1In one sentence#
The Vendor module is LumosCRM's supplier network and performance system — a vetted directory of the restaurants, hotels, charter companies, florists, security firms, and specialists your agency relies on, each with its compliance status, contracts, rate cards, availability, and an objective performance rating earned from real engagements — plus a sourcing workflow to shortlist vendors and brief them in seconds.
If Clients are who you serve and Requests/Events are what you do for them, Vendors are who you call to make it happen — and this module makes sure you're calling the right, compliant, top-performing ones.
2Who it's for#
| Role | What they get |
|---|---|
| Vendor / supplier managers | A complete profile per supplier — contacts, offerings, rate cards, contracts, certifications, availability. |
| Concierge & request handlers | A searchable, filterable directory to find the right vendor by type, coverage, tier, and rating. |
| Sourcing teams | A shortlist-and-brief workflow to put a request out to several vendors at once. |
| Compliance | KYC/AML status, sanctions screening, VAT/registration details, and certification tracking — with automatic safeguards. |
| Leadership | An at-a-glance view of network health: tiers, ratings, engagement volume. |
3The core idea: a vendor is a managed relationship, not a contact card#
Each vendor is a full relationship record with everything needed to engage them confidently and compliantly:
┌────────────────────────────────┐
│ VENDOR │
│ legal / trading name · type │
│ tier · status · coverage │
│ ★ rating (earned) · engagements │
└────────────────┬───────────────┘
│
┌──────────┬──────────┬──────────┬─────┴─────┬──────────┬──────────┬──────────┐
│ │ │ │ │ │ │ │
Contacts Offerings Rate cards Contracts Certs & Availability Performance Affinities
(people, (services (pricing) (terms, compliance (when free) scores (likes/
roles, they renewals) (insurance, (objective avoids vs
channels) provide) licences) ratings → clients)
headline ★)
Documents · Engagements (linked Requests) · Audit trail
The headline you see on a vendor — its star rating and how many times you've engaged it — isn't typed in by hand. It's derived automatically from real performance scores and real request links, so it can't be inflated.
4Capabilities at a glance#
| Capability | What it means for the user |
|---|---|
| Vendor directory | A searchable, filterable list of all suppliers with tier, type, coverage, and rating. |
| Rich vendor profiles | Legal & trading names, type, tier, status, coverage countries, and commercial terms. |
| Earned performance rating | A star rating computed from rolling performance scores across several dimensions — objective, not manual. |
| Engagement tracking | A live count of how many requests a vendor has been engaged on, derived automatically. |
| Contacts | Multiple named contacts per vendor, with roles, channels, and emergency designation. |
| Offerings & rate cards | What each vendor provides and at what price. |
| Contracts & certifications | Track agreements, renewals, insurance, and licences with expiry awareness. |
| Availability | Record when a vendor is free or blocked. |
| KYC / AML & sanctions | Verification status, screening dates, and an automatic suspend on sanction. |
| Affinities | Note which clients love or avoid a vendor (resolved, never deleted). |
| Shortlist & brief | Build a shortlist for an open request and send a rich-text brief to several vendors at once. |
| Documents | Attach files and promote them into the Document Vault. |
| Audit trail | A permanent record of every change. |
5Classifying a vendor#
| Dimension | Values |
|---|---|
| Type | restaurant · hotel · aviation · yacht · florist · security · medical · wellness · transportation · events · lifestyle · gifting · real estate · travel |
| Tier | standard · preferred · elite · exclusive |
| Status | prospecting · active · inactive · suspended · blacklisted |
| KYC status | pending · verified · flagged · expired |
| Payment terms | immediate · prepaid · net-14 · net-30 · net-60 |
A vendor also carries its primary country and a list of coverage countries (so you can find "security vendors covering Italy"), VAT and registration numbers (VAT encrypted), default currency, commission rate, minimum notice hours, an account manager, and encrypted internal notes.
Built-in safeguard: if a vendor is flagged as sanctioned, the system automatically moves it to suspended — you can't accidentally engage a sanctioned supplier.
Note for marketing: types, tiers, statuses, and payment terms are configurable option-sets; the sanction-suspend rule is a fixed safeguard.
