Free Word download β’ Edit online β’ Save & share with Drive β’ Export to PDF
A Supplier Code of Conduct is a formal policy document that sets out the minimum ethical, labor, environmental, health and safety, and compliance standards a company requires all of its suppliers, vendors, and sub-contractors to meet as a condition of doing business. Unlike a supplier contract β which governs the commercial terms of a specific transaction β a code of conduct defines how a supplier must operate its business across every aspect of the relationship. It covers issues ranging from the prohibition of forced and child labor to anti-bribery controls, data security obligations, and the company's right to audit compliance at any time.
Without a written supplier code of conduct, your business has no documented standard against which to measure, audit, or terminate a supplier for ethical or compliance failures. Regulatory exposure is growing: the UK Modern Slavery Act, the California Transparency in Supply Chains Act, and the EU Corporate Sustainability Due Diligence Directive all create legal obligations tied directly to what standards you have communicated to your supply chain. Enterprise and government buyers increasingly require a written code as a condition of onboarding; without one, bids are disqualified before they are read. Beyond regulation, reputational damage from a supplier-side labor or corruption scandal falls on the buying company β documented standards and audit rights are the primary mechanism for limiting that exposure. This template gives you a complete, enforceable starting point in hours rather than weeks.
| If your situation is⦠| Use this template |
|---|---|
| Setting minimum standards for all direct suppliers | Supplier Code of Conduct |
| Governing the behavior of independent service contractors | Contractor Code of Conduct |
| Internal employee ethics standards | Code of Business Conduct and Ethics |
| Detailed environmental obligations for high-impact suppliers | Environmental Policy Statement |
| Managing the full supplier onboarding workflow | Supplier Onboarding Checklist |
| Formal contractual terms with a key supplier | Supplier Agreement |
| Tracking ongoing supplier compliance and performance scores | Vendor Evaluation Form |
Why it matters: The majority of modern slavery, forced labor, and environmental violations occur at Tier 2 and Tier 3 levels. A code that stops at Tier 1 provides no visibility into the highest-risk parts of the supply chain.
Fix: Include an explicit flow-down clause requiring Tier 1 suppliers to impose equivalent standards on their own sub-contractors, and require notification when material sub-contracting arrangements change.
Why it matters: Local law in some jurisdictions permits working hours, wage rates, and freedom-of-association restrictions that violate ILO core labor conventions and expose the buying company to reputational and regulatory risk.
Fix: Set a floor by referencing ILO conventions 87, 98, 138, and 182 explicitly, and state that the higher of local law or ILO standards applies.
Why it matters: A 60-day corrective action window for a child labor finding or an imminent safety hazard is indefensible to regulators, customers, and the media.
Fix: Define at least two severity categories with separate timelines: critical violations requiring immediate containment within 48β72 hours, and standard non-conformances requiring a remediation plan within 30β60 days.
Why it matters: A code distributed by email without a signed acknowledgment is difficult to enforce and creates uncertainty about whether the supplier ever received or agreed to the standards.
Fix: Attach a one-page acknowledgment form to every supplier onboarding package and require re-signing on each annual renewal or material code revision.
In the Purpose and Scope section, insert your company's legal name and specify exactly which supply chain tiers are covered β at minimum Tier 1 suppliers and their direct sub-contractors. List any categories explicitly excluded.
π‘ If you source from high-risk countries or commodity categories, call them out explicitly so the scope is unambiguous to auditors and investors.
Replace generic references to 'applicable local law' with specific international standards β ILO core conventions for labor, ISO 14001 or equivalent for environmental management β so the floor is consistent regardless of where the supplier operates.
π‘ Cross-reference your existing supplier contracts to confirm these standards are consistent with the obligations you've already contracted for.
Fill in the notice period for scheduled audits (typically 30 days) and confirm that zero-notice audits are permitted for serious suspected violations. Name the third-party audit bodies you recognize.
π‘ If your industry uses a shared audit framework β such as SMETA or Higg Index β reference it by name to reduce duplicate audit requests on your suppliers.
Define at least two severity tiers: critical violations (forced labor, child labor, imminent safety hazard) requiring a response within 48β72 hours, and standard non-conformances requiring a corrective action plan within 60 days.
π‘ Align these timelines with any customer contracts you are subject to β if your buyer expects a 30-day CAP, your supplier code should require no more than 21 days to give you a buffer.
Insert the ethics hotline number or URL, the name of the internal contact responsible for receiving reports, and the language(s) in which reports can be submitted.
π‘ If you don't have a dedicated ethics hotline, a monitored email inbox with a documented response procedure is a credible alternative for small and mid-size businesses.
Add your company logo to the header, update the document version number, and enter the effective date in the footer. Version control matters β suppliers need to know which edition governs their relationship.
π‘ Store the signed acknowledgment alongside the supplier contract so the code is enforceable as part of the overall commercial relationship.
Append a one-page acknowledgment that the supplier representative signs and returns, confirming they have read, understood, and committed to the code.
π‘ Require re-acknowledgment annually and whenever you issue a materially revised version of the code.
A supplier code of conduct is a policy document a company issues to its vendors, suppliers, and sub-contractors that defines the minimum ethical, labor, environmental, and compliance standards they must meet to do business with that company. It typically covers human rights, anti-corruption, health and safety, environmental management, data privacy, and audit rights. It is distinct from a supplier contract in that it sets behavioral standards rather than commercial terms.
On its own, a supplier code of conduct is generally not a binding legal document unless it is incorporated by reference into the supplier's contract or purchase order. To make it enforceable, include language in your supplier agreement stating that the code forms part of the commercial relationship, and require the supplier to sign an acknowledgment. Once incorporated, breach of the code can constitute a breach of contract.
