CODE AND STANDARDS  
OF PROFESSIONAL CONDUCT  
CODE AND STANDARDS  
OF PROFESSIONAL CONDUCT  
APSCA aims to increase the value and effectiveness of independent social compliance audits  
by enhancing the professionalism, consistency and credibility of individuals and organizations  
performing them.  
Labor rights and workplace conditions are a central focus for many organizations, due to expanding global  
supply chains, public perceptions related to social responsibility, and legislation. Independent social  
compliance services are an important tool in advancing labor rights and workplace conditions for workers  
globally. APSCA aims to raise the value, quality and effectiveness of social compliance services and support  
Member Auditors and Member Firms who are performing them.  
APSCA expects Members to demonstrate a high standard of ethics and Member Firms to promote a culture  
of honesty and integrity in day to day operations and support the fair treatment and appropriate workplace  
conditions for their Member Auditors.  
The principles outlined in the Code of Professional Conduct (the Code) - presented herein as the first  
element of each section in bold - have been developed to support APSCA’s values and are intended to  
provide guidance around the transparent and accountable manner in which individual Member Auditors and  
Member Firms are expected to operate. The Code serves as a foundation for establishing credible, ethical and  
consistent professional behaviors by Members.  
The related Standards of Professional Conduct (the Standards) presented herein as the subsections under  
each element in bold provide Members with clarification and more detailed requirements related to the  
obligations under the Code.  
By becoming a Member of APSCA, both auditors and audit firms are committing to uphold the principles  
outlined in the Code and the related Standards in the conduct of all social compliance services. It is also  
intended that Member Firms will ensure that the provisions of this Code will be followed by all personnel  
working on their social compliance services.  
In the event the Code or the Standards conflict with applicable law, such that compliance with both is not  
possible, Members shall comply with applicable law.  
The Code and the Standards are not intended to be, nor should they be interpreted as, a full or exhaustive  
list of the situations, circumstances or conditions which may comprise compliance and non-compliance.  
Professional judgment will be required to decide what is adequate, sufficient, and competent according to  
the situations and circumstances of each audit.  
Member Firms are independent businesses; however, the actions of Members can be attributed to APSCA,  
affecting the reputation and level of trust APSCA has earned as well as impacting the reputation of the  
industry as a whole. Members are expected to conduct themselves with consideration of this reality.  
Note: In the Code and Standards, “Members” refers to individual Member Auditors and Member Firms. Member  
Firms are those organizations that have been accepted for membership into APSCA. Member Auditors  
includes both Certified Social Compliance Auditors (CSCA) that have been certified by APSCA, and Associate  
Social Compliance Auditors (ASCA) that have been approved by their Member Firm and have been enrolled  
with APSCA. During the initial period, Registered Level Auditors have the rights, responsibilities and  
obligations of a CSCA.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 2 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
1.0 COMPLIANCE  
1.1 Accountability: Members shall comply with all relevant legislation and comply with the Code  
and the Standards.  
1.1.1 Members shall obtain and maintain all statutory consents, licenses and permissions required  
to perform social compliance services in all jurisdictions in which services are performed.  
1.1.2 Members shall make reasonable efforts to ensure that their agents, directors, employees,  
officers and sub-contractors:  
1.1.2.1 not engage in any form of bribery, corruption, extortion or embezzlement, or any  
other unlawful conduct;  
1.1.2.2 comply with all applicable laws, regulations, codes and sanctions, including those  
relating to anti-bribery and anti-corruption.  
1.1.3 Members, in the operation of their social compliance business, shall observe all labor laws,  
including those regarding working hours, wages and benefits, providing at a minimum, one  
(1) day off every seven (7) days with any overtime being voluntary.  
1.1.4 Members, in the operation of their social compliance business, shall observe all health and  
safety rules and regulations and any other applicable security requirements which apply to  
their own operations.  
1.1.5 Members shall have a procedure to report illegal conduct to the local authorities, if such  
reporting is mandated by local laws.  
