ISO/DIS 25500-240:2026(en)

ISO TC 184/SC 5/WG 16

Secretariat: ANSI

Date: 2025-11-17

Supply chain interoperability and integration — Part 240: Strategic sourcing concepts, principles, and data requirements

© ISO 2026

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office

CP 401 • Ch. de Blandonnet 8

CH-1214 Vernier, Geneva

Phone: +41 22 749 01 11

Email: copyright@iso.org

Website: www.iso.org

Published in Switzerland

Contents

Foreword iv

Introduction v

1 Scope 1

2 Normative references 1

3 Terms and definitions 2

3.1 authoritative legal entity identifier 2

3.2 international business identifier 2

3.3 international business registration number 2

3.4 legal entity 3

3.5 legal name 3

3.6 onboarding 3

3.7 procurement 3

3.8 sourcing 3

3.9 strategic sourcing 3

3.10 supply chain data formatting contract clause 4

3.11 trading entity 4

4 Fundamental principles and assumptions 4

5 Stages of the strategic sourcing process 4

5.1 Discovery 4

5.2 Evaluation 4

5.2.1 Data required to identify a supplier 4

5.2.2 Data required to evaluate a supplier 5

5.2.3 Data required to identify a material or service 5

5.2.4 Data required to evaluate a material or service 5

5.2.5 Data required to identify a location 5

5.2.6 Data required to evaluate a location 5

6 Requirements 5

6.1 Buyer 5

6.2 Supplier 6

7 Conformance 6

7.1 Buyer 6

7.2 Supplier 6

Annex A (informative) 7

Bibliography 8

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

The committee responsible for this document is Technical Committee ISO/TC 184, Automation systems and integration, Subcommittee SC 5, Interoperability, integration, and architectures for enterprise systems and automation applications.

A list of all parts in the ISO 25500 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

This document provides the fundamental concepts, principles and vocabulary for supply chain interoperability and integration (SCII) as applied to the activity of strategic sourcing of products or services from new or existing suppliers. This document is intended to help the user in understanding the fundamental concepts, principles, and vocabulary of the strategic sourcing process in order to be able to effectively and efficiently onboard products or services from new or existing suppliers.

This document proposes a framework that integrates established fundamental concepts, principles, processes, and resources related to the strategic sourcing process. It is applicable to all organizations, regardless of size, complexity, or business model. Its aim is to increase an organization’s awareness of its duties and commitment to meet the data requirements of its trading partners throughout the onboarding process.

Supply chain interoperability and integration –
Part 240:
Strategic sourcing concepts, principles, and data requirements

This document describes the fundamental concepts and principles of strategic sourcing which are universally applicable to the following:

— organizations seeking to improve their onboarding process through a common understanding of the fundamental concepts, principles and vocabulary used in strategic sourcing;

— organizations seeking to improve the quality of the data they receive from their trading partners in order to establish confidence in their supply chain.

The following are within the scope of this document:

— terminology required to describe the workflow and data used in the strategic sourcing process;

— stages of the strategic sourcing process;

— data required to support the strategic sourcing process;

— metadata and reference data required to support the strategic sourcing process.

The following are outside the scope of this document:

— data exchange technology;

— supplier evaluation methods and techniques.

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 8000‑114, Data quality — Part 114: Master data: Application of ISO/IEC 21778 and ISO 8000-115 to portable data

ISO 8000‑115, Data quality — Part 115: Master data: Exchange of quality identifiers: Syntactic, semantic and resolution requirements

ISO 8000‑116, Data quality — Part 116: Master data: Exchange of quality identifiers: Application of ISO 8000-115 to authoritative legal entity identifiers

ISO 8000‑118, Data quality — Part 118: Application of ISO 8000-115 to natural location identifiers

ISO 25500‑1, Supply chain interoperability and integration — Part 1: Overview and principles of the industrial internet

ISO 25500‑2, Supply chain interoperability and integration — Part 2: Vocabulary

ISO 25500‑3, Supply chain interoperability and integration — Part 3: Verification of trading entity identity

