Supplier Code of Conduct: Meaning, Components, and How to Build One

A supplier code of conduct is a formal document that sets out the labor, environmental, and ethical standards a company expects its suppliers to follow. It acts as a baseline contract for responsible behavior across the supply chain and is often tied to ongoing supplier audits or assessments to confirm compliance.

What is a supplier code of conduct?

Supplier code of conduct in simple terms: it’s a written set of rules that tells your suppliers how they must treat workers, manage environmental impact, and conduct business honestly if they want to keep working with you. It is not a one time form. It’s a living standard that suppliers are expected to follow for as long as the relationship lasts.

Most companies introduce one for three reasons. First, regulators increasingly expect proof that a business knows what’s happening in its supply chain. Second, customers and investors are paying closer attention to where products come from. Third, a single supplier scandal, whether it’s a labor violation or an environmental breach, can damage a brand far more than the cost of preventing it.

Core components of a supplier code of conduct

A strong code usually covers four areas:

  • Labor standards. Fair wages, working hours, no child or forced labor, freedom of association, and safe working conditions.
  • Environmental responsibility. Waste management, emissions, responsible sourcing of raw materials, and energy use.
  • Business ethics. Anti-bribery, anti-corruption, conflict of interest rules, and fair competition.
  • Health and safety. Protection from physical hazards, proper training, and emergency preparedness at supplier sites.

Some companies add a fifth pillar covering data protection and intellectual property, especially in tech and manufacturing supply chains.

How to create a supplier code of conduct

Building one from scratch doesn’t need to be complicated. Here’s a practical sequence:

  1. Map your supply chain risk. Identify which suppliers and regions carry the highest labor, environmental, or governance risk. A supplier in a low-oversight region needs more scrutiny than one in a tightly regulated market.
  2. Set non-negotiables first. Decide which standards are absolute requirements (such as no forced labor) versus areas where you’ll work with suppliers to improve over time.
  3. Use existing frameworks as a starting point. You don’t need to write every standard from scratch. International benchmarks like the ILO core labor standards, the UN Global Compact, and SA8000 are widely accepted starting points.
  4. Write it in plain language. Suppliers across different countries and education levels need to actually understand the code, not just sign it. Avoid legal jargon where possible.
  5. Define consequences clearly. State what happens if a supplier breaches the code: a corrective action plan, a probation period, or termination of the relationship for serious violations.
  6. Build in a verification process. A code without monitoring is just a document. This is where assessments, scorecards, and audits come in.

This is also where many companies get stuck. Drafting a code is the easy part. Verifying that hundreds or thousands of suppliers are actually following it, and keeping that data current, is the harder operational challenge. This is where ESGRated can help. It rates suppliers on their ESG compliance, giving companies a clearer, more current picture of who meets the standard instead of relying on outdated self-reported forms or one-off audits.

Tiering your suppliers by risk

Not every supplier needs the same level of scrutiny. Treating a small local stationery vendor the same way as a high-risk overseas manufacturer wastes resources and slows everyone down. A simple tiering approach works well:

  • Tier 1 (high risk): Direct suppliers in high-risk regions or industries. These get full assessments, site audits, and frequent reviews.
  • Tier 2 (moderate risk): Suppliers with some exposure but lower overall risk. These might get a self-assessment questionnaire and periodic check-ins.
  • Tier 3 (low risk): Low-spend, low-impact suppliers. A signed acknowledgment of the code may be sufficient.

Where regulation fits in

Supplier codes of conduct are no longer just a goodwill gesture. Regulations are starting to require companies to actually prove due diligence over their suppliers. The EU’s Corporate Sustainability Due Diligence Directive (CSDDD, also known as CS3D) requires large companies to identify and address human rights and environmental risks across their supply chains, with national transposition required by 2028 and application from 2029 following the Omnibus simplification changes. Germany’s Supply Chain Due Diligence Act (LkSG) and similar national laws set comparable expectations. We cover these regulations in more depth elsewhere, but the short version is this: a supplier code of conduct is often the first practical step toward meeting these legal due diligence obligations, since it documents the standards you’re holding suppliers to.

How to monitor compliance

A code of conduct only works if you can verify it’s being followed. Common monitoring methods include:

  • Self-assessment questionnaires sent to suppliers periodically.
  • Third-party audits conducted on-site, especially for high-risk suppliers.
  • Sustainability ratings and scorecards that benchmark suppliers against your code and industry peers.
  • Worker voice tools that let employees at supplier sites report issues directly.
  • Contractual enforcement, such as clauses tying continued business to compliance.

Manually tracking this across dozens or hundreds of suppliers gets unmanageable fast, which is why more procurement and sustainability teams are turning to ESG ratings. ESGRated rates suppliers on their ESG compliance, giving teams a clear, current view of where each supplier stands instead of relying on stale self-reported answers or audits that only capture a single point in time.

Benefits of a supplier code of conduct

  • It sets clear, written expectations so suppliers know exactly what’s required, reducing disputes later.
  • It protects your brand if a supplier incident makes headlines, since you can show you had standards and oversight in place.
  • It strengthens your position with regulators, investors, and customers who increasingly ask for supply chain due diligence evidence.
  • It helps you catch problems early, before they become costly recalls, lawsuits, or reputational damage.

Examples of Supplier Code of Conduct:

Apple – Code of Conduct 2021

Nike – Supplier Code of Conduct

Microsoft – Supplier Code of Conduct

Walmart – Standards for Suppliers (PDF)

FAQ

What is a supplier code of conduct?

It’s a formal document outlining the labor, environmental, and ethical standards a company requires its suppliers to meet in order to do business together.

Is a supplier code of conduct legally binding?

On its own, it’s usually a policy expectation. It becomes legally binding when referenced in supplier contracts, which is common practice.

How is a supplier code of conduct different from a vendor code of conduct?

The terms are often used interchangeably. Some companies use “vendor” for service providers and “supplier” for those providing goods or raw materials, but the content and purpose are nearly identical.

How often should a supplier code of conduct be reviewed?

Most companies review and update theirs every one to two years, or sooner if new regulations or major supply chain risks emerge.

Do small businesses need a supplier code of conduct?

Yes, especially if they sell to larger companies that require their own suppliers to meet due diligence standards. Even a simple, one-page code is better than none.

ESGRated helps businesses understand, improve, and prove their ESG performance. Whether you are starting your compliance journey or preparing for a formal rating, our team guides you through every step.

Ready to get rated? Visit esgrated.com