2.0 INDEPENDENCE AND INTEGRITY  
2.1 Independence: Members providing social compliance services must be independent and  
avoid conflicts of interest that, in fact or in appearance, may create an incentive to report  
anything other than the true and accurate facts gathered during a social compliance service.  
2.1.1 All audit firm personnel shall be aware of the need for independence in conducting all  
elements of social compliance services.  
2.1.2 Social compliance services shall be undertaken independently. All audit firm personnel who  
could influence social compliance services shall act independently and shall not allow  
commercial, financial or other pressures to compromise their independence.  
2.1.3 Member Firms shall not conduct social compliance services when the Member Firm -  
including, but not limited to, owners, managers, or auditors - has a business interest in  
the outcome of the service. This includes, but is not limited to, fees or other business  
contingent on the outcome of the service.  
2.1.4 A Member Firm or Member Auditor shall not perform social compliance services at any  
facility where the Member Firm, its owners or managers have provided social compliance  
consultancy within the preceding two years.  
2.2 Corruption and Bribery: Members shall not solicit, accept or facilitate any form of bribe or  
inducement.  
2.2.1 Members shall not solicit, accept or facilitate any form of benefit or value including  
currency, goods, services, or entertainment from any party directly or indirectly related to  
a social compliance service. As it is not possible to always understand the motivations of  
the individual providing the benefit or value, there is no minimum threshold for any items  
received.  
2.2.2 Members shall not accept meals, except for beverages such as water, coffee, tea or soda  
which are customarily provided to visitors at the facility, from any party directly or indirectly  
related to a social compliance service. To the extent a Member is provided any meal from any  
party directly or indirectly related to a social compliance service, the Member shall pay for the  
meal at the current market rate and obtain a receipt to evidence payment.  
2.2.3 Members shall not accept transportation from any party directly or indirectly related to a  
social compliance service. To the extent a Member is provided any transportation by any  
party directly or indirectly related to a social compliance service, the Member shall pay for the  
transportation at the current market rate and obtain a receipt to evidence payment.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 3 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
2.2.4 Members shall not accept gifts, whether goods or services, from any party directly or  
indirectly related to a social compliance service.  
2.3 Integrity Management: Member Firms shall have a system in place to identify risks and  
manage compliance relating to ethics and integrity.  
2.3.1 Members shall implement and maintain an Integrity Management System to address audit  
integrity and bribery risks that may exist before, during and after each social compliance  
service. The Integrity Management System shall be applicable to all audit firm personnel and  
shall, at a minimum, include the following components:  
2.3.1.1 Clear policies, guidelines and processes including specific policies to:  
2.3.1.1.1 Identify what constitutes unethical practices, mechanisms for all personnel to  
distance themselves from unethical practices, and the process for identifying  
and reporting such practices whenever they occur.  
2.3.1.1.2 Disallow use of any routes or channels for provision of benefits to, or receipt  
of a benefit from clients, auditors, sub-contractors, suppliers, employees or  
government officials.  
2.3.1.1.3 Prohibit the billing or reporting of work not in alignment with contractual  
services.  
2.3.1.1.4 Prohibit the offering or acceptance of gifts or hospitality.  
2.3.1.1.5 Establish zero tolerance – termination of employment – of any audit firm  
personnel found to have offered, solicited or accepted any form of bribe or  
incentive.  
2.3.1.1.6 Require prompt reporting to their integrity investigations function of all  
allegations of non-compliance with integrity policies and any bribery  
attempts.  
2.3.1.1.7 Prohibit any form of retaliation or retribution for individuals who in good faith  
report integrity issues or suspected issues.  
2.3.1.2 Risk assessment process as appropriate for the industry.  
2.3.1.3 Pre-employment screening for all audit firm personnel.  
2.3.1.4 Code of Ethics Agreement outlining auditee expectations in connection with the  
performance of all social compliance services.  
2.3.1.5 Periodic ethics training for all audit firm personnel.  
2.3.1.6 Audit results tracking to identify unusual patterns in results for specific auditors.  
2.3.1.7 An Audit-the-Auditor program.  
2.3.1.8 Publicly available confidential mechanism for reporting allegations of ethics or  
integrity violations.  
