Vendor Onboarding Due-Diligence Intake
A self-serve intake that collects a new supplier's details and documents, auto-proposes an inherent risk tier from what they'll actually do for you, and routes the right level of review before anyone hits "approve."
New suppliers submit their intake and documents in one place, the tool proposes a risk tier and the matching diligence checklist, your risk owner reviews the full package and approves or declines, and approved vendors flow onto a clean exportable vendor master.
Before you start
- Free Vercel, Supabase, and Resend accounts (all have free tiers)
- Your current vendor intake fields and required-document list
- Your risk-tiering rules (spend bands, data access, business criticality)
- A sample of your existing approved-vendor master (a spreadsheet is fine)
The problem this kills
New-vendor onboarding is where most third-party risk quietly leaks in. The supplier emails a W-9, attaches an insurance certificate to a different thread, promises the data-handling addendum "next week," and someone in procurement stitches it together in a spreadsheet. Nobody agrees on how risky this vendor actually is, so a payment-processing partner with access to customer data gets the same five-minute review as a stationery supplier. Documents expire and no one notices. Banking details arrive by email - exactly how vendor-payment fraud happens.
The result is slow onboarding, inconsistent diligence, missing documents, and a vendor master that no one fully trusts.
What you'll build
A private web app where a new supplier (or your internal owner on their behalf) completes a structured intake and uploads the required documents. The tool reads what the vendor will do for you - the spend, whether they touch your data, how critical they are - and proposes an inherent risk tier plus the exact diligence checklist that tier demands. Your vendor-risk owner sees the whole package on one screen, checks the high-fraud-risk items (tax ID, banking) by hand, and then approves, declines, or sends it back for more. Approved vendors land on a clean vendor master you can export as a CSV in the exact columns your system expects.
What's inside the Implementation Plan
- A discovery interview that runs first. Before it builds anything, the plan has the AI agent interview you about your real onboarding process, your intake fields, your tiering rules, your document checklist, your naming and vendor-ID conventions, your volumes, and your messy exceptions. It reflects a short tailored spec back to you and waits for your thumbs-up - so the tool fits how you onboard vendors, not a generic template.
- A step-by-step build, each step ending in a prompt you paste straight into your AI coding agent.
- A risk-tiering engine you can tune to your own spend bands, data-access flags, and criticality rules.
- A required-document checklist that changes by tier, with expiry tracking.
- A reviewer screen with the full package side by side, and a clean approve / decline / request-more flow.
- Status emails to the vendor at each step, and a vendor-master CSV export.
- A "No API yet?" fallback so you can build the whole thing today, even with no connection to your existing ERP or vendor system.
The governance it includes (this is the point)
- Login so only your team can get in.
- Row-level security so each organization only ever sees its own vendors and documents.
- A complete audit trail - who submitted, who tiered, who reviewed, who approved, and exactly when.
- A hard human-in-the-loop approval gate - the AI proposes the tier and the required reviews, but nothing reaches the approved-vendor master until a person reviews the package and approves it.
- Duplicate guards so the same vendor can't be onboarded twice (deduped on vendor name + tax ID).
Who it's for
Procurement, vendor-management, and compliance teams who want to onboard new suppliers the same careful way every time - without hiring a developer or buying a heavyweight GRC platform.
You've got this - paste the first prompt and let the agent interview you.