pf-vendor-mgmt — Vendor Management Toolkit

Track, evaluate, and compare vendors with ISO 9001 scorecards, Kraljic Matrix classification, COSO ERM risk assessment, and NIST supply chain analysis — included with your subscription.

Installation

1. Download the pf-vendor-mgmt.plugin file
2. Open Claude Desktop and navigate to Settings > Plugins
3. Click Install Plugin and select the downloaded .plugin file
4. The plugin will be installed and available immediately

Note: All data stays local on your machine. No external API calls or cloud storage required.

Why This Exists

Small and medium businesses spend $2,400–12,000 per year on vendor management platforms like Precoro and Procurify just to track vendors. Yet 70% of vendor management work is document-heavy: scorecards, comparisons, renewal tracking, and reporting. This plugin handles that 70% using AI and embeds the same frameworks that enterprise procurement teams use — ISO 9001, Kraljic Matrix, COSO ERM, Gartner TCO — so SMBs get expert-level vendor management for free.

Quick Start

1. Initialize workspace: /vendor-mgmt:vendor-mgmt-setup
2. Onboard vendors: /vendor-mgmt:vendor-mgmt-onboard (form or CSV)
3. Score performance: /vendor-mgmt:vendor-mgmt-scorecard {vendor-name}

Commands

Command	Purpose
vendor-mgmt-setup	Initialize workspace with ISO 9001-aligned config, Kraljic Matrix, and COSO ERM risk categories
vendor-mgmt-onboard	Register vendors with Kraljic classification, risk tier, and compliance tracking
vendor-mgmt-list	View all vendors with filtering by category, status, Kraljic quadrant, or expiration
vendor-mgmt-scorecard	Evaluate vendor performance with SCOR benchmarks and risk-adjusted scoring
vendor-mgmt-compare	Compare 2+ vendors with Gartner TCO analysis and TOPSIS ranking
vendor-mgmt-renewals	Check renewals with COSO risk-adjusted urgency and UCC Article 2 checklist
vendor-mgmt-report	Generate portfolio report with Kraljic visualization and NIST supply chain risk analysis
vendor-mgmt-full	Run complete pipeline: onboard → score → compare → renewals → report
vendor-mgmt-status	Show workspace status and recent activity

How It Works

Data Flow:

1. Inbound: Upload vendor CSVs or answer form questions
2. Registry: Vendors stored in .vendor-mgmt/vendor-registry.json with Kraljic quadrant, risk tier, and compliance fields
3. Evaluation: Create scorecards (XLSX) with ISO 9001 criteria and SCOR benchmarks
4. Analysis: Compare vendors with Gartner TCO and TOPSIS ranking, flag renewals with COSO risk scoring
5. Reporting: Generate executive reports (DOCX) with Kraljic portfolio visualization
6. Outbound: All files stored in outbound/ folder

All data stays private on your machine. No SaaS, no cloud sync, no vendor lock-in.

What It's an Alternative To

Platform	Annual Cost	Vendors	Use Case
Precoro	$6,000+	2+	Procurement + vendor tracking
Procurify	$5,000+	2+	Purchase orders + vendor portal
Qntrl	$96+/user/yr	1+	Workflow automation
pf-vendor-mgmt	included with your subscription	∞	Document-heavy vendor mgmt with enterprise frameworks

Key Differentiators

• Included with your subscription: No subscriptions, no per-user fees
• Enterprise frameworks at SMB scale: ISO 9001, Kraljic Matrix, COSO ERM, Gartner TCO, NIST SP 800-161 — built in
• Data privacy: Everything processed within the Cowork environment
• Customizable scoring: Define your own criteria and weights with AHP methodology
• No lock-in: Export data anytime, own your vendor records
• Compliance tracking: FCPA, GDPR, UK Bribery Act compliance fields per vendor

