RBA Conformity Schemes

Criterion: Protection of Identity and Non-Retaliation

Version 2.1.0 | Status: Active
Supersedes: 2.0.0
UN conformity topic code:

Requirements for whistleblower protection and non-retaliation policies

Full Description

D5. Protection of Identity and Non-Retaliation

Code 8.0

Programs that ensure the confidentiality, anonymity, and protection of supplier and employee whistleblowers* shall be maintained, unless prohibited by law. Participants shall have a communicated process for their personnel to be able to raise any concerns without fear of retaliation.

Elements to Demonstrate Compliance to RBA Code

1. Policy

Ensure facility ethics and/or protection of identity and non-retaliation policy includes the following elements:

  • a. Protection of personal identity and non-retaliation of workers who bring forward information, grievances, allegations in any form.
  • b. Protection of whistleblowers and/or users of the grievance mechanism(s) (internal and external)

2. Procedures & Practices

Procedures & Practices are in place such that:

  • a. The gathering, follow-up, and investigation of reports of ethical or legal misconduct are done while protecting the identity of the reporting source.
  • b. There are clear communications channels so that workers are comfortable reporting violations or issues of concern without fear of reprisal.
  • c. Reporting violations is encouraged.
  • d. There is adherence to policies that prohibit retaliation for worker reporting.
  • e. Workers can anonymously report suspected violations of business conduct standards in a manner that prevents possible retaliation.
  • f. Workers understand how the process works.
  • g. External stakeholders such as sub-tier suppliers understand how the process works and can make use of it. Workers and external stakeholders have written information from the facility on how to report ethical or legal concerns.

3. Controls & Monitoring

Controls & Monitoring should include:

  • a. Investigations are conducted in a manner to not breach the protection of identity.
  • b. Records created, maintained and access controlled so as not to breach the protection of identity.
  • c. Communication and records and access to them are reviewed to ensure that this is upheld.

4. Serious conditions that will result in a severe finding

  • There are cases of confirmed retaliation of workers.
  • There are confirmed breaches of confidentiality of identity of whistleblowers or those who have filed a grievance.
Profiles using this criterion

RBA Assessment Program

Conformity Alignment

Priority

Pass: No
Definition: "Critical non-conformance requiring immediate action"
Remediation: 30 days

Major

Pass: No
Definition: "Significant non-conformance requiring corrective action"
Remediation: 90 days

Minor

Pass: Yes
Definition: "Non-conformance with limited impact"
Conditions: Corrective action plan required
Remediation: 180 days

Opportunity

Pass: Yes
Definition: "Opportunity for improvement identified"

Conformance

Pass: Yes
Definition: "Full conformance with criterion requirements"

Related Criterion

VAP: Business Integrity and No Improper Advantage

Relationship: Related
Reporting ethical violations without retaliation

VAP: Privacy

Relationship: Related
Protection of personal identity information

VAP: Ethics Management System

Relationship: Parent
Management system for ethics practices

VAP: Labor Management System

Relationship: Related
Worker grievance mechanisms

Change Log

2.1.0 (2023-09-01)

Added

  • Retaliation evidence scope broadened to cover workers who removed themselves from imminent harm: AC#1 (grievance and investigation records confirm no forms of retaliation) gained sub-item 1.a 'Including situations where workers removed themselves from imminent harm'. This broadens the evidentiary scope of the retaliation check so that retaliation against a self-removing worker is explicitly within the assessed scope of the confirmed-retaliation Priority finding. Ruled minor (ancillary clarification): retaliation for self-removal already falls within 'forms of retaliation' under the existing AC#1.

2.0.0 (2022-06-01)

Changed

  • Added evidence-based Priority fail-trigger (confirmed retaliation / breach of identity): The rating determinant was fundamentally rewritten. In 7.0.0 (provision D6) Priority was Not Applicable and pass/fail rested purely on documentary policy/procedure completeness (Major = 'No detailed and understandable policy and procedures implemented'). 7.1.2 (D5) introduces a Priority rating — '1. Confirmed retaliation / 2. Confirmed breach of identity' — assessed against evidence-based ACs (grievance/investigation records confirm no retaliation; communication records do not breach identity; personnel/redundancy records demonstrate no retaliation). A facility that passed 7.0.0 with an adequate policy on paper could now fail 7.1.2 if records reveal a confirmed instance of retaliation or identity breach — a prior pass can become a fail, hence major. (Renumber D6 -> D5 is cosmetic.)

1.0.0 (2021-01-01)

Changed

  • Initial historical baseline — Protection of Identity and Non-Retaliation (RBA Code of Conduct 7.0): Earliest imported version (provision D6). Programs ensuring confidentiality, anonymity and protection of supplier and employee whistleblowers, and a communicated process for personnel to raise concerns without fear of retaliation. Rated on documentary policy/procedure completeness only — Priority was Not Applicable; the worst rating was Major ('No detailed and understandable policy and procedures implemented'), with Minor for partial policy/procedures/implementation. No evidence-based confirmed-retaliation or identity-breach Priority trigger yet existed.