ISO/DIS 25500‑100, Supply chain interoperability and integration — Part 100: Verification of supply chain data

ISO/DIS 25500‑110, Supply chain interoperability and integration — Part 110: Verification of certificates in the supply chain

ISO/DIS 25500‑120, Supply Chain Interoperability and Integration — Part 120: Verification of data in support of local purchasing

For the purposes of this document, the terms and definitions given in ISO 25500‑2 and the following apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at https://www.electropedia.org/

NOTE Prior to publication of this document as an International Standard, the following terms and definitions will be published in ISO 25500-2 and removed from this document.

3.1

authoritative legal entity identifier

ALEI

identifier assigned by the government agency that has granted and maintains an entity’s legal existence including its right to enter into legally binding contracts

EXAMPLE An identifier assigned by a government business register to reference a registered business.

Note 1 to entry: Government agencies are typically formed through legal actions such as proclamations, regulations, and acts and are not typically referred to by an identifier within those acts. Thus, a government agency’s legal name is its ALEI.

Note 2 to entry: ISO 8000-116 specifies how to represent the ALEI as an ISO 8000-115 compliant quality identifier making it an international business registration number (IBRN) while the ISO 25500-3 formatted international business identifier (IBID) includes the IBRN as part of a string that is used to definitively identify a legal entity

3.2

international business identifier

IBID

String of characters consisting of the three fields separated by the vertical line or pipe character (U+0007C) that uniquely identify a trading entity: the ISO 8000-116 formatted International Business Registration Number (IBRN), the legal name, and the date of origin as eight numeric characters (YYYYMMDD)

Note 1 to entry: Some legal entities, such as government entities, gain and maintain their legal status through an act, proclamation, or regulation, and are not entered with an identifier at time of formation by the government authority that has originated them. For legal entities without a government issued identifier granted and entered into a register at time of formation, their legal name serves as their identifier. For these entities, the IBID consists of two fields separated by the vertical line or pipe character (U+0007C) that uniquely identify a trading entity: the ISO 8000-116 formatted International Business Registration Number (IBRN) and the date of origin as eight numeric characters (YYYYMMDD).

EXAMPLE 1 A corporation entered under the file number 3031657 and legal name Code Management Association into the business entity register of the United States’ state of Delaware on 1999-04-20 has an IBID of US-DE.BER:3031657|Code Management Association|19990420

EXAMPLE 2 An individual born 1922-01-17 and entered under the sequential number 54 and legal name Betty Marion White into the vital records register of the United States’ state of Illinois has an IBID of US-IL.VR:54|Betty Marion White|19220117

EXAMPLE 3 A government entity formed by the United States, through being signed into law on 1789-09-02, under the legal name of the Department of the Treasury has an IBID of US.GOV:Department of the Treasury|17890902

3.3

international business registration number

IBRN

ISO 8000-116 formatted identifier assigned to reference a legally authorised trading entity by a register maintained by the administrative agency for a governing body of the nation, state, or community with the authority to grant or terminate legal status to an entity including the entity’s legal right to enter legally binding contracts within a jurisdiction

Note 1 to entry: Businesses typically gain, preserve, and lose their legal status through entrance and maintenance in a government business register but not all entities receive legal status through inclusion in such a register database. For legal entities that are not added to a register database, one refers to the documents of formation that granted the entity its legal status such as proclamations, acts, or regulations for government entities. For such government entities, the legal entity may not be referred to by an identifier so its legal name also serves as its identifier with .GOV as the prefix subdomain element.

EXAMPLE 1 Code Management Association was formed in and is a registered corporation in the US state of Delaware (jurisdiction code: US-DE) where the Business Entity Register (register reference: BER) is maintained by the Division of Corporations. The business registration number for Code Management Association inside the Delaware Business Entity Register is 3031657. Code Management Association's IBRN is US-DE.BER:3031657.

EXAMPLE 2 The IBRN for the United States Department of the Treasury is “US.GOV:Department of the Treasury” as it is a government entity (.GOV) was formed when a congressional act was signed into law by President George Washington on 1789-09-02, in the legal jurisdiction is the United States (US) and its legal name is Department of the Treasury.

3.4

legal entity

physical or juridical person granted legal status by the governing body of a nation, state or community

[SOURCE: ISO 8000-2]

3.5

legal name

name of the organization as recorded in the authoritative legal entity registry where the organization was formed

3.6

onboarding

process of collecting and validating the data necessary to approve a new supplier, material, or service prior to the creation of a master data record

Note 1 to entry: Before a purchase order can be created a supplier master data record must exist.

Note 2 to entry: A purchase order will either reference an item (material or service) master data record or include descriptive text to identify and describe the item to be purchased.

3.7

procurement

activity of acquiring goods or services from suppliers

Note 1 to entry: The procurement process considers the whole cycle from identification of needs through to the end of a services contract or the end of the life of goods, including disposal.

Note 2 to entry: Sourcing is a part of the procurement process that includes planning, defining specifications and selecting suppliers.

[SOURCE: ISO 20400:2017]

3.8

sourcing

process of finding a supplier for materials or services, including defining specifications

3.9

strategic sourcing

Sourcing that focuses on the longer-term goals of responsible, sustainable procurement. The strategic sourcing process follows distinct stages of discovery, evaluation, and approval where each stage has defined requirements for data. The strategic sourcing process includes initial research to identify potential suppliers of desired materials or services followed by qualification of the supplier as a potential trading partner and the evaluation of the quality and price of goods or services to be purchased followed by the creation of master data records for both the supplier and the goods or services to be purchased.

3.10

supply chain data formatting contract clause

requirement exchanged between trading entities to ensure the unambiguous identification and description of "who," "what," "where," and "when" when sharing data between supply chain stakeholders.

Note 1 to entry: ISO 25500-1 provides an example of a supply chain data formatting contract clause

3.11

trading entity

contracting entity

legal entity (individual, business, government agency, et cetera), involved in buying or selling in the supply chain, who has been granted legal existence and right to enter into a legally binding contract and be a party in court through its creation and maintenance of active legal status by a government agency

Note 1 to entry: ISO 8000-116 specifies how to identify a trading entity, or any legal entity, through an authoritative legal entity identifier, identifier issued by government authority originating it, formatted as an international business registration number (IBRN) and ISO 25500-3 describes how to construct an international business identifier (IBID) to definitively identify a trading entity, or any legal entity with the entity’s IBRN, legal name, and date of origin

Sourcing is the process of finding a supplier for materials or services. Typically, the focus is on short term goals of finding the best price for a given quality and lead time. Strategic sourcing is focused on the longer term goals of responsible, sustainable procurement. The strategic sourcing process includes initial research to identify potential suppliers of desired materials or services followed by qualification of the supplier as a potential trading partner and the evaluation of the quality and price of goods or services to be purchased followed by the creation of master data records for both the supplier and the goods or services to be purchased.

Throughout the strategic sourcing process, data is collected, validated, and approved resulting in the creation of the appropriate master data records need to support the contracting and procurement processes.

The strategic sourcing process follows distinct stages of discovery, evaluation, and approval where each stage has defined requirements for data. Clear understanding of data required to support each stage of the strategic sourcing process as well as the duties and responsibilities of the parties in respecting the confidentiality of the exchanged data is important to the integrity of the strategic sourcing process.

The purpose of the discovery phase of the strategic sourcing process is to identify the potential suppliers of goods or services that meet an organization’s requirements for the supply of specific goods or services to be provided at a specific location. While it is common for commercial buyers to proactively search for potential suppliers, it is common for government buyers to publicly advertise that they are looking for specific products or services. Many searches are automated and publishing product or service specifications in the ISO 8000-114 interoperable data format (.idf) facilitates this automation.

