through a callback to a number you already hold, never one supplied in an onboarding email — this is the single most exploited step in supplier fraud.
Documents Needed
Companies House status, credit report, verified bank mandate
Owner
Finance, verified jointly with Procurement
03
Days 16–23: Quality, Ethics and Data Compliance
The paperwork auditors ask for first
Collect ISO 9001, 14001 and 45001 certificates where relevant, a signed Modern Slavery Act statement, and a GDPR-compliant data processing agreement if the supplier will access your asset or tenant data. Check certificate expiry dates and set renewal reminders now — this is the paperwork that lapses quietly and gets found during an audit, not during onboarding.
Documents Needed
ISO certificates, Modern Slavery statement, signed DPA
Owner
Compliance, with legal review on the DPA
04
Days 24–30: Portal Setup and First Purchase Order
The step everyone rushes — don't
Create the vendor master record only once every document above is filed and dated. Load the supplier into the onboarding portal with expiry alerts set on every certificate. Issue the first purchase order as a small, low-risk job so any gap in the process surfaces before a critical work order depends on it.
Documents Needed
Vendor master record, portal login, signed first PO
Owner
Procurement, final sign-off from department head
Stop Chasing Expired Certificates by Email

Oxmaint stores every supplier document, expiry date, and sign-off against the vendor record and flags renewals before they lapse. .

Quick Reference: Compliance Documents at a Glance

Use this table to check which document maps to which risk and week. Sign up to Oxmaint to store each of these against the supplier record automatically.

Document Protects Against Onboarding Week
Public & employer's liability Uninsured injury or property damage on site Week 1
Companies House & credit check Supplier insolvency mid-contract Week 2
ISO 9001 / 14001 / 45001 Inconsistent quality, safety, or environmental practice Week 3
Modern Slavery Act statement Exploitative labour practice in the supply chain Week 3
GDPR data processing agreement Unlawful handling of asset or tenant data Week 3
Verified bank mandate Invoice fraud and payment redirection scams Week 2

Why Supplier Onboarding Stalls Halfway Through

Most onboarding files don't fail because someone skipped a step — they stall because no one could see which step was next.

Gap 01
Documents Sit in Separate Email Threads

The insurance certificate arrived in one inbox, the ISO cert in another, and the signed DPA is still with legal. No single view shows procurement what's missing, so the file waits until someone manually chases every thread again.

Gap 02
Expiry Dates Are Never Diarised

A supplier passed every check on day one. Eight months later their public liability cover lapsed and no one noticed until an incident happened on site — because the expiry date was filed, not tracked.

Gap 03
One Person Held All the Context

The procurement lead who ran the PQQ and remembered which suppliers had conditional approval left the company. The next hire started every file from zero, re-requesting documents that already existed.

Gap 04
The First PO Went Out Too Early

Under deadline pressure, a supplier was issued a work order before their DPA was signed. The gap was only caught during a data audit — by then the supplier had already accessed tenant records.

How Oxmaint Closes This Gap

Oxmaint holds every supplier document, sign-off, and expiry date against a single vendor record, with automatic renewal alerts and a status view that shows procurement exactly what's outstanding before a purchase order can be raised. Nothing gets issued to a supplier whose file isn't complete. Book a demo to see the vendor compliance workflow.

Frequently Asked Questions

Q Which suppliers legally need a Modern Slavery Act statement?
Businesses with turnover above £36 million must publish an annual statement under the UK Modern Slavery Act. Below that threshold there is no legal duty, but requesting a statement or policy from every maintenance supplier is standard best practice and increasingly expected by clients running their own supply chain audits.
Q Do all maintenance suppliers need a GDPR data processing agreement?
Only if the supplier will access, store, or process personal data as part of the job — for example a BMS contractor with tenant occupancy data, or a security systems vendor handling access logs. A supplier only fixing physical equipment with no data access typically doesn't need one, but confirm this during scoping rather than assuming.
Q What's the fastest way to verify an insurance certificate is genuine?
Call the broker or underwriter listed on the certificate directly using a number you source independently, not one printed on the document itself. Confirm the policy number, cover level, and expiry date match what was submitted. This single call catches the majority of forged or lapsed certificates before they enter your vendor file.
Q Can a CMMS actually shorten the 30-day onboarding window?
Yes, primarily by removing the delay caused by chasing status manually. A CMMS with a supplier portal gives every document a single home, flags what's outstanding in real time, and alerts owners before certificates expire — so the file moves forward continuously instead of stalling every time someone has to ask "where are we on this one?"

Turn Your Onboarding Checklist Into a Tracked Workflow

Oxmaint stores every supplier document, expiry date, and approval against the vendor record, so procurement always knows what's outstanding and nothing gets issued a purchase order until the file is complete. Vendor onboarding, compliance tracking, and renewal alerts live in one platform.

Vendor Onboarding Portal Compliance Document Tracking Certificate Expiry Alerts PQQ Management Vendor Master Records

Share This Story, Choose Your Platform!