Ethical Supply Chain & Labor
Pillars covering labor, health & safety, environment, ethics, management systems
VAP score threshold for Platinum recognition
Current RBA Code of Conduct version (effective January 2024)
Regulation Overview
The RBA Code of Conduct is the global industry standard for social, environmental, and ethical supply chain responsibility and the cornerstone of ethical manufacturing compliance. For supply chain teams, the primary obligation is demonstrating conformance across five pillars—Labor, Health & Safety, Environment, Ethics, and Management Systems—covering provisions that address forced labor, working hours, hazardous substances, anti-corruption, and systematic risk management.
The Code contains 42 provisions verified through the Validated Assessment Program (VAP)—independent third-party audits scoring facilities against RBA requirements. RBA has shifted toward continuous compliance monitoring, with members expected to cascade Code requirements to their next-tier suppliers. Companies supplying to RBA member OEMs must complete self-assessment questionnaires, undergo VAP audits when requested, and remediate all findings within prescribed timelines.
RBA compliance requires facility-level evidence—policies, audit records, corrective action plans, and worker documentation—from every supplier site. When the Code is updated or a customer requests VAP results, your entire supplier base requires reassessment.
Key Components / Sub-Frameworks
RBA member companies and their direct manufacturing facilities
Suppliers to RBA members across all tiers (cascading requirement)
Contract manufacturers producing on behalf of RBA member brands
Non-member companies whose customers require RBA Code conformance
Companies seeking VAP recognition (Platinum, Gold, Silver) for competitive positioning
Subcontractors and temporary labor agencies providing workers to in-scope facilities
Key Thresholds
Your facility supplies five RBA member OEMs. Each requests VAP results, SAQ completion, and corrective action evidence—but through different portals, in different formats, on different timelines. Your compliance team manages the same data five ways, wasting weeks on redundant documentation instead of actual improvement.
A VAP audit produces 14 findings—3 Priority, 5 Major, 6 Minor. Each requires root cause analysis, corrective actions, preventive measures, and closure evidence. Priority findings demand immediate remediation. You have 90 days to close Major findings. Evidence is scattered across HR, EHS, and operations. The closure audit is in 60 days.
RBA requires you to cascade the Code to your next-tier suppliers. But your Tier 2 suppliers in Southeast Asia have never seen the RBA Code. They have no SAQ process, no documented management system, and no evidence trail. Your OEM customer asks for sub-tier compliance evidence. You have nothing to share.
Worker timesheets in one system. Environmental permits in a shared drive. Safety training records in a binder. Chemical inventories in Excel. When the VAP auditor requests documentation across all five pillars, your team spends days assembling evidence from a dozen sources—and still finds gaps the morning of the audit.
Certivo In Action
Certivo in Action — RBA Workflow
Electronics Manufacturing
Your Pain Point
Core RBA membership sector; complex multi-tier supply chains; multiple OEM customers requiring VAP
Semiconductor & High-Tech
Your Pain Point
High-volume contract manufacturing; migrant worker risks; cleanroom safety requirements
Automotive Manufacturing
Your Pain Point
RBA adoption expanding into automotive; IATF + RBA overlap; OEM sustainability scorecards
Aerospace & Defense
Your Pain Point
Prime contractor flowdown; sub-tier labour compliance; conflict minerals overlap
Medical Devices & Equipment
Your Pain Point
Contract manufacturing in high-risk regions; FDA + RBA dual compliance
Industrial & Heavy Equipment
Your Pain Point
Global supplier networks; legacy facilities; EHS + RBA environment overlap
Consumer Goods
Your Pain Point
Retail brand reputation risk; high SKU counts; seasonal labour surges
Energy & Infrastructure
Your Pain Point
Expanding RBA adoption in renewable energy supply chains; solar + battery component sourcing
From Manual Evidence Assembly to Automated Compliance Management
CORA collects, parses, and validates supplier RBA evidence automatically. Your team focuses on corrective actions and improvement—not compiling spreadsheets and chasing audit reports.
OEM Compliance Package Acceleration
Generate complete, audit-ready RBA compliance packages for any OEM customer in hours—not the 4–6 weeks of manual compilation across facilities and pillars.
Proactive RBA Compliance Monitoring
When the Code is updated, audit findings are reported, or corrective action deadlines approach, Certivo alerts you and reassesses your supplier base automatically. Know your compliance posture before customers ask.
Key Statistics
Frequently Asked Questions
Which companies need to comply with the RBA Code of Conduct?
Any company that is an RBA member, supplies to an RBA member, or manufactures products on behalf of an RBA member brand is expected to conform to the Code. This includes direct suppliers, contract manufacturers, and subcontractors across all tiers. The obligation cascades—RBA members must require next-tier suppliers to implement the Code. In practice, thousands of facilities globally must demonstrate conformance to maintain OEM business relationships.
What happens if a supplier fails an RBA VAP audit?
VAP audit findings are categorized as Priority, Major, or Minor. Priority findings require immediate corrective action. Major findings must be remediated within prescribed timelines (typically 90 days). Failure to close findings can result in loss of VAP recognition, customer disqualification, or removal from approved supplier lists. Market access depends on documented closure evidence for every finding.
How does Certivo support RBA compliance across multiple OEM customers?
Certivo collects one set of RBA compliance evidence from each supplier and generates customer-specific packages for any OEM. CORA validates supplier data against all 42 Code provisions, maps findings to each customer's reporting format, and produces audit-ready documentation on demand. One supplier submission satisfies multiple customer compliance requests simultaneously.
Does Certivo support VAP audit preparation and corrective action management?
Yes. Certivo provides structured corrective action workflows aligned with RBA CAP requirements—including root cause analysis templates, remediation tracking, evidence collection, and closure documentation. CORA monitors approaching deadlines, escalates overdue actions, and generates closure summaries for VAP reassessment. This replaces last-minute scrambling with systematic, continuous audit readiness.
How does RBA compliance relate to EU and US supply chain due diligence laws?
RBA conformance demonstrates operational labour, environmental, and ethics practices that directly support compliance with the EU CSDDD, EU Forced Labour Regulation, UFLPA, UK Modern Slavery Act, and Conflict Minerals regulations. Certivo validates supplier evidence against RBA Code provisions and regulatory due diligence requirements simultaneously—providing multi-tier supply chain transparency from a single evidence base.