Establishing the legal identity of a supplier is achieved by identifying the jurisdiction of formation and validating status with the authority that issued legal status. The authoritative legal entity identifier (ALEI) in ISO 8000-116 format is a verifiable globally unique identifier that can be used to identify a supplier’s identity as a legal entity. The following are the three data elements required to establish and verify the identity of a supplier:

— ISO 8000-116 formatted authoritative legal entity identifier (ALEI);

— legal name

— date of formation.

Together, these form the international business identifier (IBID); verification of the identity of a supplier can be automated (see ISO/DIS 25500-3).

The assessment of the ability of a supplier to deliver a specific material or service at a specific location within a specific timeframe will vary with the nature of the material or service and the location where these are to be provided. A request for the data necessary to successfully complete an evaluation must be unambiguous and relevant. It is the obligation of the buying organization to provide an explanation of the data requirement along with the associated confidentiality and data retention policy statements. Verification of data required to evaluate a supplier can be verified through automated processes.

Materials or services are identified by internal references issued by the supplier, these are part numbers, batch numbers, serial number or service reference numbers that accompany the descriptions of the materials or services. ISO 8000-115 provides a simple way of transforming these local references into unique international references by adding a registered prefix that identifies the issuer of the local reference. The following are the two data elements required to establish and verify the identity of a material or service:

— ISO 8000-115 formatted reference

— item description

The assessment of the suitability of a material or service will vary with the nature of the material or service and the location where these are to be provided. A request for the data necessary to successfully complete an evaluation must be unambiguous and relevant. It is the obligation of the supplier to provide a commercial specification of the product or service offered in ISO 8000-114 interoperable data format (.idf) to facilitate evaluation. On receipt of the commercial specification, it is the responsibility of the buyer to request any specific data needed to complete the evaluation. This request should include an explanation of the data requirement along with the associated confidentiality and data retention policy statements.

Postal addresses identify the physical location for the delivery of mail; these are typically different from physical locations for the delivery of materials or services. ISO 8000-118 describes an algorithm for converting geopositioning coordinates into a natural location identifier (NLI), a globally unique representation of location that includes either elevation or floor within a building.

The requirements for the location may include delivery, loading, unloading needs (i.e., equipment, overhang, parking, height, length, road, gate or other barrier for physical entrance, access status such as opening or closing times) sufficient for the purposes of purchasing and receiving the materials or services.

In requesting data from a potential supplier, a buyer shall

— identify itself by providing its ISO 25500-3 formatted IBID

— provide a request for data in ISO 8000-114 format, ISO/DIS 25500-100 format, ISO/DIS 25500-110, or ISO/DIS 25000-120, with associated confidentiality, and data retention policy statements

— identify locations by providing ISO 8000-118 natural location identifiers (NLI)

— include ISO 25500-1 supply chain data formatting contract clause in any contracts with supplier

In responding to a supplier’s request for data, a supplier shall

— identify itself by providing its ISO 25500 IBID

— identify the product or services offered using references in ISO 8000-115 format

— provide commercial specifications in ISO 8000-114 format

— respond to a data requirement request using the ISO 8000-114 format, ISO/DIS 25500-100 format, ISO/DIS 25500-110 format, or ISO/DIS 25500-120 format

— identify locations by providing ISO 8000-118 natural location identifiers (NLI)

— include ISO 25500-1 supply chain data formatting contract clause in any contract with buyer

A buyer conforms with this document when 6.1 is met.

A supplier conforms with this document when 6.2 is met.

1. 
   (informative)
   
   Document identification

To provide for unambiguous identification of an information object in an open system, the following object identifier is assigned to this document. The meaning of this value is defined in ISO 10303-1.

{ iso standard 25500-240 version(1) }

Bibliography

[1] ControlHub. 2022, Strategic Sourcing vs Sourcing: What You Need To Know, https://www.controlhub.com/blog/purchasing-software-strategic-Strategic sourcing-vs-Strategic sourcing

[2] Shook, Christopher L., et al. "Towards a “theoretical toolbox” for strategic sourcing." Supply chain management: an international journal 14.1 (2009): 3-10.