Reading time: 10 minutes

Written by Manoëlle Dousson

How to properly define the list of your strategic suppliers?

In most companies, supplier risk management often begins with a reassuring statement:

“We know our strategic suppliers.”

However, when it comes to asking on what basis this list was constructed, the answers quickly become vague: purchase volume, business intuition, length of the relationship, operational importance, geographical sensitivity...

In other words: many companies have an empirical list, but rarely an objectified and formalized method.

However, this distinction is far from anecdotal. For misidentifying one's strategic suppliers amounts to:

• underestimate its operational vulnerabilities,
• misdirect its CSR audits,
• weaken its control efforts,
• and overlook the growing expectations of non-financial benchmarks.

In a context of increasing supply chain crises, heightened regulatory scrutiny, and demands for transparency in the value chain, the question is no longer whether to segment suppliers, but how to do it intelligently.

C’est d’ailleurs un point structurant dans le référentiel du label Positive Company®, qui attend dès la première étoile une formalisation claire de la démarche RSE, puis à la troisième étoile une capacité démontrée à auditer sa chaîne de valeur et à objectiver ses priorités fournisseurs.

So, how do you build a truly useful, relevant, and defensible list of strategic suppliers?

1. From a supplier database to a strategic list.

In many organizations, the prioritization process looks like this: the purchasing teams are gathered, and they are asked, "Who are our critical suppliers?" A list comes up in a few minutes. A few big names, the most well-known suppliers, the most visible volumes.

This list seems logical.However, it is almost always incomplete — and sometimes misleading.. Because it relies on the memory and perception of the teams, not on a systematic analysis. It overweights large volumes, historical relationships, and suppliers that are well-known. 

Yet a small supplier can be infinitely more critical than a large one:

• because it holds aunique expertise,,
• because it operates on anessential link,,
• because it isdifficult to substitute,,
• or because it operates in asensitive geopolitical area..

In other words, we do not only measure what it costs. We mainly measurewhat it would cause us to lose if it were to be missing..

2. Not all suppliers are selected according to the same logic: industry vs service company.

2.1 In industry: the logic of production continuity dominates.

For an industrial company, strategic suppliers are generally linked to:

• critical raw materials,
• technical components,
• production subcontractors,
• structuring logistics providers.

The main risk here is:

the stoppage or disruption of the manufacturing chain.

Criticality is then measured by:

• technical substitutability,
• supply lead times,
• dependence on a technology,
• production location,
• the economic weight of the relationship.

A standard fastener supplier will not have the same strategic level as a unique certified electronic board supplier.

2.2 In a service company: the logic of reputational impact and functional dependence dominates.

In tertiary companies, the nature of the risk changes.

Strategic suppliers are more likely to be:

• IT service providers,
• data hosts,
• temporary staffing agencies,
• structuring consultants,
• customer relationship partners,
• HR or payroll service providers.

Here, the risk is not the stoppage of a production line, but:

• service disruption,
• data loss,
• regulatory non-compliance,
• or damage to the quality perceived by the end customer.

An accounting firm or a cloud host may represent less expense than a real estate landlord, but be infinitely more strategic.

3. The three essential criteria to objectify the list of strategic suppliers

3.1 The supplier's industry: where does the business criticality lie?

Not all purchases carry the same level of risk.

Suppliers should be classified according to their contribution to:

• core business production,
• vital support functions,
• regulatory compliance,
• operational security,
• brand image.

A good practice is to build a simple scale:

• High criticality: essential supplier for daily operations,
• Medium criticality: useful supplier but replaceable in the short term,
• Low criticality: comfort or non-vital support supplier.

This initial reading helps avoid a classic pitfall: equating a cleaning service provider with an ERP host.

3.2 The geographical sector: where external vulnerabilities are concentrated

Since 2020 and the recent wars, geography is no longer just a logistical subject.

It has become a major risk factor:

• political instability,
• customs tensions,
• transport inflation,
• climate disasters,
• differentiated social requirements,
• risks of corruption or human rights violations.

Two equivalent suppliers can therefore present radically different levels of control depending on whether they are located:

• in France,
• in the European Union,
• in offshore zones,
• or in countries with high regulatory volatility.

