Supplier Management (Lieferantenmanagement)
Supplier management (Lieferantenmanagement, SRM — Supplier Relationship Management) covers the full lifecycle of supplier relationships: identification and qualification, contract management, performance monitoring, risk assessment, payment and collaboration. For DACH ERP-bearing organisations, supplier management has grown in importance dramatically since 2020 driven by supply-chain disruptions, LkSG due-diligence obligations, CSRD reporting and increasing supplier-cyberattack risk.
Core supplier-management capabilities
- Supplier identification and onboarding — structured qualification process with required documentation, certifications, due-diligence checks
- Supplier master data — categorised information including financial, operational, ESG, cybersecurity and compliance attributes
- Contract management — framework agreements, statement-of-work documents, renewal tracking, breach monitoring
- Performance monitoring — delivery reliability, quality, lead-time, cost-trend, compliance scorecards
- Risk assessment — financial-stability monitoring, supply-disruption risk, human-rights and environmental risk under LkSG, cyber-risk
- Supplier portals — collaboration for PO acknowledgement, ASN submission, invoice submission, document exchange
- Audit and certification tracking — ISO 9001, IATF 16949, ISO 14001, OEKO-TEX and other industry-specific certifications with expiry monitoring
ERP versus dedicated SRM
ERP-native supplier-management covers core functionality (supplier master, basic performance tracking). Dedicated SRM platforms layer specialist capabilities on top. Enterprise S2P (Source-to-Pay): SAP Ariba, Coupa, Ivalua, JAGGAER, GEP — full-spectrum platforms covering sourcing, contracts, supplier onboarding, purchasing, AP automation. Specialist supplier-risk: IntegrityNext, EcoVadis, Sphera Supply Chain Risk Management, Achilles, riskmethods, Resilinc. Industry-specific: Riskonnect for compliance, Prewave for supply-chain visibility, Sustainalytics, MSCI ESG for environmental scoring. Sustainability and LkSG-focused: IntegrityNext, OneTrust Vendorpedia, OneTrust Third-Party Risk. For DACH mid-market, the typical stack is ERP-native supplier management plus IntegrityNext or EcoVadis for LkSG/CSRD due-diligence; large enterprises add full S2P platforms.
LkSG and CSDDD impact
The German Supply Chain Due Diligence Act (LkSG) and EU CSDDD have transformed supplier management for DACH operations. Required activities. (1) Risk analysis: annual systematic assessment of human-rights and environmental risks per supplier, by country, sector and product category. (2) Preventive measures: supplier contracts including risk-mitigation clauses; supplier code of conduct; awareness training. (3) Remedy mechanisms: complaint channels accessible to affected parties. (4) Documentation: comprehensive records supporting annual reporting to BAFA (Germany) or competent authorities (CSDDD). The operational burden is substantial; specialist platforms have proliferated to handle the supplier-questionnaire collection, scoring and monitoring at the scale needed. Most affected DACH companies operate IntegrityNext, EcoVadis or Achilles alongside ERP supplier master data.
Practical guidance
Three patterns. (1) Tiered supplier management: not every supplier deserves the same depth of oversight. Strategic suppliers (5-10% of supplier count, 60-80% of spend) receive intensive relationship management. Operational suppliers receive standard performance monitoring. Tail suppliers (70-80% of count, 10-20% of spend) receive minimum-viable oversight. (2) Master-data discipline: supplier-data quality compounds. Bad data at onboarding propagates into late payments, mis-categorised spend, missed renewal notices and weak risk assessment. Disciplined supplier-onboarding workflows with mandatory data-quality checks pay back substantially. (3) Integration with the procurement process: supplier management is not a separate function from procurement; it is the relationship layer around it. Tight integration between supplier-management data and procurement decisions (sourcing, contracting, purchasing) produces measurable cost and risk benefits.
Related Topics
Frequently Asked Questions
Do mid-market companies need a separate SRM platform?
For LkSG-scope organisations (1,000+ employees in Germany) or those serving large customers with supplier-due-diligence requirements: yes. Specialist platforms (IntegrityNext, EcoVadis) handle the compliance complexity. Below those thresholds, ERP-native supplier-management with structured spreadsheets often suffices, evolving toward specialist tools as compliance pressure grows.
EcoVadis or IntegrityNext for DACH?
EcoVadis: scorecard-based sustainability assessments, broader scope including E and S and G dimensions, strong customer-side adoption. IntegrityNext: structured supplier-questionnaire platform with strong LkSG-focused functionality, popular in DACH mid-market. Many organisations use both for different supplier categories or compliance needs.
How does supplier cyber-risk fit into supplier management?
Increasingly central. NIS-2 obligations include supply-chain cybersecurity; ICT supplier breaches affect customers (the SolarWinds, Log4j, MOVEit incidents demonstrated the risk). Supplier-cyber-risk monitoring (BitSight, SecurityScorecard, Black Kite) integrates with supplier-management data, often via dedicated TPRM (Third-Party Risk Management) platforms (OneTrust, Prevalent, ProcessUnity).