2.3.1.9 Integrity investigation process including:  
2.3.1.9.1 Integrity investigations mechanism that:  
ƒ is independent of the management of social compliance services.  
ƒ conducts investigations consistent with the guidelines in Section 5.2.2.3.  
ƒ investigates all allegations received taking into account the nature and  
specificity of the allegation.  
ƒ records all allegations, including the results of investigative activities.  
2.3.1.9.2 Required reporting to APSCA of the results of any investigation where  
disciplinary action is taken in response to a violation of the Code or Standards.  
3.0 COMPETENCE  
3.1 Personnel: Member Firms shall only deploy social compliance auditors (whether direct  
employees or independent contractors) who demonstrate, at a minimum, the relevant  
knowledge, skills and attributes outlined in the APSCA Competency Framework, and agree to  
act in accordance with the Code and the Standards.  
3.1.1 Member Firms shall ensure auditors meet the expectations as outlined in the Competency  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 4 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
Framework prior to being identified to APSCA as an ASCA.  
3.1.2 Member Firms shall ensure that only CSCAs and ASCAs are assigned to any Social  
Compliance Audit.  
3.1.3 Prior to final scheduling of any Social Compliance Audit, Member Firms must confirm that the  
assigned CSCA has appropriate skills and competencies – consistent with the Competency  
Framework – to perform the Social Compliance Audit including the following:  
3.1.3.1 Knowledge of applicable laws and regulations relevant for the facility to be audited.  
3.1.3.2 To the extent the assigned CSCA does not have the appropriate language skills to  
conduct interviews in the language of workers and management in the facility, the  
Member Firm must ensure that an independent translator will be utilized during the  
audit.  
3.1.3.3 Industry-specific knowledge to the extent the facility to be audited has specific  
industry specific requirements or considerations.  
3.1.4 Member Firms shall have a mechanism to provide training and education for auditors.  
Training and education processes shall include, at a minimum:  
3.1.4.1 Qualified trainer(s).  
3.1.4.2 Written training materials that include experiential exercises and case studies.  
3.1.4.3 Documented evaluation of trainee comprehension and command of the materials.  
3.1.4.4 Training feedback survey.  
3.1.4.5 Training and education records to be included in the personnel files of the auditor and  
including, at a minimum:  
ƒ Date of training  
ƒ Training topics  
ƒ Trainer(s)  
ƒ Training outcomes  
3.1.5 CSCAs shall complete continuous professional development to maintain professional  
knowledge and skills at the level required to execute audits in compliance with the  
requirements in the Competency Framework.  
3.1.6 Member Firms shall evaluate the performance and competency of CSCAs and ASCAs.  
Performance and competency evaluation processes shall include, at a minimum:  
3.1.6.1 Formal and documented annual review of performance for each auditor.  
3.1.6.2 Onsite evaluation by a qualified evaluator at least once per year.  
3.1.6.3 Ongoing review of audit files, audit reports, and any feedback received to identify  
opportunities to enhance performance.  
3.1.6.4 Development and tracking of auditor performance metrics with refresher training,  
feedback and remediation provided, as needed.  
3.1.6.5 Policies and procedures to manage underperformance or misconduct by auditors.  
These policies and procedures must be clearly communicated to all auditors.  
3.2 Supervision: Member Firms shall ensure auditors are adequately supervised to ensure all work  
is performed as directed and supports the conclusions reached.  
3.2.1 Members shall create a communication channel that provides a mechanism for auditors to  
engage more experienced resources during the execution of an audit to address unique  
issues and circumstances.  
3.2.2 Where an audit team includes an ASCA, the CSCA shall ensure that the ASCA is only  
involved in audit elements consistent with the individual’s skills, competencies and  
experience. Additionally, the CSCA shall ensure all assigned work is properly completed and  
performed consistent with client or collaborative program requirements.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 5 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
3.2.3 To the extent an auditor – whether ASCA or CSCA – is requested to perform work that in the  
opinion of the auditor is beyond the auditor’s competency or for which the auditor has not  
been properly trained, the auditor shall communicate the concerns to appropriate Member  
Firm management or APSCA.  