The geographical dimension must be analyzed from two angles:

• Risk of supply continuity: transport time, port dependence, customs uncertainties.
• CSR and reputational risk: working conditions, environmental standards, traceability, business ethics.

It is precisely this value chain audit logic that becomes structuring in modern CSR frameworks.

3.3 The associated revenue volume: where economic dependence lies

Here, we need to measure:

• the annual amount purchased,
• the share in the overall purchasing budget,
• the concentration of spending on a small number of players.

A company will often find that it spends 70 to 80% of its expenses on less than 20% of its suppliers. This is the famous Pareto principle applied to purchasing.

But be careful:

following Pareto alone leads to only considering large volumes,

while some small suppliers carry major systemic risks.

This is where a finer arbitration logic comes into play.

4. Between Pareto and Nash equilibrium: finding the right compromise in segmentation

If we only apply Pareto:

we select the suppliers that weigh the most economically.

It’s rational… but incomplete.

• If we only apply business criticality, we get a list that is sometimes too broad and difficult to manage.
• If we only apply geographical or CSR risk, we lose sight of the business reality.

The right supplier mapping therefore consists of seeking anoptimal balance point between several conflicting interests.

In game theory, this is similar to aNash equilibrium :

No variable can be maximized alone without degrading the overall relevance of the decision.

In other words, a supplier becomes truly strategic when it accumulates several tensions:

• strong economic dependence,
• high business criticality,
• high geographical or reputational risk,
• difficulty of substitution.

It is this intersection that allows us to move from a simple purchasing list to arisk management mapping.

5. Why Positive Company is demanding on this subject

Positive Company delivers a demanding CSR label, particularly through its progressive rating. 

5.1 First star ⭐

Obtaining the first star⭐ requires having formalized your CSR approach. A CSR approach cannot be merely declarative; it must be structured, documented, and demonstrable. Among the elements analyzed during the documentary audit is the company's ability to:

✔ have a stakeholder and supplier management policy;

✔ identify suppliers considered sensitive or priority;

✔ formalize selection and monitoring criteria;

✔ demonstrate that this segmentation is not based solely on intuition.

5.2 Third Star ⭐⭐⭐

From the third star onward, the level of requirement changes profoundly. The company is no longer just evaluated on the existence of a policy or an internal mapping; it must demonstrate its ability to:

✔ audit the most critical players in its value chain;

✔ integrate CSR criteria into supplier monitoring;

✔ prioritize controls based on identified risks;

✔ engage in a continuous improvement dialogue with its partners.

In short:

Positive Company® no longer expects the company to only know who its strategic suppliers are; it expects the company to be able to justify why they should be prioritized for evaluation.

This implies a much more mature segmentation that intersects the indicators we have seen previously as well as indicators specific to the company and its strategic choices.

This logic directly addresses the maturity level of "having audited its value chain in CSR," which is one of the markers of excellence in the 3-star Positive Company® journey.

5.3 Feedback

The most common error observed in audits is double:

• it is a list that is too narrow, built solely on the amount of purchases;
• it is a list too large, impossible to manage concretely.

In both cases, the risk management policy loses effectiveness. At Positive Company®, we generally recommend:

• a comprehensive first segmentation of the entire supplier panel,
• then an extraction of a core of truly strategic suppliers representing the main points of vulnerability.

This population must then be subject to: enhanced monitoring, an annual review, and a priority CSR evaluation plan.

Conclusion

Defining your strategic suppliers is neither a declarative exercise nor a simple accounting sorting.

It is astructured arbitrationbetween:

• your business sector,
• your geographic dependency areas,
• your financial exposure,
• and your CSR challenges.

This work today forms the basis of a credible supplier risk management policy, but also aclear marker of maturityin any demanding CSR labeling approach.

Because in terms of the value chain, a responsible company is not one that monitors everyone. It is one that knows preciselywhom to monitor, why, and with what level of requirement.

Sources:

• Comprendre la théorie des jeux de John Nash en économie et stratégie
  Lien vers l'article
• Pareto Law: How to Optimize Your Purchases
• Lien vers l'article
• How to successfully evaluate your strategic suppliers?
• Link to the article