6The earned rating & engagement count — trust by design#
Two of the most important numbers on a vendor are derived, not entered:
- Performance rating (★). Whenever a vendor finishes work, staff log a performance score across five dimensions — overall, quality, reliability, communication, and value — tagged with its source (request completion, client feedback, contract review, or incident report). The vendor's headline rating and review count are then recomputed as a rolling 12-month average of those scores. The result: a rating that reflects recent, real performance and is impossible to fudge by hand.
- Total engagements. The number of times a vendor has been engaged is derived automatically from the requests it's linked to — so it's always accurate.
Performance scores are append-only (a permanent record), and they survive even if a vendor is later removed.
7Screen-by-screen walkthrough#
7.1The vendor directory (index)#
A paginated, filterable list with KPI tiles. Search by name or code; filter by tier, type, coverage country, KYC status, status, and account manager; sort any column. Each row shows the vendor's name and code, type, tier and status badges, coverage, its star rating, and engagement count. A New Vendor button and the Shortlist entry point sit in the header.
7.2Creating & editing a vendor#
A guided, multi-section form with a section sidebar, a completion ring, a live preview, and logo/avatar upload — the standard LumosCRM pattern with real-time validation. Sections cover identity (legal & trading names, type, tier, status), coverage (countries and a coverage label), commercial terms (currency, payment terms, commission, minimum notice), compliance (KYC, VAT, registration, AML), the account manager, and internal notes.
Editing mirrors creation with change-tracking. Note: the derived rating and engagement count are read-only — they can't be edited, only earned.
7.3The vendor profile (show page)#
A header showing the vendor's name, type, tier and status, and a rating ribbon, with actions to edit, delete, and send a brief. Below it, a tabbed profile (each tab permission-gated):
| Tab | What's on it |
|---|---|
| Overview | The key facts — about, performance summary, compliance, account manager — editable inline. |
| Contacts | Named contacts with role, department, channel, and emergency flag. |
| Services | The offerings the vendor provides. |
| Rate cards | Pricing. |
| Contracts | Agreements with status and renewals. |
| Certifications | Insurance, licences, and credentials with expiry awareness. |
| Affinities | Which clients favour or avoid this vendor. |
| Performance | The history of performance scores feeding the rating. |
| Availability | When the vendor is free or blocked. |
| Documents | Files, promotable to the Document Vault. |
| Requests | The engagements (linked requests) this vendor has worked on. |
| Audit | The permanent change history. |
All tabs support inline add/edit via drawers, with data loaded on demand.
8Feature deep-dives#
8.1Contacts#
Each vendor can hold multiple contacts — a named person with a role and department, one or more contact channels (email, phone, mobile, WhatsApp, other), and flags for primary and emergency contact. (Names are free text, so you can capture "Reservations desk" as easily as a person.)
8.2Offerings, rate cards & availability#
Record what the vendor provides (offerings/services), the prices they charge (rate cards), and when they're available — the practical detail a handler needs to engage them quickly and correctly.
8.3Contracts & certifications#
Track formal contracts (with status, active/expired awareness, and renewals) and certifications (insurance, licences, accreditations) with expiry tracking — so compliance and commercial cover are never out of date unnoticed.
8.4Compliance — KYC, AML & sanctions#
Each vendor carries a KYC status (pending → verified → flagged → expired), AML screening dates, VAT and registration numbers (VAT encrypted), and a sanctions flag that — as noted — auto-suspends the vendor when set. This puts supplier due diligence on the same compliance footing as client KYC.
8.5Affinities — which clients love or avoid a vendor#
Capture the relationship between a vendor and your clients — favourites and avoids — which can inform (and protect) request routing. Affinities are resolved, not deleted, keeping the history intact.
8.6Shortlist & send-brief — sourcing in seconds#
A dedicated Shortlist workflow lets a sourcing team pick several vendors for an open request and send them all a brief at once. The brief is composed in a rich-text editor and delivered as a tailored email to each vendor — turning "I need three quotes for a Tuscany villa" into a few clicks instead of a morning of separate emails.
8.7Documents & audit#
Attach files to a vendor and promote them into the central Document Vault with full governance. Every change to a vendor is recorded in a permanent audit trail that survives even soft-deletion.