4.0 EXECUTION, REPORTING AND RECORDS  
4.1 Audit Team: Each audit team shall have a minimum of one CSCA. Audit teams may include  
ASCA(s) who support the audit under supervision of the CSCA.  
4.1.1 In assigning auditors to perform a Social Compliance Audit, Member Firms shall ensure  
sufficient resources are deployed to complete all work required for the client or scheme for  
whom the audit is to be performed.  
4.1.1.1 To the extent the audit team includes an ASCA(s), the Member Firm shall ensure  
assigned resources are sufficient to provide for appropriate supervision by the  
assigned CSCA.  
4.1.2 Member Auditors shall record all work performed (See Section 4.4.1.3) and shall not report  
conclusions where work has not been completely performed.  
4.1.3 A CSCA shall only include the designation as a CSCA and their APSCA member number after  
having fully completed an independent Social Compliance Audit on behalf of a Member Firm.  
4.1.3.1 A CSCA shall include reference to CSCA status and / or their APSCA member number  
only where the scope of work is a Social Compliance Audit and where the work is  
performed on behalf of a Member Firm.  
4.1.3.2 To the extent a CSCA performs an audit that includes consideration of elements  
beyond the elements in the Competency Framework, the associated audit report must  
conspicuously include the following disclaimer if the CSCA’s APSCA number is to be  
included in the audit report:  
This audit includes elements beyond the scope of a Social Compliance Audit as  
defined by the APSCA Competency Framework. The association of the auditor’s  
APSCA number with this report is limited to those elements outlined in the APSCA  
Competency Framework. APSCA makes no representations with respect to the  
auditor’s competency to professionally evaluate compliance with any other audit  
elements.  
4.2 Confidentiality: Members shall maintain confidentiality with respect to information gathered  
in connection with a social compliance services and take all reasonable steps to prevent  
unauthorized access to, or inadvertent disclosure of, information collected during or relating  
to a service.  
4.2.1 Member Firms shall establish a policy that all information obtained or developed in  
connection with a social compliance service shall not be disclosed to any party other than  
the relevant client, except under the following circumstances:  
4.2.1.1 The client provides specific written consent.  
4.2.1.2 Disclosure is required to execute the service.  
4.2.1.3 Disclosure is required by applicable law.  
4.2.1.4 Disclosure is required to obtain legal or ethical advice regarding compliance with  
applicable laws or the Code or Standards. Where confidentiality is not governed by a  
recognized professional code of conduct, an appropriate non-disclosure agreement  
must be executed.  
4.2.1.5 Disclosure is required to establish a claim or defense in an adversarial proceeding.  
4.2.2 Member Firms shall undertake appropriate technical and security measures to prevent the  
inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to  
the audit.  
4.2.3 Confidentiality of audit data shall be maintained for a minimum of ten years or longer if  
required by applicable law or contractual agreement; personally identifiable information  
shall not be disclosed.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 6 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
4.3 Report Generation and Submission: Members shall ensure an accurate, concise, timely, clear  
audit report, following the format and methodology of the program being audited against.  
Auditors may only sign off on an audit as a CSCA if they are conducting an independent Social  
Compliance Audit on behalf of a Member Firm who takes responsibility for the process.  
4.3.1 Member Firms shall provide employment conditions which ensure auditors can spend a  
reasonable part of their normal working hours writing and completing audit reports.  
4.3.2 In preparing audit reports, Members shall ensure:  
4.3.2.1 Prior to report submission, a report quality review process is performed.  
4.3.2.2 The audit report is generated and submitted to the client and / or audit requestor at  
the conclusion of each audit within an agreed timeframe.  
4.3.2.3 The audit report includes the names and APSCA member number(s) (where  
applicable) of all Member Auditors who performed audit procedures during the audit.  
4.4 Supporting Documentation: Member Firms shall ensure each audit report is supported by a  
record, which evidences the work performed in sufficient detail to support the conclusions in  
the audit report.  
