How Bridgecurrent Validates Supplier Documents

When a supplier sends a compliance document, Bridgecurrent does not simply file it. The system verifies the document against multiple criteria: validity dates, scope of certification, legal entity matching, and accreditation body recognition. Documents that fail any check are flagged, and the supplier is re-contacted with a specific explanation of what is needed.

This page explains each verification step, the common issues found during verification, and what happens when a document does not pass.

Why Verification Matters

Collecting supplier documents is only half the problem. Having the document on file is not the same as having a valid document on file.

During audits, the most common findings are not “document missing” but “document present but invalid.” An expired certificate, a certificate scoped to a different facility, or a certificate issued by an unrecognized registrar can all result in audit findings, even though the document was technically collected.

Companies often discover these issues only during an audit, sometimes years after the document was collected. By that point, obtaining a corrected document requires restarting the entire outreach process: finding the current contact, explaining the issue, and waiting for the corrected file.

Verifying documents at the point of collection prevents this. Issues are caught immediately, while the supplier is still engaged and responsive, rather than months or years later when the contact may have changed.

Validity Date Checking

The first and most straightforward check: is the certificate current?

What Is Checked

  • Expiration date: Every certification has a validity period. ISO management system certificates are typically valid for three years. Environmental permits, insurance certificates, and regulatory registrations each have their own cycles. The system extracts the expiration date and confirms the certificate is not already expired.
  • Issue date: A certificate issued recently is more likely to reflect current practices. A certificate issued at the edge of its validity period is still valid but may warrant closer attention.
  • Recertification timing: For certificates approaching expiration (within 90 days, for example), the system flags them as “expiring soon” so the requesting team can plan for renewal outreach.

Common Issues Found

  • Expired certificates: The supplier sends a certificate that expired 6 months ago. This is surprisingly common. The supplier may not realize it expired, may be in the process of recertification, or may have sent the wrong file.
  • Certificates expiring within the request window: A certificate that expires in 30 days may be valid today but will create a gap before the next audit cycle.

Scope Verification

A valid certificate that covers the wrong scope is not useful. Scope verification confirms that the certificate applies to what the customer actually needs.

What Is Checked

  • Site coverage: Many suppliers operate from multiple locations. A certificate for the supplier’s headquarters does not necessarily cover the manufacturing plant that produces the parts you purchase. The system checks whether the certified site matches the relevant facility.
  • Process coverage: ISO certificates and similar standards cover specific processes. An ISO 13485 certificate (medical device quality management) scoped to “design and manufacture of surgical instruments” does not cover a supplier’s separate division that produces electronic assemblies. The scope statement on the certificate is compared against the known product or service provided to the customer.
  • Standard version: Standards are revised periodically. ISO 9001:2015 replaced ISO 9001:2008. A certificate referencing an obsolete standard version may not meet current requirements.

Common Issues Found

  • Wrong site: The certificate covers the supplier’s corporate office or a different manufacturing facility, not the plant that actually produces the goods.
  • Partial scope: The certificate covers some of the supplier’s activities but not the specific product line or process relevant to the customer.
  • Outdated standard version: The certificate references a superseded version of the standard. This is most common during transition periods when a new standard version is published.

Large suppliers often have complex corporate structures with multiple subsidiaries, divisions, and legal entities. A certificate must be issued to the correct legal entity.

What Is Checked

  • Entity name on certificate vs. entity on purchase order: The legal name on the certificate is compared to the supplier entity the customer actually does business with. “Acme Corporation” and “Acme Manufacturing LLC” may be related, but they are different legal entities with potentially different quality systems.
  • Subsidiary vs. parent: A certificate issued to a parent company does not automatically cover its subsidiaries. In many regulatory frameworks, each legal entity must be independently certified.
  • Trade names and DBAs: Some suppliers operate under a trade name that differs from their legal name. The system accounts for known aliases and “doing business as” registrations.

Common Issues Found

  • Parent company certificate submitted for subsidiary: The most common entity matching issue. A supplier sends the certificate for their parent company, but the customer’s purchase order is with a subsidiary that is a separate legal entity.
  • Acquired company, old certificate: After a merger or acquisition, the supplier may still be using certificates issued under the previous company name. These may or may not still be valid depending on how the acquisition was structured.
  • Wrong division: At large suppliers with multiple divisions, a certificate from one division may be submitted for a different division’s products.

Accreditation Body Verification

Not all certification bodies are equal. For a certificate to be recognized in regulated industries, it typically needs to be issued by an accredited registrar.

What Is Checked

  • Accreditation body recognition: The registrar (the organization that issued the certificate) is checked against recognized accreditation bodies. For ISO certificates, this means accreditation by a member of the International Accreditation Forum (IAF) or a recognized national accreditation body.
  • Scope of accreditation: The registrar must be accredited to certify the specific standard in question. A registrar accredited for ISO 9001 audits is not necessarily accredited for ISO 14001 or ISO 13485.
  • Active status: Accreditation can be suspended or withdrawn. The system checks that the registrar’s accreditation is currently active.

Common Issues Found

  • Non-accredited registrar: The certificate was issued by an organization that is not accredited by a recognized accreditation body. This is more common with suppliers in certain regions where non-accredited certification bodies operate.
  • Self-declared compliance: Some suppliers submit self-declaration documents rather than third-party certificates. These may describe the supplier’s quality practices but do not constitute independent certification.
  • Registrar accreditation lapsed: Rare, but it happens. A registrar whose accreditation has been suspended may still have outstanding certificates that technically remain valid but carry reduced credibility.

What Happens When a Document Fails Verification

When a document fails one or more verification checks, the following process applies:

1. The Issue Is Classified

Each failure is categorized by type (expired, wrong scope, wrong entity, unrecognized registrar) and severity. An expired certificate is a different problem than a certificate scoped to the wrong site. The classification determines the re-contact message.

2. The Supplier Is Re-Contacted

The system sends a follow-up to the supplier explaining the specific issue and requesting the correct document. The message is clear about what is needed:

  • If the certificate is expired: request the current certificate or confirmation that recertification is in progress.
  • If the scope is wrong: request the certificate that covers the specific site or process.
  • If the entity is wrong: request the certificate for the correct subsidiary or division.
  • If the registrar is not recognized: request a certificate from an accredited body, or additional information about the registrar’s credentials.

This specificity matters. A generic “please resend” request often results in the supplier sending the same incorrect document. Explaining exactly what is wrong and what is needed produces a correct response more quickly.

3. The Issue Is Tracked

Failed verifications are logged and visible to the requesting team. This creates a clear record of:

  • Which suppliers have submitted invalid documents
  • What the specific issue is
  • When the re-contact was sent
  • Whether the supplier has responded with a corrected document

This record is valuable during audits because it demonstrates that the company is not just collecting documents but actively verifying them and following up on issues.

4. Escalation If Needed

If the supplier does not respond to the re-contact, the standard follow-up and escalation process applies. The system follows up at defined intervals and can escalate to alternative contacts at the supplier if the primary contact remains unresponsive.

Verification in Context

Document verification is the third step in Bridgecurrent’s Discover, Outreach, and Collect workflow:

  1. Discover the right contact at the supplier.
  2. Outreach to request the document, with autonomous follow-up.
  3. Collect the response and verify it against all applicable criteria.

Verification closes the loop. Without it, companies can invest significant effort in contact discovery and outreach, successfully collect documents from hundreds of suppliers, and still face audit findings because the documents themselves are invalid.

The goal is not just a file in a folder. It is a verified, current, correctly-scoped document from the correct entity, issued by a recognized authority. That is what audit readiness requires.