responsiblesourcing.io

12 min read

Build a Responsible Sourcing Program From Scratch

A starting playbook for teams moving from fragmented supplier checks toward a real day-to-day approach.

When to use this playbook

Use this when the business has supplier expectations scattered across teams but no coherent program structure.

Use it when procurement, compliance, and sustainability need a shared baseline before adding tools or detailed processes.

How this source informs this section

OECD Due Diligence Guidance for Responsible Business Conduct · p. 17

OECD is the right baseline here because it frames due diligence as a risk-based operating system, not just a policy statement.

The measures that an enterprise takes to conduct due diligence should be commensurate to the severity and likelihood of the adverse impact.

Open cited page Open full document

Step-by-step guide

1. Define the initial scope: which suppliers, regions, product lines, and issue areas the first program will cover.

2. Publish a baseline supplier expectation set, even if version one is narrow and will evolve later.

3. Assign named owners for standards, risk assessment, audit review, and remediation follow-up.

4. Create an initial risk segmentation method so audit and engagement effort are not distributed evenly across all suppliers.

5. Choose a review cadence for findings, overdue corrective action plans (CAPs), severe issues, and leadership escalation.

6. Stand up a source of truth for audits, supplier records, remediation evidence, and key reporting metrics.

7. Set a short list of launch metrics that prove the program is operating, not just documented.

How this source informs this section

Nike Code Leadership Standards 2025 · p. 5

Nike is useful as an operating example because it turns code requirements into management systems, training, monitoring, and grievance expectations.

The supplier facility must implement and integrate the Code... including implementing effective management systems and undergoing verification and monitoring.

Open cited page Open full document

Quality checks

The program has a clear owner and escalation path.

Supplier expectations are written and available to sourcing teams and suppliers.

Risk changes what gets reviewed first.

Remediation is tracked through closure with evidence.

How this source informs this section

OECD Due Diligence Guidance for Responsible Business Conduct · p. 32

OECD makes the quality bar practical: assign owners, track implementation, and improve the system from what the follow-up shows.

Track the implementation and effectiveness of the enterprise's due diligence activities... and use the lessons learned to improve these processes.

Open cited page Open full document

Failure modes

Writing a supplier code without defining who runs follow-up.

Treating all suppliers as equally risky and spreading resources too thin.

Adding too many tools before the day-to-day approach is stable.

How this source informs this section

UN Guiding Principles on Business and Human Rights · Principle 24

UNGP is the right correction when teams try to treat every issue equally instead of working from the most severe impacts outward.

Business enterprises should first seek to prevent and mitigate those that are most severe or where delayed response would make them irremediable.

Open cited page Open full document

Sources

OECD Due Diligence Guidance for Responsible Business Conduct

OECD · guidance PDF

OECD's due-diligence guidance is the main cross-cutting source here for prioritization, corrective action planning, leverage, and follow-up.

Open cited PDF

UN Guiding Principles on Business and Human Rights

OHCHR · framework

Used here for the baseline definition of human-rights due diligence, remedy, and grievance expectations.

Open cited PDF

Nike Code Leadership Standards 2025

Nike · standards PDF

Nike's leadership standards are useful here because they turn code requirements into explicit management-system, grievance, and recruitment controls.

Open cited PDF