4.4.1 The record for each Social Compliance Audit should include the following, at a minimum:  
4.4.1.1 The final audit report submitted to the client or audit requestor.  
4.4.1.2 Executed Code of Ethics Agreement.  
4.4.1.3 A summary of all substantive procedures performed in connection with the audit to  
evidence consideration of all required elements for a Social Compliance Audit.  
4.4.1.4 Facility map for the operations considered during the audit.  
4.4.1.5 Working papers to evidence performance of quantitative elements including, but not  
limited to:  
ƒ Minimum age  
ƒ Compensation and benefits  
ƒ Hours of work  
4.4.1.6 Summary of worker interviews identifying:  
ƒ The number of workers interviewed  
ƒ The method of interview – e.g. individual or group  
ƒ The composition of the population of interviewed workers by key characteristics –  
e.g. gender, nationality  
ƒ The key issues or concerns raised  
4.4.2 The records for Social Compliance Audits shall be subject to a review process designed to  
ensure compliance with the Code and Standards.  
4.5 Handling of Sensitive Information: Reporting of sensitive issues which may lead to retaliation  
against workers, or attempts to bribe, threaten or coerce Member Auditors shall be handled in  
a manner which protects workers and Member Auditors.  
4.5.1 Protection of workers shall be prioritized by respecting the confidentiality of information  
collected during worker interviews. Specifically, if issues raised by workers need to be  
discussed with auditee management it must be done with caution, ensuring comments  
cannot be traced back to individuals.  
4.5.2 To the extent sensitive information is received by a Member in the conduct of a social  
compliance service, such information shall be communicated to an appropriate party –  
whether the client, service requestor, program owner, APSCA or authorities – for the benefit  
of the worker or the Member Auditor.  
4.6 Records Management: Member Firms shall have systems in place to ensure all audit data is  
collected, stored and transferred in compliance with applicable law and is secure and only  
accessible by authorized persons.  
4.6.1 Security: Member Firms shall take necessary technical and organizational measures to  
ensure security of data held in hard copy or electronically.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Page 7 of 14  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
4.6.1.1 Hard-copy records shall be stored in a secure location and accessible only to  
authorized personnel.  
4.6.1.2 Electronic data shall be stored in systems that require the use of a unique password  
and include a record identifying all individuals who have accessed the data.  
4.6.2 Retention: Member Firms shall retain Social Compliance Audit working papers – consistent  
with section 4.4.1 above - for a minimum of five years, or longer if required by applicable law  
or contractual agreement, from the date of the audit whether or not the client is active.  
4.6.3 Destruction: Member Firms shall have a policy and process in place to ensure that records  
– whether hard copy or electronic – are securely disposed of in compliance with record  
retention policies.  
5.0 OTHER OBLIGATIONS OF MEMBERS  
5.1 Transparency with APSCA: Upon request by APSCA, true and accurate information shall be  
made available by Members to verify conformance with the expectations in the Code and  
Standards.  
5.1.1 Member Firms shall make available or communicate to APSCA the following relevant to the  
Member Firm’s social compliance services business:  
5.1.1.1 Summary of legal, organizational and governance structure  
5.1.1.2 Notification of significant changes to the Member Firm’s legal, organizational or  
governance structure including:  
ƒ Change of ownership  
ƒ Change of management  
ƒ Acquisitions or divestitures  
ƒ Change of address  
ƒ Changes in geographic coverage  
5.1.1.3 Overview of quality and integrity management systems and processes which support  
compliance with the Code and Standards.  
5.1.1.4 Annual summary complaint handling information (See Section 5.2.4.7).  
5.1.1.5 Summary personnel information based on the requirements in Section 5.2.1.1 below in  
response to a specific request from APSCA.  
5.1.1.6 Results of any complaint or integrity investigations if requested by APSCA.  
5.1.2 Member Auditors shall make available or communicate to APSCA the following:  
ƒ Confirmation of identity  
ƒ Changes in country of residence  
ƒ Changes in e-mail contact details  
ƒ Changes in association with Member Firms  
ƒ Any adverse finding or conviction related to bribery or corruption  
5.2 Policies and Systems: Member Firms shall implement and maintain policies and management  
systems which demonstrate compliance with the requirements in the Code and the  
Standards.  