Feature Comparison

Feature	pf-vendor-mgmt	Precoro	Procurify	Qntrl
Vendor onboarding	✓	✓	✓	—
Performance scorecards (ISO 9001)	✓	—	—	—
Kraljic Matrix classification	✓	—	—	—
COSO ERM risk assessment	✓	—	—	—
Gartner TCO analysis	✓	—	—	—
TOPSIS multi-criteria ranking	✓	—	—	—
Vendor comparison matrix	✓	—	—	—
Contract renewal alerts	✓	✓	✓	—
UCC Article 2 clause checklist	✓	—	—	—
Executive reporting	✓	✓	✓	—
NIST supply chain risk analysis	✓	—	—	—
Compliance tracking (FCPA/GDPR)	✓	—	—	—
CSV import	✓	✓	✓	✓
Customizable criteria (AHP)	✓	Limited	Limited	✓
Data privacy (local-only)	✓	—	—	—
Vendor portal	—	✓	✓	—
Procurement workflows	—	✓	✓	✓
Approval routing	—	✓	✓	✓
Multi-user collaboration	Limited	✓	✓	✓
Included with subscription	✓	—	—	—

AI-Powered Features

• ISO 9001-Aligned Scorecards: Evaluates vendors across criteria mapped to ISO 9001:2015 §8.4 with APICS/ASCM SCOR benchmarks for quality (>98% first-pass yield), delivery (>95% OTD), and responsiveness (<4hr response time)
• Kraljic Matrix Classification: Auto-classifies vendors into strategic/leverage/bottleneck/non-critical quadrants based on supply risk and profit impact, with quadrant-specific management strategies
• COSO ERM Risk Assessment: Assigns risk tiers using the COSO Enterprise Risk Management Framework, with risk-adjusted scoring for high-dependency vendors
• Gartner TCO Analysis: Calculates total cost of ownership across 6 cost buckets (acquisition, implementation, training, operations, integration, exit) with 3-year and 5-year projections
• TOPSIS Multi-Criteria Ranking: Applies Hwang & Yoon's objective ranking methodology to identify the vendor closest to the ideal solution across all evaluation dimensions
• COSO Risk-Adjusted Renewal Alerts: Flags renewals earlier for high-risk vendors, with Kraljic-specific renewal strategies (collaborative for strategic, competitive for leverage, secure for bottleneck)
• UCC Article 2 Contract Checklist: Provides a 12-point clause verification checklist covering price terms, warranties, liability limits, force majeure, and compliance provisions
• NIST SP 800-161 Supply Chain Risk: Identifies cybersecurity supply chain risks for IT/Software vendors per NIST guidelines, flagging vendors without NDAs or adequate protections
• Compliance Portfolio Tracking: Monitors FCPA anti-corruption declarations, GDPR Data Processing Agreements, insurance verification, and NDA status across the entire vendor base
• Kraljic Portfolio Reporting: Generates executive reports showing vendor distribution, spend allocation, and risk concentration across all four Kraljic quadrants

Estimated Cost per Use

Disclaimer: Token estimates are approximate and based on typical usage patterns measured from skill prompt sizes. Actual costs vary with input data size, conversation length, and complexity. Estimates use Claude Sonnet 4.6 pricing ($3/1M input, $15/1M output). Cowork and Claude Desktop subscription users (Pro/Max/Team) are not charged per-token — these estimates apply only to direct Anthropic API usage. Running stages individually in fresh sessions uses fewer input tokens than running the full pipeline sequentially, because pipeline mode accumulates conversation history across stages.

