Somewhere in your company, right now, there's a spreadsheet called "Approved_Vendors_FINAL_v3.xlsx" sitting on someone's desktop. About 340 rows. Roughly 80 of those suppliers haven't shipped you anything in two years. A dozen have quietly changed ownership. Three went bankrupt. And the person who maintained the file retired in January.

That spreadsheet is your AVL. Your supplier onboarding process is whatever she had in her head, plus a 47-page Word doc buried in a SharePoint folder that nobody's opened since the Obama administration.

In almost every manufacturer conversation we have, the AVL comes up with a sigh somewhere around minute 20. Everyone knows it's a mess. Nobody has the bandwidth to fix it. Then a tariff shifts, or a sole source flunks an FAI, or an auditor asks for supplier qualification records, and suddenly the spreadsheet isn't inconvenient anymore. It's a liability.

What Does Supplier Onboarding Actually Look Like at a Manufacturer?

Ask ten procurement teams how they onboard a new direct materials supplier and you'll get ten different answers. The shape is always the same though. A pile of documents, a long thread of back-and-forth emails, and a timeline that makes everyone uncomfortable.

A typical onboarding for a new direct materials supplier looks roughly like this.

The qualification questionnaire goes out first. Company info, manufacturing capabilities, capacity, lead times, quality certifications, references. Some teams use a Google Form. Some use a Word doc that gets emailed back and forth four times. One quality manager we spoke with still faxes theirs. In 2026.

Paperwork follows. W-9 or W-8BEN. Certificate of insurance (check the limits, and confirm your company's listed as additionally insured before you accept it). Banking info for payment setup. NDA if you're sharing drawings or specs.

Quality certifications are the part that gets industry-specific and messy. ISO 9001 is baseline for most manufacturers. Aerospace needs AS9100 and possibly ITAR compliance (if you're dealing with ITAR, you already know the headaches). Automotive means IATF 16949, and your customer almost certainly wants PPAP documentation before they'll accept parts from a new source. Medical devices bring FDA 21 CFR Part 820 into the picture. Each one has its own audit requirements, documentation standards, and timeline.

Then payment terms. Net 30? Net 60? Do they want a credit application? Some suppliers won't extend terms to a new customer without a credit check, which buys another week.

You're still not done. Most manufacturers require a first article inspection or PPAP submission before production parts ship on direct materials. The supplier makes a sample run, you measure it against your drawing, you document any deviations. If it fails, they fix it and resubmit. That alone can take weeks.

End to end, from "we want to use this supplier" to "they're approved and we can issue a PO," typically runs two to six months for a new direct materials supplier. We've heard longer. Rarely shorter.

What Happens When You Need a New Supplier Fast?

Two to six months is workable when you're planning ahead. It's a disaster when you aren't.

And you won't be. The situations that force you to qualify a new supplier are almost never the ones on your roadmap.

Your sole source gets hit with a quality escape and you need to pull parts from a different shop while they sort it out. A tariff change makes your Chinese supplier 25% more expensive overnight and you need a domestic alternative yesterday. Your supplier gets acquired and the new ownership jacks up pricing or changes terms. A hurricane knocks out your supplier's plant in Houston and you need castings from somewhere else by next Tuesday.

In every one of those scenarios, the two-to-six-month process is useless. So what actually happens? Someone calls in a favor. The buyer pulls in a shop they've used before, somebody not technically on the AVL but "we'll get the paperwork done later." Parts ship without a first article. The COI never gets checked. The W-9 trickles in three months after the first invoice clears.

Everyone knows this is how it works. Nobody writes it down. And the AVL stays fiction.

The Compliance Problem Nobody Wants to Talk About

This is the part where it stops being an operational annoyance and becomes something you have to explain to a regulator.

If you're in aerospace and you can't produce AS9100 records for a supplier who made flight-critical parts, that isn't a process gap. That's a finding. If you're in medical devices and an FDA inspector asks for supplier qualification records during a 21 CFR 820 audit, "Jamie had it on their laptop" doesn't fly.

Even outside regulated industries, customers audit their supply chains. Tier 1 automotive suppliers get audited by OEMs regularly. If Toyota or GM asks to see your approved vendor list and your supplier qualification records, they expect actual documentation. Completed questionnaires. Current certs. Evidence that you verified capabilities before sending that first PO.

Most manufacturers can't produce this. Not because they didn't do the work, but because the work lives in email threads, filing cabinets, and one person's institutional knowledge. The onboarding happened. The documentation is just scattered across six inboxes and a shared drive nobody can find.

