Why vendor due diligence matters
A vendor that looks credible based on a proposal or reference call may have an active SAM exclusion, a suspended FMCSA operating authority, a history of Willful OSHA violations, or an expired federal registration. None of this information appears in a vendor's self-presentation — it only surfaces through systematic checks of public records.
For organizations doing federally-funded work, due diligence is not optional. FAR and 2 CFR Part 200 require recipients and subrecipients to verify vendor eligibility before award. For private procurement, due diligence reduces supply chain disruption, liability exposure, and reputational risk.
When to run this checklist: Before awarding any new contract or subcontract. Also before renewing a significant vendor relationship — risk signals can appear at any time, and a vendor that was clean last year may have a new exclusion or OOS order this year.
The five-point due diligence checklist
1. SAM exclusion check
Verify that the vendor does not appear on the SAM exclusion list. This is a binary check — a vendor is either excluded or not. An active exclusion is an immediate disqualifier for federal work and a major risk signal for any procurement.
- Search by UEI for active SAM registrants — the most reliable method
- Also search by CAGE code if the vendor has a historical exclusion record
- Note the exclusion type (Debarment, Suspension, Proposed Debarment) and termination date
- Document the date and result of your check for contract file records
Full guide: How to Check if a Vendor Is SAM Excluded
2. SAM registration and identity verification
Confirm the vendor has an active SAM registration (if doing federal work), verify the legal name and address match what the vendor provided, and confirm UEI and CAGE codes are consistent.
- Check registration expiry date — SAM registrations must be renewed annually
- Confirm legal name matches the entity in your contract documentation
- Verify CAGE code is assigned and linked to the correct legal entity
- Flag mismatches between vendor-provided information and SAM records
Related guides: UEI Numbers Explained · What Is a CAGE Code
3. FMCSA safety check (transportation vendors)
For any vendor that provides freight, trucking, logistics, or passenger transportation services, check the FMCSA carrier record.
- Confirm operating authority is active — a lapsed authority means the carrier cannot legally operate interstate
- Review safety rating if assigned — Unsatisfactory is a disqualifier
- Check OOS rate against national benchmarks — above-average rates signal maintenance or compliance issues
- Look for any active OOS orders on the carrier itself
Full guide: FMCSA Safety Ratings and Out-of-Service Orders
4. OSHA inspection history
For construction, manufacturing, transportation, and other field-operations vendors, review OSHA inspection history over the past 5 years.
- Look for Willful or Repeat violations — these indicate deliberate or persistent non-compliance
- Check whether any inspections were triggered by a fatality or serious injury
- Assess frequency and trend — increasing violations over time is a red flag
- Note whether penalties were paid or contested extensively
Full guide: How to Read a Vendor's OSHA Inspection History
5. Facility and environmental compliance
For manufacturing, chemical, agricultural, and construction vendors, review EPA ECHO data for any linked facilities.
- Check for civil judicial actions or criminal referrals — highest severity
- Review permit compliance status for air, water, and waste programs
- Note any Significant Non-Compliance (SNC) flags in recent years
- Confirm that identified facilities are actually linked to the correct legal entity
Full guide: What Facility Violations Tell You About Vendor Risk
Summary checklist
| Check | Applies to | Pass condition |
|---|---|---|
| SAM exclusion (by UEI/CAGE) | All vendors | No active exclusion |
| SAM registration active | All vendors doing federal work | Active status, not expired |
| Legal name and address match | All vendors | SAM record consistent with contract documentation |
| FMCSA operating authority active | Transportation vendors | Active authority, no current OOS order |
| FMCSA OOS rate within benchmark | Transportation vendors | Vehicle OOS <21%, Driver OOS <6% |
| No Willful or Repeat OSHA violations | Construction, manufacturing, logistics | No Willful/Repeat in past 5 years |
| No accident-triggered OSHA inspections | Construction, manufacturing, logistics | No fatality or serious injury inspections |
| No EPA civil judicial or criminal action | Manufacturing, chemical, agriculture | No referrals to DOJ in past 5 years |
How often to re-screen
Vendor due diligence is not a one-time event. Risk signals can appear between contracts — a vendor that passed all checks at onboarding may receive a SAM exclusion, lose their FMCSA authority, or have a serious OSHA incident between annual reviews.
Recommended re-screening frequency:
- SAM exclusion: Before every contract award and at least quarterly for active vendors
- FMCSA: At contract renewal and after any reported incident
- OSHA: At contract renewal; monitor for new inspection records
- SAM registration expiry: Track renewal dates; flag lapses immediately