Per skill (run individually in a fresh session):

Stage	Skill Prompt	User Input	Total Input	Output	Est. Cost
vendor-onboard	~3.7K	~800	~7.3K	~3.7K	~$0.08
vendor-renewals	~4.4K	~800	~8.0K	~4.4K	~$0.09
vendor-compare	~3.8K	~800	~7.4K	~3.8K	~$0.08
vendor-scorecard	~4.8K	~800	~8.4K	~4.8K	~$0.10
vendor-report	~5.4K	~800	~9.0K	~6.0K	~$0.12
Standalone total			~40.2K	~22.7K	~$0.46

Full pipeline (all stages in one session — context accumulates):

Stage	Base Input	+ History	Total Input	Output	Est. Cost
vendor-onboard	~7.6K	0	~7.6K	~3.7K	~$0.08
vendor-renewals	~8.3K	~4.5K	~12.9K	~4.4K	~$0.11
vendor-compare	~7.7K	~9.7K	~17.4K	~3.8K	~$0.11
vendor-scorecard	~8.7K	~14.3K	~23.0K	~4.8K	~$0.14
vendor-report	~9.4K	~19.9K	~29.3K	~6.0K	~$0.18
Pipeline total			~90.3K	~22.7K	~$0.61

Running the full pipeline once typically costs $0.43–$0.80 in API tokens (Claude Sonnet 4.6).

Known Limitations & Workarounds

Limitation	Workaround
No real-time vendor portal	Vendors email updates; import with CSV
No multi-user collaboration via UI	Export/version control CSV snapshots
Scorecard is snapshot, not continuous	Update scores each quarter
Cannot auto-fetch vendor performance data	Collect scores manually or from systems

Context & Performance Guide

Session Management

• Typical session: 50K–100K tokens for 5–10 vendor operations
• Full pipeline: 100K–150K tokens for complete onboarding-to-report workflow
• Best practice: Run setup once, then onboard 2–3 vendors per session, score once per quarter

Data Volume

• 100 vendors: ~200K JSON (registry) + 50 XLSX files = manageable
• 500+ vendors: Use CSV filtering, compare in batches
• Tip: Archive old scorecards to archive/ to keep outbound/ clean

Tips

1. Batch onboarding: Import all vendors at once via CSV
2. Quarterly scoring: Score all vendors in one session (5–10 vendors)
3. Lightweight comparisons: Compare max 3–4 vendors at a time
4. Archive old reports: Move past-year files to archive folder
5. Customize config: Edit .vendor-mgmt/config.json to match your criteria

Embedded Frameworks

Framework	Version/Source	Application
ISO 9001:2015	§8.4, §8.4.2, §10.2	Scoring criteria and corrective action
Kraljic Matrix	HBR 1983	Supplier portfolio classification
COSO ERM	2017 edition	Risk tier assessment and concentration analysis
APICS/ASCM SCOR	Level 1 metrics	Performance benchmarks
Gartner TCO Model	6-category framework	Total cost of ownership analysis
TOPSIS	Hwang & Yoon (1981)	Multi-criteria vendor ranking
AHP	Saaty (1980)	Criteria weighting methodology
NIST SP 800-161 Rev.1	§3.4, §2.2	Supply chain risk assessment
UCC Article 2	§2-201 through §2-725	Contract clause verification
FCPA	§78dd-1	Anti-corruption compliance
UK Bribery Act 2010	§7	Anti-bribery compliance
ISO 37001:2016	§8.2	Anti-bribery due diligence
GDPR	Article 28	Data processor requirements
ISO 20400:2017	§6.3	Sustainable procurement
ITIL v4	Supplier Management	Communication/SLA benchmarks

Requirements

• Claude Desktop with Cowork mode enabled
• Python 3.8+ (for openpyxl, python-docx)
• File system access (mounted workspace)

Important Disclaimers

• AI-Generated Content: This plugin uses AI (LLM) technology which can produce inaccurate or incomplete outputs. All content should be treated as a starting point and reviewed for accuracy before use.
• Not Professional Advice: Outputs do not constitute legal, financial, tax, medical, or other professional advice. Consult qualified professionals before making decisions based on generated content.
• No Compliance Guarantee: References to industry standards, regulations, or guidelines are for informational purposes only. This plugin does not guarantee compliance with any law or regulation. Users are responsible for verifying all outputs meet their specific regulatory requirements.
• No Endorsement or Affiliation: Mention of third-party products, standards, or organizations does not imply endorsement, partnership, or certification by those entities.