How to Develop Sustainable Supply Chain Policies

Why Supply Chain Sustainability Policies Matter

Your supply chain is your sustainability footprint. For most companies, purchased goods and services (Scope 3 Category 1) represent the largest share of total GHG emissions. Labor practices, deforestation, water pollution, and human rights violations in supply chains create regulatory, legal, and reputational risks that directly affect your organization.

Regulatory pressure is intensifying. The EU Corporate Sustainability Due Diligence Directive (CSDDD) requires companies to identify and address adverse human rights and environmental impacts in their value chains. Germany's Supply Chain Due Diligence Act (LkSG) is already in force. The CSRD requires value chain disclosures under multiple ESRS standards. California's Transparency in Supply Chains Act and similar laws mandate disclosure of anti-slavery and anti-trafficking efforts.

Step 1: Assess Your Supply Chain Risk Profile

Before writing policies, understand where risks concentrate:

• Map your supply chain tiers. Tier 1 (direct suppliers) is the starting point, but many critical risks sit in Tier 2+ (suppliers' suppliers). Identify how deep your visibility extends.
• Categorize by risk type:
  • Environmental: GHG emissions, deforestation, water pollution, hazardous waste, biodiversity impact
  • Social: Forced labor, child labor, unsafe working conditions, living wages, freedom of association
  • Governance: Bribery and corruption, conflict minerals, data privacy
• Prioritize by geography and commodity. High-risk geographies (based on Transparency International CPI, Global Slavery Index, deforestation fronts) and high-risk commodities (palm oil, cocoa, cobalt, cotton, timber, seafood) deserve focused attention.
• Use risk assessment tools: EcoVadis, Sedex, amfori BSCI, Responsible Sourcing Tool, Global Forest Watch, Know The Chain.

Step 2: Define Your Supplier Code of Conduct

Create a clear, enforceable supplier code of conduct covering:

Environmental Requirements

• GHG emissions measurement and reduction (aligned with GHG Protocol)
• Energy management and renewable energy targets
• Water stewardship (consumption tracking, pollution prevention)
• Waste management (reduction, recycling, hazardous waste handling)
• No deforestation / no land conversion commitments (for agricultural and forestry commodities)
• Chemical management (restricted substances lists, REACH compliance)

Social Requirements

• Prohibition of forced labor, child labor, and human trafficking (aligned with ILO core conventions)
• Fair wages (at minimum, legal minimum wage; aspirationally, living wage benchmarks)
• Working hours limits (ILO standards: max 48 regular hours + 12 overtime per week)
• Freedom of association and collective bargaining rights
• Workplace health and safety (aligned with ILO-OSH 2001 or ISO 45001)
• Non-discrimination and anti-harassment policies
• Grievance mechanisms accessible to workers

Governance Requirements

• Anti-bribery and anti-corruption compliance (UK Bribery Act, FCPA, local laws)
• Conflict minerals due diligence (per OECD Due Diligence Guidance)
• Data protection and privacy
• Transparency and accurate record-keeping
• Right to audit and assess compliance

Make the code a contractual requirement. Include it in supplier agreements and purchase orders.

Step 3: Establish Due Diligence Processes

Follow the OECD Due Diligence Guidance for Responsible Business Conduct and the UN Guiding Principles on Business and Human Rights (UNGPs):

1. Embed responsible business conduct into your procurement policies and management systems
2. Identify and assess adverse impacts in your supply chain (through risk assessments, audits, and supplier self-assessments)
3. Cease, prevent, or mitigate adverse impacts (through corrective action plans, capacity building, or — as a last resort — disengagement)
4. Track implementation and effectiveness of your responses
5. Communicate how impacts are addressed (through reporting and stakeholder engagement)
6. Provide for remediation when your organization has caused or contributed to adverse impacts

This is not a one-time exercise. Due diligence is ongoing and must be proportionate to risk.

