Beginning with eight members in 2004, today the RBA core membership (not counting initiative-only members) is comprised of more than 250 electronics, retail, auto and toy companies. In addition to RBA members, thousands of companies that are Tier 1 suppliers to members are encouraged to implement the RBA Code of Conduct. If you’re relying on staffing agencies, subcontractors, or factory labor abroad — this is where audits get aggressive. An international standard aimed at improving working conditions, focusing on workers’ rights and promoting fair treatment. Our experts are registered APSCA (Association of Professional Social Compliance Auditors) auditors with CSCA or ASCA status. Version 8.0 can be viewed here in English and is also available in multiple languages and dialects below.

What are common failure points in RBA assessment?

An audit methodology that checks compliance with ethical principles in areas such as working conditions, health and safety, as well as environmental impact within organizations. The RBA Code of Conduct itself also outlines management systems to help members establish systems and structures to support workers’ rights and the wellbeing of their communities. The RBA provides a range of tools and resources to help members establish and maintain these systems and structures. RBA Validated Assessment Program (VAP) Assessments are carried out on RBA member facilities and their suppliers’ facilities are completed by independent, third-party firms specially trained in social and environmental auditing and the VAP protocol. RBA enables secure access to electronic health records (EHRs) and ensures compliance with privacy regulations like HIPAA.

SA8000 (Social Accountability International)

Regular and Full members are encouraged to apply the Code to their owned facilities and pass it down to their supply chains. The RBA attempts to investigate any credible claim of non-conformance to the Code for all Regular and Full member companies at the company level and within their supply chains. Please review the RBA Incident Management Process Flow for information on our incident intake and resolution process. The purpose of this document is to outline a process that will be followed when members, stakeholders, and the public raise concerns. It also includes the high-level flow of building leverage through disengagement as laid out by the OECD.

Less Time To Maintain

One of the most fundamental RBA programs is the Validated Assessment Program (VAP), which is a leading standard for onsite compliance verification and effective, shareable assessments conducted by independent, third-party firms. If you want to stay competitive, keep your contracts, and protect your supply chain, you need to speak RBA fluently — and back it with data. The RBA Code of Conduct is the bar.If you’re in electronics, automotive, or consumer manufacturing — and your supply chain touches an RBA member — you’re already in scope.

RBA members are encouraged to commit to a common Code of Conduct and utilize a range of RBA training and assessment tools to support continuous improvement in the social, environmental and ethical responsibility of their supply chains. RBA improves security by dynamically adapting authentication requirements based on the assessed risk of each login attempt or transaction. By requiring additional verification steps for high-risk scenarios and streamlining authentication for low-risk ones, RBA helps prevent unauthorised access and fraud while maintaining a user-friendly experience. Risk Based Authentication is a powerful security approach that enables organisations to dynamically adapt authentication requirements based on the real-time assessment of login or transaction risk. By considering a wide range of contextual factors and leveraging advanced technologies like biometrics and adaptive authentication, RBA authentication helps organisations strike the right balance between security and usability.

Why You Should Care About the RBA Code

RBA members can demonstrate commitment to continuous improvement through performance in assessments, use of RBA training tools and resources, and participation in RBA activities, including project-specific working groups and taskforces and RBA events. RBA members are encouraged to commit publicly to the RBA Code of Conduct and to actively CMC Markets Review pursue conformance to the Code and its standards, based on their membership category criteria. RBA members should regard the Code as a total supply chain initiative, meaning that their next tier suppliers should acknowledge and implement the Code. Members are asked to commit to the Code of Conduct, spread that commitment to their supply chains, and undertake a range of assessment activities to help them live into the spirit of the Code. If you would like to submit a grievance or feedback about an RBA member company or its supplier, fill out this form.

RBA members may choose not to use the Validated Assessment Program for their supply chain sustainability audits (although they must use the RBA VAP protocol for their audits). The standards set out in the Code of Conduct reference international norms and standards including the Universal Declaration of Human Rights, ILO International Labor Standards, OECD Guidelines for Multinational Enterprises, ISO and SA standards, and many more. While the Code of Conduct originated with the electronics industry in mind, it is applicable to and used by many industries beyond electronics.

Founded in 2004 by a group of leading electronics companies committed to supporting the rights and well being of workers and communities worldwide affected by the global electronics supply chain. If a user fails to satisfy the authentication requirements imposed by the RBA risk based authentication system, access to the requested resource or service may be denied. In some cases, additional authentication steps may be required, or the user may be prompted to contact support for further assistance. Traditional authentication relies on static factors, such as passwords or security questions, to verify a user’s identity. In contrast, risk-based multi-factor authentication dynamically adjusts the authentication requirements based on the assessed risk of each login attempt or transaction, taking into account a wide range of contextual factors beyond just the user’s credentials.

