There's something almost archaeological about supplier management in many local authorities. Somewhere in the basement, behind the broken photocopier and last decade's Christmas decorations, sits a room full of filing cabinets containing the paper trail of hundreds of supplier relationships.

For one Council, that room wasn't just a quirky historical curiosity. It was a genuine liability waiting to happen.

The Legacy Problem

The Council's procurement team had inherited a system—if you could call it that—which had evolved organically over thirty years. Different departments had their own supplier records. Some were in filing cabinets. Others lived in Access databases that nobody quite remembered how to query. A few existed only in the memories of long-serving officers who had since retired.

The catalyst for change was a Freedom of Information request. A journalist asked for a list of all active suppliers with valid insurance certificates. It should have been a simple question. It took three weeks to answer, and even then, the team wasn't confident the list was complete.

The Director of Finance commissioned an audit. The findings were sobering. Of 1,247 suppliers on the Council's payment records, only 340 had documented insurance verification within the last twelve months. For the rest, the Council genuinely didn't know whether they were covered. Given that some of these suppliers delivered services directly to vulnerable residents, this wasn't just an administrative gap—it was a public liability risk.

The Digital Migration

The Council made a strategic decision to digitise their entire supplier base and implement a modern management platform. But they approached it pragmatically, recognising that perfect shouldn't be the enemy of good.

Phase one focused on their highest-risk suppliers—anyone delivering care services, working with children, or operating on Council premises. These 200 suppliers were contacted directly and asked to submit updated documentation through a new self-service portal.

The response was better than expected. Most suppliers actually welcomed the change. They were used to filling out the same paper forms repeatedly for different Council departments. Having a single digital profile that they could update once and share across the organisation saved them time and frustration.

The platform integrated with public registries where possible. Companies House data was pulled automatically. Insurance validity was cross-referenced with industry databases. Where suppliers held ISO certifications or CHAS accreditation, the system verified these directly rather than relying on photocopied certificates that could easily be outdated or falsified.

The OCR Revolution

One unexpected benefit came from the platform's optical character recognition capabilities. The Council scanned their historical paper records—boxes and boxes of certificates and contracts—and the system automatically extracted key data: company names, certificate numbers, expiry dates, coverage limits.

This historical data wasn't perfect, but it provided a baseline. They could now see that a supplier's liability insurance had been verified in 2019, even if it had since expired. That was better than having no record at all, and it gave the team a prioritised list for follow-up.

The OCR process also uncovered anomalies. Several suppliers had certificates that appeared to have been altered—dates changed, coverage limits modified. One had used the same certificate for five years, changing only the date. These findings triggered proper investigations and, in two cases, supplier termination for fraud.

From Zero to Complete Visibility

Eighteen months after starting the project, the Council had transformed its supplier oversight. Compliance visibility went from effectively 0% to 100%. Every active supplier now had a digital profile with documented status for each compliance requirement. The system knew what was valid, what was expiring, and what had lapsed.

Response time to information requests dropped from weeks to minutes. That FOI request that had taken three weeks? The equivalent query now took under 30 seconds.

Public liability risk was dramatically reduced. Every supplier working with vulnerable residents now had verified, current insurance. The Council could demonstrate duty of care to residents and proper oversight to their auditors.

The team estimated they were saving 500 administrative hours annually—time previously spent on phone calls, email chases, and manual record-keeping. Those hours were redirected to more strategic supplier management activities.

Lessons for Public Sector Organisations

This Council's journey offers several lessons for other public sector bodies contemplating similar transformations.

First, acknowledge the scale of the problem honestly. Many organisations have compliance gaps they're not aware of or prefer not to examine too closely. External pressure—whether FOI requests, audits, or incidents—often forces visibility that might otherwise be avoided.

Second, phase the implementation by risk. Trying to digitise everything at once is overwhelming. Starting with high-risk suppliers creates immediate value and builds confidence for the broader rollout.

Third, make it easy for suppliers. The biggest predictor of adoption was portal usability. When suppliers could register in 15 minutes and update their details whenever needed, compliance improved dramatically. When they hit obstacles, they gave up.

Fourth, verify where possible rather than accept. Automated checks against official registries are more reliable than photocopied certificates. If a supplier claims ISO 9001 certification, check the UKAS database directly. Trust but verify.

The room full of filing cabinets still exists at the Council, though it's now being gradually cleared. The team keeps one cabinet as a reminder of where they came from—and motivation never to go back.