Enterprises often wonder how to best tier their vendors. On the surface it seems like a straightforward question. Models and templates are everywhere, along with scoring matrices to fill out and tiers to assign.
But, oftentimes, when an organization is asking how to tier their vendors, the question they really need to answer is a different one. The better question is “do we have the capacity and the capabilities to govern what we're about to classify?”
Tiering is not an output. It is an input. Tiering should drive governance actions, resource commitment and capability development. But that's not how most organizations treat it.
Most often, the list of vendors simply grows. No one wants to argue against elevating a vendor, and shrinking the list means someone has to justify the demotion. So, Tier 1 expands quietly, year over year, until the designation means very little. This is not a problem with the tiering methodology. It is a symptom of the disconnect between the tier on the spreadsheet and the governance actions that tier should automatically trigger — and the organizational capabilities required to honor them.
The Value of the Vendor Scoring Model
A large enterprise vendor portfolio can easily span hundreds of relationships across technology, professional services, logistics and facilities. Applying consistent governance judgment to every one of those vendors individually is neither practical nor scalable. A scoring model solves a real problem: it creates a repeatable, auditable and defensible process that can be applied systematically across a diverse population without requiring a senior governance professional to touch every decision.
Scoring also satisfies a legitimate organizational need for transparency. When a stakeholder asks why Vendor A is governed more intensively than Vendor B, a documented scoring methodology provides an answer that doesn’t depend on institutional memory or individual judgment. That auditability matters, particularly in regulated industries where governance decisions carry compliance implications.
So, the question is not whether to use a scoring model. The question is what a scoring model can and cannot do.
Scoring is a classification tool. It tells you which vendors belong in which tier based on a set of weighted criteria. It does not tell you how many quarterly business reviews your governance team can realistically conduct. It does not tell you whether you have the contract infrastructure to enforce the escalation rights Tier 1 status implies. It does not tell you whether your risk review process can absorb twelve vendors or three. This is where most tiering models fall short. Not in the classification phase, but in what comes after it.
Consider a common scenario: an organization runs a rigorous scoring exercise and produces a clean Tier 1 list of fourteen vendors. The governance team schedules the first round of quarterly business reviews. Two months in, they discover they have the bandwidth, the contract provisions and the internal alignment to actively govern five. Now what? Do they quietly ignore nine Tier 1 vendors? Reclassify them to avoid the obligation? Neither answer is comfortable. And the discomfort is precisely the point.
A tiering model that produces more Tier 1 vendors than your governance function can absorb has not failed. It has succeeded — at something more important than classification. It has diagnosed a gap between governance ambition and governance capacity. That gap has always been there. The model just made it visible.
Before redesigning your scoring methodology, run two tests. They take less than ten minutes, and they will tell you more than any weighted attribute exercise.
How to Test Your Governance Capacity
Write your Tier 1 vendors on a three-by-five index card. Not a spreadsheet. Not a slide. A card (for those of you younger than 30, a three-by-five index card is an ancient tool used pre-internet). If your Tier 1 vendors don’t fit on the card, if the exercise requires more than one card or if you find yourself negotiating with yourself about font size, your Tier 1 list is too large to govern. A list that cannot fit on a card cannot fit in your governance calendar either.
Here are some hard truths to consider:
Tier 1 should be uncomfortable to populate. The discipline of the card is that it forces a reckoning: not “which vendors scored highest,” but “which vendors, if they failed tomorrow, would materially and immediately damage our operations, our compliance posture or our strategic trajectory.” That is a much harder question. It should produce a much shorter list.
The governance calendar does not lie. Take your current Tier 1 list and ask a simple question: does your governance calendar – your actual scheduled reviews, QBRs, risk assessments and compliance checkpoints – reflect that list? If you have eighteen vendors on your Tier 1 list and your governance calendar has meaningful touchpoints for six of them, the other twelve are Tier 1 in name only. Or worse, if you have touchpoints for all 18, but 10 of those touchpoints are rote exercises without high-level attendance and actions being driven from them, those are “meetings that could have been emails.” The calendar does not lie. It tells you which vendors your organization is actually prepared to govern, regardless of what the scoring model says.
A Tier 1 designation is not a classification output; it is a resource commitment. The moment a vendor earns Tier 1 status, that designation should automatically trigger a defined set of governance obligations: inclusion in your quarterly review cadence, elevated contract compliance monitoring, regular risk assessment, defined escalation paths and executive-level visibility. Not eventually. Automatically.
If those governance structures are not in place or cannot absorb a new addition, the tier designation is fictitious. You have classified the vendor. You have not governed them. This distinction matters because it changes the nature of the tiering conversation entirely. Instead of asking “how do we score vendors more accurately,” the right question becomes: “how many Tier 1 relationships can our current governance function actually sustain?”
That is a capacity question, not a methodology question. It is also the question that unlocks the real conversation: what does it actually cost to govern well, and are we funding it?
Tiering Is Not Where Governance Starts
Tiering is where governance becomes operational. Before a tiering model can function as described here, three foundational elements need to be in place: vendor inventory, contract visibility and a governance structure ready to absorb the output. If those three elements are not in place, tiering will not solve the underlying problem. It will classify vendors into a governance vacuum. The 3x5 card will be full of names that nobody is actually watching.
With those elements in place, the sequence is straightforward: build the governance infrastructure, tier against it and let the tier do the work of populating that infrastructure automatically. Every time a vendor earns Tier 1 status, the governance calendar updates. The risk review queue expands. The executive dashboard adds a row.
If your vendor tiering model feels broken, if it is too complex, too large, too disconnected from how your organization actually governs, resist the urge to rebuild the scoring methodology. That is almost never the real problem.
The real problem is the gap between classification and commitment. Between the tier on the spreadsheet and the governance action it should automatically trigger. Between the Tier 1 list you can defend to leadership and the Tier 1 list you can manage in real life.
That gap is not a scoring problem. It is a maturity signal. And the organizations that close it are not the ones with the most sophisticated weighting algorithms. They are the ones that asked a harder question first: not “which vendors belong in Tier 1,” but “how many Tier 1 vendors can we genuinely govern?” And “what would it take to do that well?”
Your tier model already knows the answer. You just have to be willing to hear it. ISG helps organizations structure vendor selection, management and governance systems that are right for them. Contact us to find out how we can get started.
About the author
