Supplier Prequalification

Supplier prequalification is the disciplined alternative to onboarding suppliers through email threads and a spreadsheet nobody trusts. The familiar failure mode is well known: a buyer collects PDFs in an inbox, copies a few fields into a sheet, and weeks later cannot say which version of the certificate is current or who approved the supplier. Prequalification replaces that with a single governed path — apply, review, approve, and, for the ones who pass, convert into a vendor — where the system, not memory, holds the truth.

The pipeline matters because it produces a record, not just a result. Every applicant arrives with the same fields and the same required documents, so you compare like with like instead of whatever each supplier chose to send. Every decision carries a reason — a score, a request for more information, an approval, a rejection — and each is stamped with who acted and when. The practical payoff lands the day an auditor, a donor, or a new procurement lead asks "how did this supplier get on our list?": the answer is a click away rather than a forensic email search.

Two design choices make it safe and scalable. First, it is strictly tenant-specific — every application belongs to one business, the public link resolves to that business, and one tenant can never see another's suppliers. Second, it is self-service for the supplier with no account: they apply, track, and respond through links, and AWRA only provisions a real login — the vendor portal — at the moment of approval. You never manage credentials, password resets, or access for people you have not yet accepted, which keeps the front door open without widening your security surface.

Each business publishes a public, tenant-specific application link built from its own slug — something like /supplier/apply/your-business — that it can share on a website, in an email, or in a tender notice. The business controls whether the link is currently accepting applications and can rename the slug; older links keep working because retired slugs redirect to the current one, so a link printed in last year's tender does not break. A supplier opens the link and submits company details, contact information, the compliance documents you require, and any custom fields you have defined.

There is deliberately no sign-up. The form is hardened against automated abuse — a Turnstile challenge, a hidden honeypot field, and timing checks quietly screen out bots — so you collect genuine applicants, not spam. On submission the supplier receives a private, signed tracking link by email. That link is their entire relationship with you pre-approval: they use it to check status, and when you request more information they reopen the same link to correct details and upload the missing documents. This kills the most common onboarding friction — the endless "please resend that certificate" thread — because every update reattaches to the original application instead of starting a new one.

Because the form is assembled from your own custom fields, prequalification adapts to any industry rather than forcing a fixed template. A construction firm can require a safety record and an equipment list; an NGO can capture a due-diligence declaration; a retailer can ask for a product catalogue and lead times. Fields can be text, numbers, dates, dropdowns, yes/no, or file uploads, and they appear on the public form, save against the application, and — as the next lesson shows — feed straight into the AI assessment. The reviewer therefore sees a complete, structured profile, not a thin form plus a pile of attachments.

When you open an application, AWRA has already done a first pass so you do not start from a blank page. An advisory AI assessment gives a suitability score from 0 to 100, a short plain-language rationale, and a list of risk flags — a missing tax compliance certificate, very few years in business, no incorporation document, an unusual data point. The score is computed from the typed application data, the values in your custom fields, and which of the required documents were actually supplied. It is a head start for the reviewer, explicitly advisory, and it never approves or rejects anyone on its own; it also re-runs when the supplier edits their submission, so it never reflects stale data.

Knowing the limits is part of using it well. The assessment reads structured data and document completeness — it does not open a PDF and read the certificate inside to confirm that the printed KRA PIN matches the typed one. That boundary is deliberate: it keeps the score honest about what it actually knows and makes clear why a human still opens and checks the documents before approving. Treat the score as a triage signal that tells you where to look first, not as evidence in itself.

When several suppliers apply for the same thing, category comparison turns a queue into a decision. AWRA groups applicants by category and ranks them with preferred picks first, then by AI score, so you are comparing genuinely comparable suppliers rather than scrolling a flat list. From there you can star the ones you favour, request more information from any of them (which emails them and reopens their tracking link), view each document inline in the in-app viewer rather than downloading files one by one, and reject with a reason. Every one of those actions is recorded against the application, so the review is reconstructable later.

Documents are first-class in prequalification, not loose attachments. A supplier uploads certificates and supporting files against their application; reviewers open each one in an in-app viewer — PDFs, images, and text render inline behind short-lived signed links, so nobody has to download a folder of files just to read them, and access stays controlled. Each document is tied to the application it belongs to, which is what makes the review trustworthy: you are always looking at this supplier's actual submission.

On approval, the supplier's documents are copied into the secure Document Vault automatically, and reviewers can also push a single document there on demand before approval. The Vault gives the business one governed, access-logged home for compliance evidence that outlives the application itself — useful when the certificate you relied on to approve a supplier needs to be produced again months later. Nothing is moved out of the supplier's reach until you decide; the copy is deliberate and recorded.

Custom fields close the loop between "the form" and "the decision". Defined once per business, they render on the public application, are editable by the supplier through their tracking link, display on the reviewer's screen, and feed the AI assessment alongside the standard fields. Because they are reused from the same field engine the rest of AWRA uses, you are not inventing a parallel system — a "safety rating" dropdown or an "annual turnover" number behaves consistently wherever it appears, and the data stays structured and reportable rather than buried in free text.

Approving an application is a single click that does several coordinated things: it creates the vendor record (reusing an existing vendor with the same email rather than duplicating), copies the supplier's documents into the Document Vault, carries any "preferred" mark onto the vendor, and emails the supplier a set-password invite for the vendor portal. From that moment the approved supplier is a usable, active vendor — eligible to be invited to RFQs — without anyone re-keying details. One nuance worth internalising: if your plan's active-vendor limit is already reached, approval still succeeds but the vendor is created inactive, so you never lose a vetted supplier to a cap; you simply activate them after upgrading or deactivating another. Approval also never auto-sends an RFQ — sourcing stays a separate, deliberate decision.

Approval is the start of the relationship, not the end. Each approved supplier carries a qualification validity window the business configures (a number of months). A scheduled daily check flags any approval whose window has lapsed as expired and deactivates the linked vendor, so a supplier whose compliance has gone stale quietly drops out of new RFQs until someone re-qualifies them. Re-qualifying re-runs the same approval routine — it extends the window and reactivates the vendor (subject to the same plan cap) — which is what keeps a vendor list current instead of slowly silting up with suppliers approved years ago against documents that have long since expired.

Blacklisting is a stronger, distinct action from deactivation, and the difference matters in practice. Deactivating a vendor is routine and reversible — it frees a plan slot and removes them from RFQs, but they can be reactivated freely. Blacklisting records a reason, deactivates them, excludes them from RFQs, and blocks re-applications through the public link, so a supplier you have ruled out cannot quietly reappear by filling in the form again. At the opposite end, preferred suppliers are highlighted and float to the top of category comparison and RFQ selection. Used together, re-qualification, blacklisting, deactivation, and preferred status turn a one-time approval into a living, governed vendor base.