5.2.1 Management systems shall include, at a minimum, the following components and are  
applicable to all audit firm personnel:  
5.2.1.1 Responsible and accountable management structure.  
5.2.1.2 Policies, procedures, and work instructions which conform to and support the  
principles in the Code.  
5.2.1.3 Records that demonstrate ongoing operations and performance of the system.  
5.2.1.4 Internal audit.  
5.2.2 Human Resource Management  
5.2.2.1 Member Firms shall maintain personnel information for all audit firm personnel  
including audit logs, observation reports, disciplinary records, training records, and  
qualification summaries, as applicable.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 8 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
5.2.2.2 Member Firms shall retain personnel information as per Section 5.2.2.1 for all audit  
firm personnel for a minimum of three years from the date an auditor leaves the  
employment of the Member Firm.  
5.2.2.3 Member Firms shall establish fair and thorough disciplinary policies and procedures,  
including mechanisms to ensure:  
ƒ Consistent enforcement  
ƒ Effective investigations  
ƒ Effective corrective actions  
ƒ Opportunity for the subject of any investigation to be heard where there are  
potential negative consequences  
5.2.3 Independence Risk Management  
5.2.3.1 Member Firms shall have a process to consider and manage risks related to  
independence including:  
5.2.3.1.1 Recognition that the source of revenues for Member Firms – the payment  
for services by clients – presents a potential threat to independence and  
development of policies and procedures to ensure audits are conducted in a  
manner that effectively address the threat.  
5.2.3.1.2 A process requiring all audit firm personnel to reveal any situation which can  
present the individual or the Member Firm with a conflict of interest. Member  
Firms shall record and use this information as input to identify threats to  
independence raised by the activities of audit firm personnel or by their  
relationship with organizations that commission their services.  
5.2.3.1.3 A process to identify, analyze, evaluate, treat, monitor, and document the  
risks related to independence and conflict of interest arising from provision  
of social compliance services including any conflict which arises from its  
relationships on an ongoing basis. Sources of threats to independence of  
the Member Firm can be based on ownership, governance, management,  
personnel, shared resources, finances, revenue sources, contracts, training,  
marketing and payment of a sales commission or other inducement for the  
referral of new clients and include but are not limited to:  
ƒ Self-interest: Member acting in their own interest, including financial  
interests and interests relating to the provision of social compliance  
services to clients where other services are also provided.  
ƒ Self-review: Member Auditor reviewing the work done by themselves or  
other personnel from the same firm.  
ƒ Familiarity (and trust): Member being too familiar with or trusting of another  
party instead of seeking audit evidence.  
ƒ Intimidation: Member having a perception of being coerced openly or  
covertly, such as a threat to be replaced or reported to a supervisor  
5.2.3.1.4 Where there are threats to independence, the Member Firm shall document  
and demonstrate how the Member Firm eliminates or minimizes such threats  
and document any residual risk. The demonstration shall cover all potential  
threats that are identified, whether they arise from within the Member Firm or  
from the activities of other persons, bodies or organizations.  
5.2.4 Complaint Handling  
5.2.4.1 Member Firms shall designate a representative to manage the complaint handling  
process.  
5.2.4.2 Member Firms shall have a documented, publicly accessible process for receiving,  
validating, and investigating complaints, and deciding what actions to take.  
5.2.4.2.1 Member Firms may retain a third party to investigate complaints or manage  
other elements of the complaint handling process in compliance with the  
applicable requirements.  
5.2.4.3 Member Firms shall track and record all complaints, including actions taken.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 9 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
5.2.4.4 Member Firms shall manage investigations in a manner fair to all parties, avoiding  
conflicts of interest. Whenever possible, Member Firms will provide the subject  
of an investigation an opportunity to be heard where there are potential negative  
consequences.  
5.2.4.5 Member Firms shall ensure appropriate corrective and preventative action is taken in  
response to any complaints found to have merit.  
