Sustainable Supply Chain Professional
Level 2 — Multi-Tier Mapping · Supplier Audit Management · CSRD Value Chain Disclosure

Covers five primary regulatory instruments creating supply chain sustainability obligations. CSDDD — applicability thresholds (over 1,000 employees and EUR 450 million global net turnover, phased from 2027–2029), due diligence obligations (risk identification, prevention and mitigation, complaints procedures, public communication), and civil liability provisions. EUDR covers seven forest-risk commodity categories (cattle, cocoa, coffee, palm oil, soya, wood, rubber and derived products), requires due diligence statements demonstrating non-deforestation on land since 31 December 2020, and operates through a country benchmarking system classifying countries as low, standard, or high risk. The EU Forced Labour Regulation, UK Modern Slavery Act, and US UFLPA are also covered.

Covers four primary non-regulatory frameworks. The UNGPs (2011) Protect-Respect-Remedy framework underpins both CSDDD and EUDR. The OECD Due Diligence Guidance for Responsible Business Conduct (2018) covers six steps — embed responsible conduct, identify and assess adverse impacts, cease/prevent/mitigate impacts, track implementation, communicate outcomes, provide or cooperate in remediation — with sector supplements for minerals, agriculture, garments, and financial sector supply chains. The RBA Code of Conduct (labour, health and safety, environment, ethics) is the most widely adopted industry-specific code for electronics supply chains globally, with over 200 member companies. ISO 20400 provides the international reference for sustainable procurement policy design.

Connects supply chain management activities to GHG Protocol Scope 3 categories: Category 1 (purchased goods — directly affected by supplier emissions reduction engagement), Category 4 (upstream transportation — affected by logistics supplier selection and transport mode choices), and Category 12 (end-of-life treatment — connected to circular economy strategy in Module 3.1). A relevance screening exercise applies the GHG Protocol criteria to five industry sectors, establishing that Category 1 is among the two most material categories for all five. Distinguishes between calculating Scope 3 emissions (Track 1 Module 2.1) and managing supply chain activities to reduce them (the operational task Track 6 modules address).

Applies the double materiality concept from F1 and Track 1 Module B1 to the value chain context, identifying the ESRS topic standards most commonly material for supply chain-dependent industries. Impact materiality frequently reaches the threshold for: labour rights violations (ESRS S2), community impacts from supplier operations (ESRS S3), deforestation and biodiversity loss from agricultural commodity production (ESRS E4), water pollution from supplier manufacturing (ESRS E2), and supply chain GHG emissions (ESRS E1 Scope 3). Financial materiality covers supplier disruption from regulatory enforcement, reputational damage from labour rights violations, and Scope 3 transition risk from carbon pricing through CBAM or equivalent. Maps materiality outcomes to ESRS topic standards that Module 2.3 will prepare.

Covers the interaction between CSDDD due diligence obligations and CSRD disclosure obligations, mapping the bidirectional data and process flows: the CSDDD due diligence process generates risk identification evidence feeding CSRD disclosure; the CSRD double materiality assessment identifies the topics requiring enhanced CSDDD due diligence; the CSDDD complaints mechanism generates case data informing CSRD S2, S3, and G1 disclosures. CSDDD creates an operational obligation requiring action and legal liability for failure to act; CSRD creates a disclosure obligation requiring description of how material impacts, risks, and opportunities are identified and managed. This compliance architecture provides the structural foundation for the full Track 6 module sequence.

Covers four primary methods for extending supply chain mapping beyond Tier 1. Supplier disclosure: Tier 1 contracts from Module 1.3 require suppliers to disclose their own significant suppliers, with cross-referencing against import-export data and corporate registry filings for verification. Industry collaboration platforms: Sustainable Apparel Coalition Higg Index, Electronics Industry Citizenship Coalition tools, and Global Battery Alliance traceability initiatives aggregate mapping data across multiple buyers, enabling combined supply chain visibility at lower individual cost. Open data sources: Global Forest Watch for deforestation events in agricultural commodity geographic footprints, Import Genius and Panjiva for US import records tracing containers to origin factories, and OpenCorporates and OpenSanctions for corporate ownership structures and sanctioned entities. Covers the practical integration of these sources including data access methods, limitations, and combination approach.

Covers application of four sector-based ESG risk databases to the supply chain map to identify geographic and sector hotspot combinations. Know The Chain Benchmark: forced labour policies and practices across technology and communications, food and beverage, and apparel and footwear. Corporate Human Rights Benchmark: human rights risk ratings for the largest 200 companies in agricultural products, apparel, and extractives — useful for assessing large Tier 1 and Tier 2 suppliers with public profiles. WRI Aqueduct: water stress risk scores identifying geographic hotspots for agricultural and manufacturing supply chains. Global Forest Watch: deforestation alert mapping for agricultural commodity geographic footprints. The unit produces a risk heat map overlaying the supply chain map with hotspot data colour-coded by risk severity across four ESG domains.

