Read summarized version with
Ask ten procurement teams how they onboard a new vendor and you’ll get ten different answers, and most of them will include the phrase “well, it depends who’s around that week.”
That’s the real problem with the vendor onboarding process. It isn’t that teams don’t know how to do it. It’s that the steps live in someone’s head, the tax form requirement is folklore, and the approval chain changes depending on which manager picks up Slack first. So a vendor that should take three days to onboard takes three weeks, finance bounces the first payment because the banking details came in on a sticky note, and nobody can explain why.
I’m Yuval, founder of Glitter AI. My tool turns a screen recording into a step-by-step guide, and that work has put me in a lot of rooms where procurement and finance ops teams describe this exact mess. So let me lay out the vendor onboarding process the way it actually runs, step by step. Then I’ll cover the part most guides skip: how to make it survive the person who currently runs it.
Teach your co-workers or customers how to get stuff done – in seconds.
What vendor onboarding actually is
Vendor onboarding is the set of steps that takes a chosen supplier from “we want to work with them” to “they’re set up in our systems, compliant, and we can legally pay them.” It sits inside the larger vendor management process, right after selection and before the first purchase order.
It’s worth being precise here, because people blur three things together:
- Vendor selection is deciding which vendor. Sourcing, evaluation, negotiation.
- Vendor onboarding is getting that chosen vendor operational. Documents, vetting, system records, approval.
- Procurement is the transaction itself. Onboarding is what makes that transaction possible without finance rejecting it.
Get onboarding right and the first purchase order and the first invoice flow through clean. Get it wrong and every downstream step inherits the problem.
Step 1: The vendor request and intake
Everything starts with a request. This is also where most processes are weakest. Someone in a department says “I need to work with this agency,” fires off an email to procurement, and the clock starts on a process that has no defined front door.
A good intake step does three things:
- Captures a structured request. Who is requesting, which vendor, what they’ll provide, estimated annual spend, and the business justification. A form beats an email every time, because an email lets the requester skip the fields you actually need.
- Checks for duplicates. Before you onboard “Acme Design LLC,” confirm you’re not already paying “Acme Design” under a slightly different name. Duplicate vendor records are how the same supplier ends up with two payment profiles and a fraud risk.
- Routes by spend and risk. A $500 one-off doesn’t need the same scrutiny as a $200K strategic supplier with access to customer data. Decide the tier here, because it determines how heavy the next steps are.
The output of step 1 is a clean, categorized request that everyone downstream can trust. If your intake is an inbox, that’s the first thing to fix.
Step 2: Due diligence and vetting
This is the step that protects you, and the step people most want to skip when they’re in a hurry.
Due diligence scales with the vendor tier you set in step 1. A low-risk, low-spend vendor might only need a quick sanity check. A critical supplier gets a real review. Third-party due diligence has become more consequential in recent years: the Verizon Data Breach Investigations Report shows incidents involving a third party now account for about 30% of all breaches, which is why security posture and insurance verification can no longer be treated as optional steps for higher-risk vendors.
- Legal and registration. Is the business a real, registered entity? Does the legal name match what they invoice under?
- Financial stability. For vendors you’ll depend on, are they likely to still be operating in a year? A supplier going under mid-contract is its own outage.
- Compliance and security. Insurance certificates, data processing agreements, security questionnaires, SOC 2 reports for anyone touching your systems or data. This is where a documented compliance SOP earns its keep, because “we checked” is not evidence and “here’s the completed questionnaire on file” is.
- Sanctions and watchlist screening. A basic screen against sanctions lists. Cheap to do, expensive to skip.
The point of due diligence isn’t to generate paperwork. It’s so that when something goes wrong in eighteen months, the answer to “did we vet them?” is a folder, not a shrug.
Teach your co-workers or customers how to get stuff done – in seconds.
Step 3: Tax and banking documents
Here’s where onboarding most often stalls, and it’s almost always avoidable.
Finance cannot pay a vendor they can’t legally and operationally pay. That means you collect, before approval, not after:
- Tax documentation. A W-9 for US vendors, W-8 series for foreign vendors, or the local equivalent. You need this to issue a 1099 and to stay compliant. Collecting it at payment time instead of onboarding time is how January becomes a scramble.
- Banking and remittance details. Account information for ACH or wire, the remittance email, and the currency. This is also the single highest-fraud-risk moment in the entire process.
That last point deserves a hard rule. Bank detail changes and new bank details are the favorite target of business email compromise. The control is simple and non-negotiable: verify banking details through an independent channel. Call the vendor back on a number you sourced yourself, not the one in the email requesting the change. Bake that callback into the documented process so it happens every time, not only when the person who knows about it is working.
Validate the documents before you move on. A W-9 with a mismatched legal name, or banking details that don’t match the entity, should bounce here, not three steps later when a payment fails.
Step 4: System setup and vendor record creation
Now the vendor becomes a real, usable record in your systems.
This step decides whether the next year runs smoothly or fights you at every turn, because everything downstream reads from this record:
- Create the vendor master record in your ERP or accounting system, with the validated legal name, tax ID, payment terms, and the banking profile from step 3.
- Set payment terms deliberately. Net 30, Net 45, early-payment discounts. Don’t let the default ride. Terms set here flow straight into how you pay your bills and your cash flow.
- Configure access if relevant. Vendor portal logins, system access for vendors who need it, the procurement contact on record.
- Link the documentation. The contract, the tax form, the due diligence file, the banking verification note. One record, everything attached, so the next person doesn’t have to reconstruct the history from email.
