Practical Guide to Supply Chain Due Diligence
Panorama Map
Six-Pillar Architecture | Business Continuity Integration | Quality Management Positioning
This document serves as the navigation framework for the complete set of Due Diligence (DD) practical guides, answering three key questions:
- What areas does supply chain due diligence cover, and how do they collaborate?
- What is the relationship between Business Continuity Management (BCM) and due diligence?
- Why is quality management not an independent due diligence pillar, yet closely related to all of them?
Note: This chapter can be used independently for project kick-off meetings, management reports, or new member onboarding.
0.1 Why Supply Chain Due Diligence Needs Six Pillars
Traditional supply chain management focuses on price, delivery, and quality. However, modern Responsible Business Conduct (RBC) requires companies to manage the negative impacts on Social, Environmental, and Governance (ESG) factors. While the OECD provides a broad framework, practice has evolved into six specialized, interrelated fields.
| Pillar | Core Question | Main Framework |
|---|---|---|
| 1. Social Responsibility | How does the supplier treat workers and the community? | ILO Conventions, SA8000, LkSG (Germany) |
| 2. Environmental Compliance | How does the supplier manage environmental impact? | ISO 14001, GHG Protocol, EU CSRD |
| 3. Supply Chain Security | Can the supplier guarantee goods and data integrity? | C-TPAT, AEO, ISO 27001, GDPR |
| 4. IP & Anti-Counterfeiting | Does the supplier infringe IP or use fake materials? | TRIPS, US NDAA, SAE AS5553 |
| 5. Ethics & Finance | Is the business conduct honest and financially healthy? | ISO 37001, FCPA, D&B Credit Ratings |
| 6. Mineral Traceability | Does the raw material source meet responsible standards? | OECD 5-Step, RMAP, UFLPA |
0.2 How the Six Pillars Interrelate
These pillars are not silos. A failure in one often signals a risk in another.
- Social ↔ Environmental: Unregulated mining often involves both child labor and toxic pollution.
- Social ↔ Ethics: Corruption (bribes) is often used to hide labor violations.
- Security ↔ IP: Cargo tampering is the primary entry point for counterfeit goods.
- Finance ↔ BCM: Financial instability is the leading indicator of a future supply disruption.
0.3 Business Continuity Management (BCM) vs. Due Diligence
Due diligence identifies current risks; BCM plans for future interruptions.
| Dimension | Supply Chain Due Diligence | BCM |
|---|---|---|
| Core Question | Is the supply chain compliant/responsible? | Can we operate if the supply chain breaks? |
| Perspective | Current status assessment | Future scenario planning |
| Standard | OECD DDG, UNGPs | ISO 22301 |
BCM Trigger Decision Tree
Use DD findings to trigger BCM actions:
- Sole Source: If no substitute exists, immediately set safety stocks and find a backup.
- Disaster Zone: If a supplier is in a high-risk climate zone, request their BCM plan.
- Financial Stress: If a supplier's credit drops, pre-qualify an alternative vendor.
0.4 Comprehensive Supplier Risk Scoring Matrix
We use a 100-point weighted system to classify suppliers and determine audit frequency.
| Pillar | Weight | Data Source |
|---|---|---|
| Labor & Social | 20% | Audit reports (SMETA/SA8000) |
| Environmental | 15% | ISO 14001, Carbon data |
| Security & Data | 20% | C-TPAT status, ISO 27001 |
| IP Protection | 10% | Counterfeit history, customs records |
| Ethics & Finance | 20% | Credit ratings, Anti-bribery policy |
| Traceability | 15% | CMRT quality, Smelter compliance |
Action Matrix
- 85–100 (Low): Audit every 2 years. Preferred status.
- 70–84 (Med): Annual audit. Focus on specific improvements.
- 55–69 (High): Audit every 6 months. Mandatory Corrective Action Plan (CAP).
- < 40 (Fail): Immediate suspension of orders and start of replacement process.
0.5 Quality Management's Position
Quality (ISO 9001) is a foundational indicator, not a standalone DD pillar.
- Why? Quality is about product specs (performance); DD is about operational ethics (compliance).
- Integration: A strong Quality Management System (QMS) acts as a "proxy" for management maturity. If a supplier fails quality basics, they will almost certainly fail complex DD pillars like Ethics or Traceability.
0.6 Scope of Application: Who gets audited?
| Supplier Type | Social | Env | Security | IP | Ethics | Minerals |
|---|---|---|---|---|---|---|
| Manufacturers | Full | Full | Full | As needed | Basic | If applicable |
| Traders | Basic | Basic | Key | Full | Full | Transparency |
| Software/IT | Basic | Light | Full | Full | Basic | N/A |
| Logistics | Basic | Carbon | Full | N/A | Basic | N/A |
(Full = Comprehensive Audit | Basic = Questionnaire | N/A = Not Applicable)
0.7 Series Usage Guide
This guide is part of a larger toolkit. For deep dives, refer to the following specific manuals:
- Social Audit Guide: Detailed labor standards and ILO compliance.
- Environmental Guide: ISO 14001 and carbon footprinting.
- Security & Data Guide: Physical C-TPAT and digital GDPR/ISO 27001.
- IP & Ethics Guides: Anti-counterfeiting and anti-corruption protocols.
- Mineral Traceability Guide: OECD 5-step methodology.