Covers the spend analysis combining the ESG risk heat map with spend concentration data to produce the prioritised supplier engagement matrix. Spend analysis aggregates procurement system data at Tier 1 and estimates Tier 2 proportions from disclosed supplier data. The prioritised engagement matrix ranks suppliers on a two-dimensional grid: ESG risk severity (vertical axis) against spend materiality (horizontal axis). Four quadrants with defined due diligence actions: high risk, high spend (immediate priority for enhanced due diligence and active engagement), high risk, low spend (priority for risk mitigation through sourcing diversification or alternative supplier development), low risk, high spend (standard monitoring, annual reassessment), low risk, low spend (simplified monitoring, triennial reassessment). The unit works through matrix construction for the case supply chain with recommended actions per quadrant.

Connects the supply chain map to Scope 3 emission analysis, using spend-based Category 1 estimates from Track 1 Module 2.1 and primary data from Module 1.2, supplemented by sector-average emission intensity factors by geographic region for Tier 2 (reflecting different grid emission factors and industrial energy efficiency levels by country). Reveals the common pattern in manufacturing supply chains that Tier 2 upstream material processing stages (steel production, chemical synthesis, textile spinning) often carry higher emission intensity than Tier 1 final assembly, meaning significant Scope 3 reduction potential sits in relationships the buying company does not directly manage. Covers engagement mechanisms for Tier 2 emission hotspots: requiring Tier 1 suppliers to include emission reduction criteria in their procurement policies, participating in industry initiatives that aggregate buyer influence over Tier 2 material suppliers, and developing direct relationships with the highest-emitting Tier 2 suppliers for the most material categories.

Covers the governance structure and data infrastructure for maintaining the supply chain map on an ongoing basis: the supplier data management system (supplier names, locations, relationships, risk scores, and documentation), the annual update cycle (supplier disclosure requirement triggers, data refresh process, and change detection procedure for new or exited Tier 2 suppliers), the open data source monitoring schedule (frequency at which public risk databases and deforestation alert systems are checked), and the risk scoring refresh process. The capstone deliverable is the completed supply chain map (Tier 1 in full, Tier 2 for highest-risk and highest-spend categories), the ESG risk heat map, and the prioritised supplier engagement matrix with recommended due diligence actions, presented as both a structured data table and a visual heat map diagram.

Covers the design of a supplier code of conduct functioning simultaneously as a compliance reference document, procurement pre-qualification criterion, and audit assessment standard. Labour rights section: written employment contracts in the local language; wages at or above statutory minimum and, for Tier C risk geographies, at or above the Anker Research Institute living wage benchmark; working hours per applicable legal limits with voluntary overtime only; freedom of association; prohibition of child labour; and prohibition of forced labour (no identity document retention, debt bondage, or disciplinary wage deductions). Health and safety, environment (legal compliance, written policy, wastewater, hazardous waste, air emissions), and business ethics (zero tolerance bribery, whistleblower mechanism, anti-money laundering) sections are also covered. Each section cites ILO core conventions, UN Guiding Principles, and applicable national law as the standards implemented.

Covers the SMETA methodology and third-party audit programme design. Distinguishes 2-pillar SMETA (labour and health and safety) from 4-pillar SMETA (adding environment and business ethics), with conditions for selecting each (4-pillar recommended for high-risk geographies and where environmental and anti-corruption performance is a significant concern). Audit programme design: frequency by supplier risk tier (Tier C: annual unannounced; Tier B: annual announced; Tier A: biennial with optional desktop review); audit firm selection criteria (SMETA-approved status, auditor language capability for the supplier's country, no recent conflicts of interest); pre-audit documentation requirements; on-site protocol (factory tour, document review, and worker interviews conducted in workers' language without management present); and SMETA report format and Sedex platform upload requirements.

Covers SA8000 (Social Accountability International), which covers nine elements — child labour, forced labour, health and safety, freedom of association and collective bargaining, discrimination, disciplinary practices, working hours, remuneration, and management systems — and the management system element that distinguishes SA8000 from SMETA: SA8000-certified suppliers must maintain an ongoing management system continuously monitoring and improving performance, rather than achieving compliance at the point of audit. Covers the SA8000 certification pathway from pre-assessment through initial certification to annual surveillance audits, the time and cost investment for a typical manufacturing supplier, and the conditions under which SA8000 certification is most warranted (long-term strategic relationships with high social impact exposure where the management system orientation is more valuable than point-in-time compliance verification).

Covers the corrective action protocol for SMETA findings by severity. Critical findings (active child or forced labour, physical abuse) require immediate reporting to the buying company within 24 hours for the most severe cases, cannot be deferred through a corrective action plan, and trigger immediate commercial consequences. Major findings (significant non-compliance posing worker risk — unpaid overtime, blocked emergency exits, chemical exposure without PPE) require a corrective action plan within 30–90 days. Minor findings (isolated low-impact deviations) require a corrective action plan within 180 days. The consequence framework specifies the buying company response at each category: immediate suspension of new purchase orders for critical findings; warning letter, 60-day follow-up audit, and suspension of supplier development for unresolved major findings; formal notice incorporated into risk tier assessment for unresolved minor findings. Covers the documentation requirements serving as CSDDD due diligence records and CSRD S2 and G1 disclosure evidence.

