Vendor Inspection SOP: RFQ to Final Dossier (Step-by-Step Process)

Vendor Inspection SOP — From RFQ to Final Dossier

A vendor inspection program fails for one of two reasons: it is too vague to control execution, or it is too heavy to be sustainable. A good SOP (standard operating procedure) sits in the middle: it defines who does what, when, using which evidence, and it makes release decisions defensible.

This SOP is an end-to-end process map from RFQ → PO → planning → shop execution → FAT → reporting → NCR/CAPA closure → final dossier release. It is designed to work for owner teams, EPCs, or third-party inspection setups.

If you want to understand how supplier oversight sits above inspection planning, start here:
What Is Supplier Quality Surveillance (SQS)?

And if you need inspection planning by phase and coverage level first, read:
Types of Vendor Inspection & Levels

• Vendor inspection should run as a controlled workflow: requirements → plan (ITP/QCP) → gates (hold/witness) → evidence → closure → release.
• The ITP/QCP is the operational backbone; without it, inspection becomes “opinions and emails.”
• Every release decision must be supported by acceptance-grade evidence (traceable, complete, consistent, closed).
• NCRs are not paperwork. They are the mechanism that protects acceptance and prevents repeat escapes.
• The final deliverable is a coherent final dossier (data book) that survives audits and claims.

For a structured training path covering ITPs, reporting, and dossier release, see:
Vendor Inspection & Quality Surveillance Training

 

Vendor Inspection SOP – Abbreviations & Full Forms (Quick Reference)

• SOP — Standard Operating Procedure
• RFQ — Request for Quotation
• PO — Purchase Order
• ITP — Inspection and Test Plan
• QCP — Quality Control Plan
• FAT — Factory Acceptance Test
• IR — Inspection Report
• NCR — Nonconformance Report
• CAPA — Corrective Action and Preventive Action
• QA/QC — Quality Assurance / Quality Control
• SQS — Supplier Quality Surveillance
• SQE — Supplier Quality Engineer
• TPI — Third-Party Inspection
• RACI — Responsible, Accountable, Consulted, Informed
• NDT — Non-Destructive Testing
• PMI — Positive Material Identification
• EPC — Engineering, Procurement, and Construction 

 

Scope (what this SOP covers)

This SOP covers:

• Supplier-Facing Inspections And Surveillance For Manufactured Equipment And Packages
• Planning And Execution Of Shop Visits, In-Process Checks, Fat, And Release Gates
• Evidence Discipline: Ir/Ncr, Close-Out, Dossier Assembly

It does not replace:

• Project specifications and contractual requirements
• Engineering design approvals
• Vendor manufacturing procedures (it governs how you verify them)

 

Roles and responsibilities (minimum viable RACI)

A vendor inspection SOP only works if authority is explicit.

Procurement / Contract owner

• Ensures inspection rights, evidence deliverables, and hold point authority are contractually enforceable
• Controls commercial leverage (release, payment milestones, penalties as applicable)

Engineering / Technical authority

• Defines acceptance requirements
• Approves deviations and concessions (as allowed by contract)

QA/QC / Vendor Inspector (owner or TPI)

• Verifies execution against requirements
• Records evidence (IR) and nonconformities (NCR)
• Enforces witness/hold points

Supplier Quality (SQS/SQE)

• Governs oversight model and escalation rules
• Drives NCR/CAPA closure discipline and effectiveness verification

If you need the boundary between audit and inspection, use:
Vendor Audit Vs Inspection | Differences & Use Cases

 

Step 1 — RFQ readiness (define inspection as an evidence requirement)

Inspection becomes expensive when requirements are unclear. At RFQ stage, ensure the contract package defines:

A) Standards and acceptance language

• Applicable codes/standards (edition date)
• Acceptance criteria references (tests, leakage classes, dimensional tolerances)

B) Documentation deliverables

• Certificates (e.g., EN 10204 level where applicable)
• NDT reports and procedure requirements
• Test records and parameter recording expectations
• As-built and release documentation

C) Inspection access and authority

• Access rights (shop visits, witnessing tests)
• Authority at hold points and release gates
• Escalation timelines and decision owners

If you need a baseline definition of vendor inspection requirements and evidence, use:
Vendor Inspection Explained — Roles, QA/QC & Standards

 

Step 2 — PO kickoff and alignment (prevent late disputes)

At kickoff, lock alignment on:

• Scope and tag list (what is actually included)
• Revision-controlled drawings and datasheets
• Vendor’s manufacturing plan and schedule
• Subcontractor scope and control approach
• Proposed ITP/QCP and witness/hold plan

The objective is to prevent the most common failure pattern: a vendor builds to their default practice while the client expects a different acceptance basis.

 

Step 3 — Build and approve the ITP/QCP (your operational backbone)

The ITP/QCP translates requirements into:

• Manufacturing steps and quality gates
• Responsibilities (vendor, client, third party)
• Witness/hold points
• Required evidence per step (records, photos, certificates, measurements)
• Acceptance references for tests and inspections

Use a structured builder approach here:
ITP & QCP in Vendor Inspection — 6-Step Builder + Templates

For a ready-to-use ITP layout that includes witness/hold logic, use:
Vendor Inspection ITP Template — Witness & Hold Points

 

Step 4 — Define inspection coverage level and triggers (risk-based control)

Assign an inspection level (light/standard/intensive) based on:

• Consequence of failure
• Complexity (welding, heat treatment, coating, precision machining)
• Supplier history and maturity
• Subcontracting exposure
• Schedule compression/logistics risk

Then define triggers that escalate coverage mid-stream:

• Repeated rework
• Failed tests or borderline results
• Certificate/traceability inconsistencies
• Uncontrolled changes to scope or procedures

A practical coverage framework is here:
Types of Vendor Inspection & Levels: Hold/Witness Points and When to Use Each

 

Step 5 — Pre-inspection / readiness verification (before “irreversible gates”)

Before manufacturing locks in risk, verify:

• Material traceability method (heat marking control)
• Calibration status for measuring and test equipment (when required)
• Readiness of critical procedures (welding/NDT/heat treatment/coating/testing)
• ITP/QCP is approved and controlled at the shop floor
• Subcontractor controls (if any) are in place

This step prevents late discovery and protects schedule.