Quality managers tell us they'll burn an entire week before an audit just rebuilding supplier qualification files from email attachments. Outlook search for "certificate." Outlook search for "insurance." Outlook search for the supplier's name and a year. Hoping the right version of the ISO cert is still in somebody's sent folder. That's your audit prep. A scavenger hunt with the FDA in the lobby.

Why Supplier Portals Make This Worse

You'd think supplier portals would solve this. The pitch from Coupa, SAP Ariba, and JAGGAER is exactly what you'd want: give every supplier a login, make them upload their own documents, get a clean centralized record.

In practice, supplier portal fatigue is killing adoption.

Your average machine shop or small manufacturer is getting asked to register on a different portal by every customer they work with. Coupa wants a profile. Ariba wants a profile. JAGGAER wants a profile. Each one has its own registration flow, its own document requirements, its own interface that the supplier has to learn. Coupa's supplier portal alone has a 15-step onboarding process that most small shops abandon halfway through.

A survey from Ivalua found that 75% of suppliers consider portal technology a barrier to collaboration. That number should be embarrassing for every procurement tech vendor charging six figures for portal software. Suppliers aren't lazy. They're swamped. They've got a dozen customers asking them to upload the same ISO cert to a dozen different systems, and they're trying to actually run a business in between login resets.

So what happens? Your big suppliers, the ones doing enough volume to justify the hassle, register. Sometimes. Your smaller suppliers, the ones cutting your custom parts, the ones you can't replace on short notice, don't. They go right back to email.

You end up with a portal that covers maybe 20% of your supply base and email for the other 80%. Two systems, neither complete.

The Person Problem

Procurement tech vendors rarely talk about this part: the person who runs your AVL is a single point of failure.

At most manufacturers, supplier onboarding and AVL maintenance is somebody's "other duty as assigned." It's the senior buyer who's been there 18 years and knows every supplier on a first-name basis. Or the SQE who built the qualification process from scratch and keeps the tracker in a personal spreadsheet on a local drive. Or the procurement coordinator who knows which suppliers need a polite nudge versus which ones reply within ten minutes.

When that person takes a week off, onboarding stops. When they quit, the institutional knowledge walks out with them. The new hire has nothing to pick up. The "process" was that one person's working memory.

One electronics manufacturer told us their SQE left and six months of in-flight qualifications went dark overnight. Nobody knew which suppliers had submitted which sections, which questionnaires were still outstanding, which insurance certs had expired. The replacement started most of them over. Six months of work, gone.

This isn't a technology problem in the traditional sense. It's a documentation problem and a process problem that technology can fix. But only if the technology doesn't require suppliers to change how they work.

What Actually Fixes Supplier Onboarding?

The answer isn't another portal. It isn't a fancier spreadsheet either.

The teams that actually have onboarding under control share one pattern: the process meets suppliers where they already are (email), but the system of record doesn't live in any single person's inbox or head.

In practice, it looks like this.

Documents still come in over email, because that's how suppliers send things. But instead of an ISO cert living in one buyer's inbox forever, it gets extracted, cataloged, and filed automatically. The ISO 9001 cert that Supplier X emailed on March 3rd lands against that supplier's record with the expiry date already parsed off the PDF. No manual entry. No "I'll file that later" sticky note that never happens. When the cert is 60 days from lapsing, somebody gets a notification. At 30 days, the supplier gets a follow-up email asking for the renewal. An actual email, not a portal notification they'll ignore.

Qualification questionnaires work the same way. Out by email, back by email, responses structured automatically so you can compare suppliers without transcribing 15 different reply formats into a spreadsheet.

First article reports, PPAP submissions, test data, all of it linked back to the supplier's record no matter which buyer's inbox it landed in. When the auditor shows up and asks for Supplier X's qualification file, you click once. Nobody has to organize a search party through six people's Outlook archives.

The thing that actually matters is what happens when someone leaves. The next person walks in and has everything. Every document, every communication, every qualification step. Not because the previous person kept meticulous notes (they didn't), but because the system captured it whether they wrote anything down or not.

Regulated Industries Make All of This Worse

If everything above already sounds painful, try doing it in aerospace.

AS9100 calls for specific supplier evaluation criteria, ongoing monitoring, and documented evidence of qualification. ITAR adds another layer entirely if you're dealing with controlled items. Your supplier's ITAR registration has to be current, verified, before you share so much as a drawing. Getting this wrong isn't a process miss. It's a federal compliance violation. One aerospace quality manager we talked to keeps a physical three-ring binder of ITAR verification records because she doesn't trust the digital filing system her predecessor set up in 2019. She's not wrong to do it. She also shouldn't have to.