Covers three worker voice mechanisms addressing known formal audit limitations by providing workers with direct, confidential reporting channels independent of the audit process. Anonymous worker hotlines: telephone or SMS-based services operated by independent third parties with multilingual coverage, reporting accessible to the buying company. Participatory gender equity assessment tools: structured group discussions with female workers conducted by trained facilitators, using the Impactt Gender Equity Assessment Tool or equivalent, covering workplace discrimination, harassment, and wage equity. Mobile survey platforms: Laborlink, Ulula, or equivalent for periodic anonymous surveys sent to worker samples at audited facilities providing real-time data to the buying company. Covers the complete audit programme documentation package for CSDDD and CSRD: programme design document, annual results summary, corrective action tracker, and evidence of adverse impact remediation. The capstone deliverable is the complete code of conduct document and audit programme design.

Applies EFRAG double materiality methodology to the value chain scope question using the EFRAG proportionality guidance in ESRS 1: companies are not required to assess every supply chain relationship in equal depth, but must focus on activities and business relationships where material impacts are most likely. Uses the supply chain map from Module 2.1 and double materiality assessment findings from Track 1 Module B1 to establish the CSRD value chain disclosure boundary. For each material topic, identifies the value chain stages where the impact or risk is concentrated and determines the appropriate disclosure depth: full disclosure detail for topics where the company has direct contractual relationships with impacted parties (Tier 1 labour rights); more aggregated disclosure for topics where influence is indirect (Tier 2 environmental impacts), with a description of the engagement approach rather than specific metrics for each supplier.

Covers the ESRS E1-6 value chain GHG disclosure requirements: absolute gross Scope 3 emissions across all relevant categories, proportion covered by primary data versus estimates, calculation methodology and emission factor sources, and inventory uncertainty level. Maps the Category 1 data from Module 1.2 and the 15-category inventory from Track 1 Module 2.1 to specific ESRS E1-6 data points. Covers ESRS E1-4 engagement and target disclosure: proportion of Category 1 covered by the primary data collection programme, proportion of suppliers with SBTi-validated or equivalent science-based targets, and the distinction between own emission reduction targets (SBTi-validated) and supplier engagement targets (committing to engage a specified proportion of the supply base). Makes explicit the connections to Track 1 Module 2.2 (SBTi target setting) and Module 1.2 in this track (primary data collection).

Covers the ESRS S2 (workers in the value chain) disclosure structured across four sections for the case company. Governance: oversight structure for supply chain social risk management (the committee or management role with accountability, designed in Track 1 Module 3.3 for the broader governance architecture). Strategy: integration of supply chain social risks into procurement and supplier management processes from Module 1.3. Impacts, risks and opportunities: material impacts identified through assessment and audit programme (Modules 1.1 and 2.2), using ESRS language of actual and potential impacts with specified severity, scale, and scope. Actions and metrics: audit programme coverage, corrective action completion rates, worker voice mechanisms, and metrics tracking improvement over time. The key disclosure distinction is that the company does not directly manage value chain workers, so disclosures focus on how impacts are addressed through supply chain management processes rather than direct employment relationship management.

Covers the ESRS S3 (affected communities) disclosure for supply chain-related community impacts: identification of affected communities in the supply chain map from Module 2.1 (geographic areas where significant community impacts have been found through NGOs, media, or community complaints), material impacts from the community rights section of Module 1.1 and the hotspot analysis from Module 2.1, the engagement processes used (community consultation records, grievance mechanism data), and the actions taken and metrics tracking. Provides an overview of the ESRS E4 (biodiversity and ecosystems) disclosure for companies with agricultural supply chains, covering deforestation and land conversion disclosure requirements, connecting to the EUDR due diligence in Track 7 Module 2.3, and noting the ESRS E4 disclosure obligations for companies where supply chain deforestation is a material impact.

Guides assembly of the complete CSRD sustainability statement value chain sections — integrating ESRS E1 Scope 3, S2, and S3 disclosures with internal cross-references — and preparation of the evidence mapping document connecting each disclosure to its underlying source data: ESRS E1 Scope 3 figures link to GHG inventory calculation workbooks from Track 1 Module 2.1; S2 audit results link to SMETA reports and corrective action tracker from Module 2.2; S3 community impact disclosures link to consultation records and complaints mechanism data; supply chain map disclosures link to supplier disclosure data and open data source extracts from Module 2.1. The evidence mapping document is reviewed by the external assurance provider during the CSRD limited assurance engagement. The capstone deliverable is the complete value chain sustainability statement sections and the evidence mapping document.