A clean vendor master record is the difference between a procurement function that scales and one where every transaction requires a person to remember context. This step is also where consistency matters most: the same fields, filled the same way, every time. That’s a documentation problem before it’s a software problem.
Step 5: Approval and activation
The final gate. The vendor is vetted, documented, and set up. Now someone with authority confirms it and turns them on.
A clean approval step has:
- A defined approver by tier. Low-risk vendors might be a single procurement sign-off. Strategic or high-risk vendors need finance, legal, and a budget owner. This is a real structured chain of sign-offs, not a forwarded email asking “ok to proceed?”
- A completeness check. Approval shouldn’t be possible until intake, due diligence, tax docs, banking verification, and the system record are all done. The approval gate enforces the process. If people can approve around missing steps, you don’t have a process, you have a suggestion.
- Activation and a clear signal. The vendor record flips to active, the requester is told they can raise a PO, and the vendor knows they’re cleared to start. An onboarding that finishes silently makes everyone ask “are we done yet?” for a week.
After this, the vendor flows into normal operations: purchase orders, invoices, performance reviews. Onboarding is finished, and ideally it finished in days, not weeks, because nobody had to stop and ask how it works.
Why this process keeps breaking, and the fix
Notice what every weak point above has in common. The intake that’s really an inbox. The due diligence that scales with whoever’s mood. The banking callback that only happens when the careful person is in. The system record filled differently by different people.
None of those are knowledge problems. Your team knows how to onboard a vendor. They’re documentation problems. A McKinsey survey of procurement leaders found that shifting from ad-hoc to structured procurement processes can make the function 25 to 40% more efficient - and vendor onboarding is one of the highest-friction areas where that efficiency gap shows up most visibly. The process runs on what’s in one or two people’s heads, so it bends to whoever is doing it that day, and it falls over the week they’re out.
The usual fix is to write an SOP. People do, and it doesn’t work, because a vendor onboarding SOP is mostly clicks. “Open the ERP, go to vendor master, create new, here are the eleven fields and what goes in each, here’s where the tax form attaches.” A wall of text describing software nobody reads, and it’s stale the moment the ERP UI changes.
This is the specific problem I built Glitter to solve. You onboard one vendor the right way while screen recording it. Glitter turns that recording into a step-by-step guide automatically, a screenshot of every screen with the written step beside it. The next person doesn’t read your process. They watch it and follow along on the exact screens they’ll use. When the ERP changes, you re-record in a few minutes rather than rewriting a document.
For the structure and discipline behind a process like this, the procurement SOP glossary entry is worth a read alongside the onboarding SOP basics. The broader procurement process guide puts vendor onboarding in context with sourcing and purchasing.
Teach your co-workers or customers how to get stuff done – in seconds.
Putting it together
The vendor onboarding process is five steps: intake the request, run due diligence, collect and verify tax and banking documents, set up the system record, and approve and activate. None of it is complicated. What makes it fragile is that it usually lives in one person’s head instead of in a guide anyone can follow.
Map the five steps for your team. Decide the tiers, define the approver chain, and write down the banking verification rule so it’s a control, not a habit. Then record it once, so the process that protects you doesn’t depend on who happens to be online that week.
Frequently Asked Questions
What is the vendor onboarding process?
Vendor onboarding is the set of steps that takes a chosen supplier from selected to operational: intake request, due diligence, tax and banking document collection, system record setup, and approval. It sits between vendor selection and the first purchase order in the broader vendor management process.
What are the steps in the vendor onboarding process?
The core steps are: 1) vendor request and intake, 2) due diligence and vetting, 3) tax and banking document collection and verification, 4) system setup and vendor master record creation, and 5) approval and activation. The depth of each step scales with the vendor's spend and risk tier.
What documents are needed to onboard a new vendor?
Typically a tax form (W-9 for US vendors, W-8 for foreign vendors, or the local equivalent), verified banking and remittance details, a signed contract or agreement, and any compliance documents like insurance certificates, data processing agreements, or security questionnaires for higher-risk vendors.
What is vendor due diligence?
Vendor due diligence is the vetting step that confirms a supplier is a legitimate, stable, compliant business before you set them up. It covers legal registration, financial stability, security and compliance posture, and sanctions screening, with the depth scaled to how critical the vendor is.
How long should vendor onboarding take?
A well-documented vendor onboarding process for a standard vendor should take a few days, not weeks. Most delays come from an unclear intake front door, due diligence that stalls, or tax and banking documents collected late instead of upfront.
Why is verifying vendor banking details so important?
New or changed banking details are the most common target of business email compromise fraud. The standard control is to verify banking information through an independent channel, such as calling the vendor on a number you sourced yourself, before activating the payment profile.
Who should approve a new vendor?
Approval should scale by tier. A low-risk, low-spend vendor may need only a single procurement sign-off, while a strategic or high-risk vendor should require finance, legal, and a budget owner. Approval should be blocked until intake, due diligence, documents, and the system record are all complete.
What is the difference between vendor onboarding and procurement?
Vendor onboarding makes a chosen supplier operational: vetted, documented, and set up to be paid. Procurement is the transaction itself, such as raising purchase orders and processing invoices. Onboarding is what makes clean procurement possible without payments being rejected.
What is a vendor master record?
A vendor master record is the entry in your ERP or accounting system that holds a vendor's validated legal name, tax ID, payment terms, banking profile, and linked documentation. A clean master record is what every downstream purchase order and invoice reads from.
How do you document the vendor onboarding process so it survives turnover?
Don't rely on a text SOP for a process that is mostly software clicks. Record the process being done once, screen and all, and turn that into a step-by-step visual guide with screenshots so the next person can follow the exact screens, and re-record quickly when systems change.