Automotive and medical devices have their own version of this. PPAP wants control plans, process flow diagrams, MSA, dimensional results, all of it before a supplier's parts go into production. IATF 16949 stacks supplier quality management system requirements on top of that. Your OEM customers will audit your supplier qualification process during their own audits. "We're working on it" doesn't go over well with Toyota.

FDA 21 CFR Part 820 is probably the most documentation-heavy of the bunch. They don't just ask whether you qualified your suppliers. They want to see how, and they want the receipts.

These frameworks aren't unnecessary. Nobody serious argues that. But manual processes buckle once you're managing more than a handful of qualified suppliers in any of these spaces.

How Do You Measure Whether Your AVL Is Actually Working?

Try this. Without calling anyone or opening a shared drive, answer five questions about your own supply base.

How many suppliers on your AVL are actually active? (Meaning they've shipped you something in the last 12 months. Not three years ago at a different ownership.) How many have current insurance certs on file right now? When did anyone last review the full list for accuracy?

The harder ones. If your top CNC machining supplier went under tomorrow, how many days until you have an approved alternative shipping parts? Can you produce a complete qualification file for any supplier on the list inside of 15 minutes?

Most teams can't answer the first three without a few phone calls. If you nailed all five from your chair, you're ahead of almost everyone we've talked to. If you didn't, your AVL isn't a management tool. It's a historical artifact.

Where AI Actually Helps (and Where It Doesn't)

AI won't fix a broken onboarding process. If the qualification criteria are wrong to begin with, automating them just gets you to the wrong answer faster, with better formatting.

There are specific, boring, repetitive parts of supplier onboarding where it does change the math though.

Start with document extraction. A supplier emails a PDF of their ISO 9001 certificate. AI reads it, pulls the cert number, the scope, the issuing body, the expiry date, and files it against that supplier's record. Same for insurance certs, W-9s, PPAP documents. The hours procurement teams spend retyping fields from PDFs into ERPs and spreadsheets is genuinely depressing once you add it up. One coordinator we talked to logs roughly six hours a week on supplier document entry alone. That's almost a full workday, every week, retyping things a machine could read.

Cert expiry monitoring is the lowest-hanging fruit on this list, and somehow nobody picks it. Pull the expiry date off the cert, set a reminder, send a follow-up when it's getting close. That's the whole thing. And yet teams keep getting blindsided during audits by certs that lapsed eight months ago, because the person who maintained the calendar reminder is long gone.

Automated follow-up on missing fields is where it gets actually interesting. You sent a qualification questionnaire to a new supplier. They came back with 8 of 12 sections completed. The AI sees the four gaps and sends a specific follow-up: "We're still missing your environmental compliance section and your conflict minerals disclosure. Can you send those over?" Not a generic "please complete your registration" that gets ignored for two weeks. A targeted request for exactly what's missing.

Quote comparison across suppliers is another one. You're evaluating three new shops and each sends pricing in a completely different shape. One's a PDF table. One's an Excel file with merged cells. One's line items pasted into the body of an email with a "let me know if you have any questions." Normalizing that into apples-to-apples manually takes hours. AI does it in seconds.

Where AI doesn't help: judgment calls about supplier capability. Can that 50-person shop in Ohio actually handle your volume when they're already running 80% utilization? Is their quality system real, or is it a certificate on the wall and a binder nobody's opened? You still need a person who's walked the floor. That part isn't getting automated anytime soon, and honestly, it shouldn't.

Stop Treating Your AVL Like a Filing Cabinet

Most manufacturers treat the approved vendor list like a filing cabinet. Suppliers go in. They almost never come out. The list grows. It doesn't get maintained. A shop that hasn't quoted in three years sits on the same row as a shop you depend on for weekly production, and nothing on the page tells you which is which.

A real AVL is a living tool. Suppliers get added through a documented process. They get reviewed on a cadence with actual performance data from PO tracking and delivery history. They get flagged when certs are about to expire. They get removed when they stop performing or stop returning emails. The list reflects reality, not the version of reality from two acquisitions ago.

That's the gap. Most teams treat supplier onboarding like a one-time event. Check the boxes, get them on the list, move on. The suppliers on your list today aren't the same companies they were when you approved them two years ago. Ownership changes. Quality slips. Certifications lapse. People leave.

Your AVL is either a tool you use to make sourcing decisions or a document you produce when somebody asks for it. For most manufacturers right now, it's the second one. The gap between "list" and "tool" is where the risk actually lives.

If your supplier communication runs through email and your onboarding docs are scattered across inboxes, Lumari catches the qualification PDFs as they hit the inbox, files them against the right supplier with expiry dates pulled from the cert itself, and chases the renewals before they lapse. Your AVL ends up reflecting the supply base you actually have, not the one Jamie had in their head before they left.