A senior representative of the supplier organization with authority to commit the business β typically a director, VP of operations, or owner β should sign the acknowledgment form. For large multi-site suppliers, consider requiring site-level acknowledgments as well. The signed acknowledgment should be retained alongside the supplier contract for the duration of the relationship plus at least five years.
Review the code at least annually and update it whenever there is a material change in applicable law (such as new modern slavery reporting requirements), a significant shift in your company's ESG commitments, or a pattern of audit findings that reveals a gap in the current standards. Require suppliers to re-acknowledge any materially revised version within 30 days of issuance.
A vendor agreement sets out the commercial terms of a specific transaction β price, delivery, payment, warranties, and liability. A supplier code of conduct sets out the behavioral and ethical standards that govern how the supplier operates its business. The two documents work together: the code defines the standards, and the agreement makes compliance with the code a contractual condition. Having one without the other creates either unenforceable standards or a commercial agreement with no ethical floor.
At minimum, reference the ILO's eight core labor conventions: freedom of association (87 and 98), elimination of forced labor (29 and 105), abolition of child labor (138 and 182), and elimination of discrimination (100 and 111). These provide a consistent international floor regardless of where the supplier operates. Supplement with local legal requirements where they are stricter. For high-risk supply chains, also reference the UN Guiding Principles on Business and Human Rights.
Enforcement works on three levels. First, audit rights β scheduled third-party audits and the right to conduct unannounced inspections for serious suspected violations. Second, corrective action β a tiered process with defined timelines and escalation steps for non-conformances. Third, commercial consequences β suspension from the approved vendor list, withholding of payment, or termination for material or repeated violations. All three must be documented in the code to be credible.
Small businesses that supply to large corporate or government buyers increasingly need one β procurement teams at enterprise companies routinely require a written code as a condition of onboarding. Even for businesses that sell primarily to other small businesses, a supplier code reduces the risk of reputational damage from a supplier-side scandal and provides a defensible compliance record if regulatory scrutiny increases. A template makes the investment minimal.
A flow-down clause requires your direct (Tier 1) suppliers to impose the same code of conduct standards on their own sub-contractors and material vendors (Tier 2 and beyond). Without it, a supplier can outsource the most problematic work to an unmonitored sub-contractor and remain technically compliant at the surface level. Flow-down clauses are a core requirement of modern slavery legislation in the UK and Australia and are increasingly expected by ESG-focused investors.
A code of business conduct and ethics governs the behavior of a company's own employees and directors β covering conflicts of interest, gifts, insider trading, and workplace conduct. A supplier code of conduct extends similar ethical standards outward to third-party vendors. Both documents are needed for a complete compliance program; they should cross-reference each other but not be merged into a single document.
A supplier agreement sets out the commercial terms of a specific transaction β price, delivery, payment, warranties, and liability. A supplier code of conduct sets behavioral and ethical standards that apply across the entire relationship regardless of which specific purchase orders are active. The two work together: incorporate the code by reference into the agreement to make compliance a contractual condition.
An NDA protects confidential information exchanged between a company and a supplier. A supplier code of conduct addresses how the supplier conducts its broader business operations. Both are typically signed during onboarding, but they address completely different risk categories and should never be combined.
A vendor evaluation form is a periodic scoring tool used to measure a supplier's performance against defined criteria β quality, delivery, price, and compliance. A supplier code of conduct is the foundational standard those scores are measured against. Issue the code at onboarding; use the evaluation form quarterly or annually to track ongoing compliance.
Multi-tier supply chains with high forced-labor and conflict-minerals risk require flow-down clauses, factory audit programs, and conflict-minerals disclosure aligned to Dodd-Frank Section 1502.
Fast-moving product sourcing from multiple low-cost countries demands a code that explicitly references ILO child-labor conventions and requires quarterly self-assessments from key suppliers.
Hardware and component procurement from high-risk regions, combined with software vendor data-handling obligations, means the code must address both conflict minerals and ISO 27001-equivalent data security standards.
Agricultural supply chains carry significant seasonal and migrant labor risks; the code should address recruitment fee prohibitions, living wage commitments, and GLOBALG.A.P. or equivalent certification requirements.
| Path | Best for | Cost | Time |
|---|---|---|---|
| Use the template | Small and mid-size businesses formalizing supplier standards for the first time or responding to a buyer's onboarding requirement | Free | 2β4 hours to customize and issue |
| Template + professional review | Companies with supply chains in high-risk countries, those subject to UK Modern Slavery Act or California Transparency in Supply Chains Act reporting, or businesses preparing for ISO 20400 alignment | $500β$2,000 for a legal or ESG consultant review | 3β5 business days |
| Custom drafted | Publicly listed companies, regulated industries, or businesses with complex multi-tier global supply chains requiring bespoke audit frameworks and regulatory cross-referencing | $3,000β$10,000+ | 3β6 weeks |
This document is one of 3,000+ business & legal templates included in Business in a Box.
Access over 3,000+ business and legal templates for any business task, project or initiative.
Customize your ready-made business document template and save it in the cloud.
Share your files and folders with your team. Create a space of seamless collaboration.
"Fantastic value! I'm not sure how I'd do without it. It's worth its weight in gold and paid back for itself many times."
"I have been using Business in a Box for years. It has been the most useful source of templates I have encountered. I recommend it to anyone."
"It has been a life saver so many times I have lost count. Business in a Box has saved me so much time and as you know, time is money."
Stop downloading documents. Start operating with clarity. Business in a Box gives you the Business Operating System used by over 250,000 companies worldwide to structure, run, and grow their business.
Start freeΒ Β·Β No credit card required