 

Step 6 — Incoming material verification at the vendor (stop alloy and cert mix-ups)

Material issues are among the most expensive escapes. Verify:

• Received materials match certificates
• Heat numbers and markings are present and consistent
• Segregation controls prevent mixed lots
• Any specified verification (e.g., PMI) is executed and recorded

If you’re running SQS governance above inspection, this becomes one of the first high-value evidence gates.
What Is Supplier Quality Surveillance (SQS)?

 

Step 7 — In-process inspection at key gates (verify what can’t be fixed later)

In-process inspection should focus on steps that are expensive or impossible to correct later:

Common irreversible gates

• Machining of critical pressure parts
• Welding fit-up and root pass visibility (where applicable)
• Heat treatment cycles
• Coating surface prep before application
• Assembly cleanliness and configuration before testing

Your in-process inspection should capture objective evidence:

• Measured values (not “OK”)
• Procedure references and approvals
• Photos where helpful
• Hold point release records where applicable

 

Step 8 — Witnessing tests and FAT (turn tests into acceptance-grade evidence)

At FAT, inspectors should verify not only “pass/fail” but:

• Test procedure matches PO/spec and referenced standard
• Medium, pressure, duration, and stabilization time are correct
• Acceptance basis is explicit (class/criteria)
• Instruments are identified and calibrated as required
• Anomalies are handled under control (repeat tests, disposition)

FAT is also a document completeness gate:

• Certificates complete and consistent
• NDT reports complete and traceable
• ITP steps signed off with required evidence
• NCRs dispositioned and closure evidence available

 

Step 9 — Reporting discipline (IR, NCR, logs) and traceable close-out

A vendor inspection program becomes defensible through consistent reporting.

Inspection Report (IR)

An IR should include:

• PO/tag references
• ITP step reference
• What was verified (measured values, procedure references)
• Results and evidence attachments (photos, logs)
• Sign-off and date/time traceability

Nonconformance Report (NCR)

An NCR must include:

• Requirement reference (spec/standard/ITP step)
• Objective evidence
• Clear description of the nonconforming condition
• Containment action
• Disposition pathway (repair/rework/use-as-is with approval)
• Closure evidence and verification sign-off

For a structured reporting workflow and dossier packaging, use:
Vendor Inspection Reporting: IR, NCR & Final Dossier Guide

 

Step 10 — Dossier review and final release (the acceptance gate)

Release is not “FAT passed.” Release is: all acceptance requirements are supported by evidence.

A dossier gate typically verifies:

A) Identity and scope coherence

• Tags, quantities, PO references correct everywhere
• Revision-controlled drawings/datasheets included as required

B) Traceability coherence

• Certificates complete for required components
• Heat numbers match markings and records
• Any required verification results included

C) Test evidence coherence

• Test parameters complete
• Acceptance basis explicit
• Results consistent with acceptance criteria

D) NCR closure coherence

• No open NCRs unless formally waived
• Dispositions approved by authority
• Closure evidence included

E) Preservation and packing

• Packing protects acceptance-critical surfaces
• Shipping marks and documentation included

If you need the detailed dossier structure and expectations, use:
Vendor Inspection Reporting: IR, NCR & Final Dossier Guide

 

Step 11 — Post-delivery learning loop (prevent repeat escapes)

A strong SOP closes the improvement loop:

• Categorize NCRs by mechanism (materials, welding, testing, documentation)
• Review repeat patterns by supplier and scope
• Adjust inspection level and hold points for future POs
• Feed supplier performance management with evidence-based outcomes

If you want the governance layer that turns PO evidence into supplier improvement, read:
Supplier Quality Management (SQM) Basics: QMS vs SQS vs QA/QC

 

Common SOP failures (and how to prevent them)

Failure 1: No controlled ITP/QCP

Fix: make ITP approval a gate and enforce witness/hold authority.
ITP & QCP in Vendor Inspection — 6-Step Builder + Templates

Failure 2: “Pass FAT” treated as release

Fix: define dossier completeness as a release gate with clear owners.

Failure 3: NCR closure without verification

Fix: require evidence-based close-out and effectiveness checks for repeat issues.

Failure 4: Inspection authority unclear

Fix: publish a RACI and escalation timelines at kickoff.

 

Frequently asked questions

Is an SOP useful if we already have an ITP?

Yes. The ITP controls step-level execution; the SOP controls the end-to-end workflow: roles, escalation, reporting discipline, and release gates.

Can this SOP work with third-party inspection (TPI)?

Yes. The SOP is designed for owner or TPI models, as long as authority and reporting requirements are explicit.

What is the minimum viable SOP?

RFQ evidence requirements, approved ITP/QCP, risk-based inspection levels, consistent IR/NCR reporting, and a dossier release gate.

 

Training pathway

If you want a structured method that connects RFQ requirements, ITP/QCP, witness/hold points, reporting, NCR closure, and dossier release into one repeatable workflow, start here:
Vendor Inspection & Quality Surveillance Training