Step 4: Build a Supplier Assessment Program

Implement a tiered assessment approach:

Risk-Based Screening (all suppliers)

• Self-assessment questionnaires covering environmental, social, and governance practices
• Automated screening against sanctions lists, deforestation alerts, and adverse media
• Geographic and commodity risk scoring

Desktop Assessments (medium-risk suppliers)

• Detailed questionnaire with evidence requirements (certifications, policies, audit reports)
• Third-party ESG ratings (EcoVadis, Sedex)
• Document review (environmental permits, safety records, labor policies)

On-Site Audits (high-risk suppliers)

• Announced and unannounced facility audits
• Worker interviews conducted confidentially
• Environmental compliance inspections
• Health and safety walk-throughs
• Use recognized audit protocols (SMETA, SA8000, amfori BSCI)

Corrective Action and Escalation

• Define clear timelines for remediation of findings
• Distinguish between critical findings (immediate action required — e.g., child labor, safety hazards) and improvement opportunities
• Establish escalation procedures for non-responsive suppliers
• Reserve the right to terminate relationships for persistent or severe non-compliance

Step 5: Set Measurable Targets

Define targets that drive progress:

• 100% of Tier 1 suppliers acknowledge and sign the supplier code of conduct by [date]
• 80% of suppliers by spend complete ESG self-assessment by [date]
• Top 50 suppliers by emissions set science-based targets within 5 years
• 100% of high-risk commodity sourcing certified sustainable by [date] (e.g., RSPO, FSC, MSC)
• Zero tolerance for forced labor, child labor, and safety-critical violations
• Achieve [X]% reduction in supply chain GHG emissions (Scope 3 Category 1) by [date]

Step 6: Integrate into Procurement Decisions

Sustainability criteria must influence actual purchasing decisions — not sit alongside them as optional:

• Include ESG performance as a weighted criterion in supplier selection (e.g., 10-20% of total score alongside price, quality, delivery)
• Give preference to suppliers with verified sustainability certifications, science-based targets, or strong ESG ratings
• Include sustainability KPIs in supplier performance reviews and scorecards
• Require sustainability data as a condition for RFP participation for high-value contracts
• Build total cost of ownership models that account for environmental and social externalities

Step 7: Build Supplier Capacity

Many suppliers — especially SMEs in developing countries — lack resources to meet sustainability requirements independently:

• Provide training on GHG measurement, energy efficiency, and safety management
• Share tools and templates for environmental data collection
• Partner with industry initiatives that provide capacity-building programs (e.g., Sustainable Apparel Coalition, Responsible Business Alliance)
• Offer technical assistance for improvement plan implementation
• Recognize and reward high-performing suppliers publicly

Capacity building is more effective than punitive approaches for driving lasting change, especially in lower tiers.

Step 8: Report and Disclose

Communicate your supply chain sustainability performance:

• CSRD/ESRS disclosures: S2 (Workers in the value chain), E1-E5 (value chain environmental impacts), G1 (business conduct including value chain)
• CSDDD compliance reports
• Modern Slavery Act statements (UK) and California Transparency in Supply Chains Act disclosures
• CDP Supply Chain module
• Annual sustainability report with supply chain performance data

Frequently Asked Questions

How deep into the supply chain should our policies reach?

Start with Tier 1 (direct suppliers) and extend to Tier 2+ based on risk. High-risk commodities (palm oil, cobalt, cotton) warrant deep supply chain mapping regardless of your direct relationship. CSDDD and UNGPs expect due diligence proportionate to your leverage and the severity of potential impacts — for high-severity risks, you must go beyond Tier 1.

What do we do when a supplier fails an audit?

Don't immediately terminate — that can worsen conditions for workers. Start with a corrective action plan with clear timelines and support. Monitor progress through follow-up assessments. Terminate only if the supplier refuses to engage, fails to make progress, or has critical violations (forced labor, imminent safety hazards) that endanger people. Document your decision-making process for due diligence compliance.

How do we handle conflicting priorities between cost and sustainability?

Build total cost of ownership models that include externality costs (carbon pricing impact, regulatory compliance costs, supply disruption risk premiums). Often, sustainable suppliers prove more cost-effective over time through lower volatility, fewer disruptions, and reduced regulatory risk. Where genuine tradeoffs exist, define minimum sustainability thresholds that cannot be compromised for cost, and optimize within those boundaries.

Should we require all suppliers to have science-based targets?

Requiring SBTs of all suppliers immediately is impractical — most SME suppliers lack the capacity. A phased approach works: require your top 20-50 suppliers by emissions to set SBTs within 5 years (this is the SBTi supplier engagement approach). For smaller suppliers, start with emissions measurement and reduction plans. Provide training and resources to build capability progressively.