At first glance I was thinking that conducting a risk assessment for my 46 suppliers would be a "walk in the park" but I am stuck and here is why.
First we have to get our definitions in order and its not clear what they mean by Supplier. Is the supplier the person I source my ingredients from because if this is the case then by extension some are traditional manufacturers or vendors like my sugar supplier ( they manufacture sugar and sell to my site) , others are distributors like my dough conditioner supplier ( they buy from a manufacturer and sells to my site) and others are type 2 manufacturers like my spice supplier or canola oil supplier who buys these items in bulk from a primary manufacturer then repackages them ( oil) or grinds , blends and repackage them ( spices) and sells to my site.
For a genuine manufacturer GFSI visibility as the instrument for approval makes a lot of sense however for genuine distributors distribution HACCP makes more sense albeit few have this level of certification. Similarly for a basic distributor with no QA core competency I am not sure what would be acceptable as the instrument for approval.
I have to do an ingredient risk assessment and a comparable ingredient risk assessment and the rationale I am using is that if I rank black pepper as a medium risk and I have 2 suppliers one that is GFSI and the other that has no system at all the latter would be NLR ( not low risk)
If I take another approach and assume supplier means the vendor or where the ingredient is prepared ( not grounded or blended , repackaged) the task is easier.
Thanks in advance for your feedback.