9Security & access control#
- Granular permissions per section:
vendors.record.*for the vendor itself, plus dedicated sets forvendors.contacts.*,vendors.services.*,vendors.rate_cards.*,vendors.contracts.*,vendors.certifications.*,vendors.availability.*,vendors.attachments.*, andvendors.affinities.*. Performance scoring and KYC verification require vendor write access. - Per-user record scoping (self-scoping): self-scoped staff see only the vendors they account-manage; broader roles see the whole network.
- Encryption & safeguards: encrypted VAT numbers and internal notes; automatic suspend on sanction.
10Search & integration#
- Global search (⌘K) and entity pickers surface vendors across the CRM.
- Cross-module ties: vendors are engaged on Requests (which feed the engagement count) and assigned to Event segments (whose ratings feed the performance score), and their files flow into the Document Vault. The shortlist-and-brief workflow ties directly to open requests.
11Use cases & scenarios#
Use case A — Onboarding a new supplier#
A vendor manager adds a new charter company: legal and trading names, type Yacht, coverage Italy, France, Monaco, payment terms Net-30, and uploads insurance certificates. KYC starts at pending; once documents are verified it becomes verified and the vendor is set active.
Use case B — Finding the right vendor fast#
A handler needs a Michelin-level private chef covering the French Riviera. They filter the directory by type, coverage country, and tier elite, sort by rating, and pick the top performer — confident the rating reflects recent, real work.
Use case C — Sourcing competitively#
For a villa request with no vendor yet, the team opens the Shortlist, selects four villa agents, writes one rich-text brief, and sends it to all four at once. Replies come back against the originating request.
Use case D — Performance that's earned#
After a flawless event, staff log a performance score (quality 5, reliability 5). The vendor's headline rating ticks up automatically; a later incident report pulls it back down. The number always tells the truth.
Use case E — Staying compliant#
A vendor appears on a sanctions list. A compliance officer flips the sanctioned flag; the system immediately moves the vendor to suspended, and it drops out of the "eligible" pool used for new engagements.
12Permissions reference (simplified)#
| Area | View | Create | Update | Delete |
|---|---|---|---|---|
| Vendor record | vendors.record.view | vendors.record.create | vendors.record.update | vendors.record.delete |
| Contacts | (record view) | vendors.contacts.create | vendors.contacts.update | vendors.contacts.delete |
| Services / offerings | (record view) | vendors.services.create | vendors.services.update | vendors.services.delete |
| Rate cards | (record view) | vendors.rate_cards.create | vendors.rate_cards.update | vendors.rate_cards.delete |
| Contracts | (record view) | vendors.contracts.create | vendors.contracts.update | vendors.contracts.delete |
| Certifications | (record view) | vendors.certifications.create | vendors.certifications.update | vendors.certifications.delete |
| Availability | (record view) | vendors.availability.create | vendors.availability.update | vendors.availability.delete |
| Documents / attachments | (record view) | vendors.attachments.create | vendors.attachments.update | vendors.attachments.delete |
| Affinities | (record view) | vendors.affinities.create | vendors.affinities.update (+ resolve) | (resolve, not delete) |
Performance scoring and KYC verification require vendors.record.update. The directory, shortlist, and send-brief require vendors.record.view. Roles are assembled from these in the RBAC module.
13Glossary#
| Term | Meaning |
|---|---|
| Vendor | A supplier or partner the agency engages (restaurant, hotel, charter, etc.). |
| Tier | The vendor's standing: standard, preferred, elite, exclusive. |
| Coverage countries | The regions a vendor serves — searchable. |
| Performance score | A multi-dimension rating logged after work; rolls up into the headline star rating. |
| Engagement | A request the vendor has been linked to; the count is derived automatically. |
| Shortlist / brief | Selecting several vendors for a request and emailing them one rich-text brief. |
| KYC / AML | Supplier due-diligence and anti-money-laundering checks. |
| Sanctioned | A flag that automatically suspends the vendor. |
| Self-scoping | The rule limiting a user to the vendors they account-manage. |
This document describes the Vendor module as currently built. Types, tiers, statuses, and payment terms are configurable option-sets in Settings. The derived rating and engagement count are read-only by design.