5.2.4.6 Member Firms shall have a process in place for periodic analysis of complaints to  
identify systemic problems and develop appropriate solutions.  
5.2.4.7 Member Firms shall develop an annual summary of complaint handling activities  
including:  
ƒ Number of complaints received alleging violations of the Code or the Standards  
ƒ Source of the complaints, including the percentage of anonymous complaints  
ƒ Breakdown by type of complaints  
ƒ Percentage of substantiated and unsubstantiated allegations  
ƒ Disciplinary actions taken, by type and number  
5.2.5 Member Firms shall have a documented procedure to receive, evaluate and make decisions  
on appeals by auditees or other interested parties. In the event of an appeal, the Member  
Firm shall ensure all personnel engaged in the appeal handling process are different from  
those who carried out the audit(s) and undertook the audit review. In all cases, appeals will  
be reported to the client or the audit requestor.  
5.2.6 Member Firms shall establish policies and procedures to ensure the safety, protection,  
and security of their auditors. Auditors shall act in accordance with these policies and  
procedures, and remain aware of their personal safety and security when conducting audits.  
These policies and procedures shall include at a minimum:  
5.2.6.1 Assessing safety and security risks in countries where they offer services.  
5.2.6.2 Procedures for auditors to quickly assess personal safety conditions while onsite,  
report risks to a supervisor, and abort the audit if they feel uncomfortable.  
5.2.6.3 Procedure to report to the client, prior to or at time of the request, any audit location  
where the safety of the auditors may be at risk.  
5.3 Notify: Any Member who believes that another Member has committed a violation of the Code  
must inform APSCA.  
5.3.1 Member Firms shall inform APSCA when handling investigations that are likely to have  
industry-wide significance.  
5.3.2 Member Firms shall promptly inform APSCA of any cases where a Member Auditor is  
disciplined for misconduct which constitutes a violation of the provisions of the Code or  
Standards applicable to Member Auditors.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 10 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
DECLARATION  
I,  
, confirm that I am a Member of APSCA and in consideration  
of that membership, I agree to be held accountable to APSCA’s Code & Standards of Professional Conduct  
(APSCA Code and Standards of Professional Conduct D-032).  
(If signing as a Member Firm, please enter Member Firm Name. If signing as a Member Auditor, please enter  
Member Auditor Name)  
Signed by:  
Print Name  
Signature  
Date (Print)  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 11 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
GLOSSARY OF TERMS  
ASCA: Associate Social Compliance Auditor (ASCA) is an auditor who has been signed off by a Member Firm as  
meeting the criteria noted within the Competency Framework; has been enrolled with APSCA; and is working  
towards sitting the CSCA exam.  
Audit Firm: Companies or organizations providing independent social compliance services. This definition  
does not include internal audit functions.  
Audit Firm Personnel: Auditors and all personnel who are involved in the management and supervision,  
coordination, report writing and report quality review of social compliance services.  
Audit the Auditor: A risk-based confirmation of audit results for a sample of executions by reperformance of  
audit procedures by another auditor or detailed review of audit working papers.  
Auditee: The facility at which the audit is being executed.  
Auditor: Any individual who conducts social compliance services including an employed, freelance, or  
subcontract auditor.  
Client: The organization that has requested the social compliance service and / or the organization that is  
owed the duty of care.  
Code: APSCA Code and Standards of Professional Conduct.  
Code of Ethics Agreement: Industry standard agreement to be executed in connection with all social  
compliance services outlining the key requirements of the Member Firm’s integrity program and requiring  
reporting of all solicitation or offers of bribes.  
Collaborative Program: A program that manages a social compliance audit as part of a larger system of  
social compliance improvement. The program is managed by an organization which includes stakeholder  
members who support the development of and enhancements of the program, These programs may also be  
known as schemes or initiatives.  
Competency Framework: APSCA’s compendium of demonstrated competencies for practitioners and the  
basis for consideration as an ASCA or CSCA.  
Complaints: Reporting, whether on an identified or anonymous basis, of alleged non-compliance with the  
Code or Standards.  
