Besides those classified as high risk or critical, for the identification of these suppliers you must consider:
the ISMS scope, i.e., the suppliers that can affect the information you want to protect
the legal requirements (e.g., laws, regulations and contract) you must comply to (for example, a contractual clause with a customer may require a specific supplier or suppliers to be included in the program)
If a supplier does not fall in one of the above-mentioned situations, then you do not need to include it in your supplier management program related to information security.
This article will provide you a further explanation about supplier management: