The revised ISO 9001:2015 quality management standard requires that organizations take a risk-based approach to operations within the scope of this accreditation. One important aspect of risk evaluation is the organization’s supplier management process, as suppliers provide critical inputs impacting final product or service output integral to ISO Clause 8.4, “Control of Externally Provided Products and Services.” The management of risk in supply chains has recently increased in importance, owing to several industry trends. To achieve accreditation and better manage their risks, organizations can benefit from a tool to categorize suppliers in terms of risk. Although the Supplier Positioning Matrix (also known as a Kraljic Matrix) relates the cost of purchasing to the total risk, it does not account for historical knowledge that organizations may have of their suppliers through previous relationships. This case study describes how the Kraljic Matrix was adapted by the author and used by a defense contractor to classify suppliers in terms of risk and historical knowledge, thereby facilitating ISO 9001:2015 compliance and more robust supplier management practices.