CSCA: Certified Social Compliance Auditor (CSCA) is a designation signifying that an auditor demonstrates  
specific experience, knowledge and skills within the field of social compliance auditing. Through a rigorous  
certification process - including experience, education, examination and assessment - the CSCA candidate  
must demonstrate the core competencies relevant to the profession.  
Facility: An operation that is the subject of the social compliance services. Generally, these operations would  
be a specific geographic location and have a unique business license. This can include any location where  
products are produced, grown, distributed or sold.  
Freelance Auditor: – see Subcontractor.  
Independent Translator: An individual with language skills allowing for communication with workers or  
management and the auditor. In all cases, the individual shall have no relationship with either the facility or  
the local authorities and will have executed a non-disclosure agreement.  
Member Auditor: An auditor who is enrolled and in good standing with APSCA in either an ASCA or CSCA  
capacity.  
Member Firm: An audit firm that is a member of APSCA and provides Social Compliance Audit services.  
Members: Member Firms and Member Auditors.  
Owners: Those with an ownership interest as follows:  
ƒ Public Company: any level of ownership requiring legal disclosure under applicable securities laws  
ƒ Private Company: any level of ownership  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 12 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019  
Registered Level Auditor (RA): A temporary designation for an auditor who has been signed off by a Member  
Firm as meeting the educational and experience requirements of a CSCA during APSCA’s initial deployment  
of the certification regimen, and is going through the CSCA examination process. During the initial period,  
Registered Level Auditors have the rights, responsibilities and obligations of a CSCA.  
Social Compliance Audit: A social compliance service requiring consideration of each of the sections in the  
Competency Framework with the capture and evaluation of sufficient evidential matter to assess performance  
relative to each section by a CSCA. Competent capture of sufficient evidential matter includes at a minimum:  
ƒ Observations of conditions in the facility, which include the work area and any other relevant areas  
ƒ Review of records and policies related to Code of Conduct sections  
ƒ Management interviews  
ƒ Worker interviews  
ƒ Triangulation of all information  
CSCA’s and Member Firms have the responsibility to ensure that appropriate time is spent on site to  
competently achieve these tasks. Appropriate time is a function of many factors, including but not limited  
to the number of workers and physical size of the facility. Industry standard practice indicates that effective  
consideration would generally require a minimum of one auditor day on site for small facilities (e.g. less than  
100 workers), whereas for larger facilities with more workers, two or more auditor days will be required on an  
incremental basis based on the number of workers and the physical size of the facility.  
Social Compliance Consultancy: Any form of assistance with the implementation of any processes or  
management systems that relates to the requirements of a social compliance service. This includes, but is not  
limited to, tailored training, document development or provision of advice that would specifically assist an  
entity to work towards meeting requirements or to achieve compliance.  
Social Compliance Consultancy does not include:  
ƒ The customary exchange of information at the conclusion of or following an audit including clarifying  
requirements or explaining findings either to an entity undergoing an audit or to an organization  
commissioning an audit  
ƒ Corrective Action Plan management or administration that does not involve the provision of specific  
direction to address or remediate identified issues  
ƒ Training open to the public, not specific to a client and held at a public forum  
Social Compliance Service: An engagement to evaluate, measure, understand and report an organization’s  
social and ethical performance. A social compliance service is intended to support a larger system to improve  
labor conditions.  
Subcontractor: Any audit firm and / or individual auditor that is not under the direct employment of the  
Member Firm and has been contracted to conduct a social compliance service on behalf of a Member Firm  
and for whom the Member Firm is responsible.  
Training Outcomes: Evidence of successful completion of training, including the results of examinations or  
evaluations from the trainer(s).  
Worker: Individuals present in a facility where a social compliance service is being performed including direct  
employees, contractors, temporary workers and all other persons on-site.  
Document Name:  
APSCA Code and Standards of Professional  
Conduct D-032  
This document is no longer version controlled once printed.  
Page 13 of 14  
Author/Owner:  
Authorized by:  
APSCA President & CEO  
APSCA Executive Board  
Version & Date  
Replaces:  
Version 2 – July 2020  
Version 1 – 31 August 2019