Check out some of the publicly available Supplier Codes of Conduct. The most comprehensive ones seem to cover these five areas:
- Business Ethics (anti-bribery/anti-corruption, disclosure of info, fair business, responsible sourcing of minerals, trade compliance)
- Labor (diversity, freely chosen employment, human treatment, non-discrimination, freedom of association)
- Health and Safety (occupational safety, emergency preparedness, other worker safety issues)
- Environment (Pollution prevention, hazardous substances, air emissions, energy consumption and greenhouse gas emissions)
- General (Company commitment to code, risk assessment, improvement objectives, communication/training, corrective action)
- References (regulations, other codes and organizations)
Best Buy - https://partners.bestbuy.com/-/supplier-code-of-conduct
Dish Network - https://www.dish.com/supplier-resources/
Morgan Stanley - https://www.morganstanley.com/about-us-governance/pdf/supplier-code-of-conduct.pdf
Palo Alto - https://drive.google.com/drive/u/0/folders/11crvTUEuSvcL1Qwm6m_6Fdrhv_Umv3lg
Verizon - https://drive.google.com/drive/u/0/folders/11crvTUEuSvcL1Qwm6m_6Fdrhv_Umv3lg
Some companies go for a brief, more 'corporate' looking doc:
Deloitte -https://www2.deloitte.com/global/en/pages/about-deloitte/articles/supplier-code-of-conduct.html
USAA Code of Business Ethics and Conduct: https://content.usaa.com/mcontent/static_assets/Media/USAA_code_of_conduct.pdf
As with the examples above, companies frequently post their Supplier Code of Conduct publicly on the Internet either in a Legal section (along with Terms & Conditions) or in a Supplier Portal where they post related documents (see Deloitte and USAA). You'll also want to reference the code in your contracts, or at least develop criteria for which vendors you want to sign off.
I am currently working with my Legal and Procurement teams to iron out our content and get it posted. Happy to discuss more offline. KW
Kate Wakefield CISSP, CIPT, CRISC
Sr. Manager Security Compliance