The Responsible Business Alliance is an industry coalition dedicated to responsible business conduct in global supply chains. Yes, RBA authentication can be implemented in mobile apps to secure access to sensitive data and functionality. Mobile-specific risk factors, such as device fingerprinting, geolocation, and app integrity checks, can be incorporated into the RBA risk assessment process. RBA minimises friction for legitimate users by streamlining authentication processes in low-risk scenarios while applying additional security measures only when necessary. In these cases, the RBA system may grant access without requiring additional authentication steps, providing a seamless and frictionless user experience.

• One of the most fundamental RBA programs is the Validated Assessment Program (VAP), which is a leading standard for onsite compliance verification and effective, shareable assessments conducted by independent, third-party firms.
• We bring extensive experience in RBA requirements, with hundreds of social audits conducted in over 30 countries worldwide.
• Yes, RBA authentication can be implemented in mobile apps to secure access to sensitive data and functionality.
• RBA minimises friction for legitimate users by streamlining authentication processes in low-risk scenarios while applying additional security measures only when necessary.
• In these high-risk scenarios, the RBA system may require the user to complete multiple additional authentication factors, such as biometric verification (e.g., fingerprint or facial recognition), hardware token validation, or even manual intervention by security personnel.

What Happens If You’re Not Aligned?

They are based on international norms and standards including the Universal Declaration of Human Rights, ILO International Labor Standards, OECD Guidelines for Multinational Enterprises, ISO and SA standards, and many more. Risk based authentication RBA can be beneficial for businesses of all sizes and industries that require secure access to digital assets and sensitive data. However, the specific implementation and configuration of RBA may vary depending on the organisation’s security needs, risk appetite, and regulatory requirements.

An initiative that provides a framework for companies in the automotive industry to adhere to social, ethical, and environmental standards in their supply chains. CSR Experts Hub is here to assist you in understanding and implementing RBA requirements, providing tailored solutions for your company to meet your specific needs. Our experts will guide you through every step of the process, ensuring easy implementation and making the RBA audit process smoother. We bring extensive experience in RBA requirements, with hundreds of social audits conducted in over 30 countries worldwide. Implementing risk-based authentication offers numerous benefits, including improved security posture, enhanced user experience, customisable risk policies, reduced operational costs, and compliance enablement. As cyber threats continue to evolve and user expectations for seamless digital experiences rise, adopting risk-based multi-factor authentication becomes increasingly crucial for organisations across industries.

• CSR Experts Hub is here to assist you in understanding and implementing RBA requirements, providing tailored solutions for your company to meet your specific needs.
• Traditional authentication relies on static factors, such as passwords or security questions, to verify a user’s identity.
• Risk based authentication RBA can be beneficial for businesses of all sizes and industries that require secure access to digital assets and sensitive data.
• By evaluating these factors in real-time, RBA risk-based authentication can assess the likelihood of a login attempt or transaction being fraudulent or malicious.
• By requiring additional verification steps for high-risk scenarios and streamlining authentication for low-risk ones, RBA helps prevent unauthorised access and fraud while maintaining a user-friendly experience.

Online banking and financial services:

Translations are provided as additional resources to increase accessibility, however, please note that the official document for reference is the English version.

RBA can safeguard corporate data and resources by enforcing risk based access controls for employees, partners, and contractors. RBA helps secure online banking portals, detect fraudulent transactions, and protect sensitive financial data. RBA supports compliance with various security and privacy regulations, such as GDPR, HIPAA, and PCI DSS, by providing a robust and adaptable authentication framework that meets stringent security requirements. Organisations can tailor their RBA risk policies to align with their specific security requirements, risk appetite, and regulatory obligations. This flexibility allows for fine-grained control over authentication flows and risk mitigation strategies.

Instead, sustainability issues in supply chains are often complex, and it is not uncommon for companies to face new or chronic challenges to protect the rights and well-being of workers and communities in their supply chains. As a leading industry coalition driving supply chain sustainability, the RBA sets standards, encourages members to adhere to them, and provides a range of measures to assist its members in pursuing continuous improvement in supply chain sustainability. By dynamically adapting authentication requirements based on real-time risk assessments, RBA helps organisations reduce the risk of account takeover, data breaches, and fraudulent transactions. Risk Based Authentication (RBA) is a dynamic security approach that adapts the authentication process based on the perceived risk level of a user’s login attempt or transaction. In these high-risk scenarios, the RBA system may require the user to complete multiple additional authentication factors, such as biometric verification (e.g., fingerprint or facial recognition), hardware token validation, or even manual intervention by security personnel.

Trade Compliance

By analysing patterns and anomalies, adaptive authentication can refine risk assessments and authentication decisions, reducing false positives and improving the overall user experience. In this model, the authentication requirements vary based on the specific transaction or action being performed, even for the same user. The Responsible Business Alliance (RBA) is the largest industry coalition promoting corporate social responsibility in global supply chains. An initiative that helps companies ensure that their suppliers respect fair working conditions and human rights in production processes through the establishment of a common code of conduct. CRBA extends the risk assessment process beyond the initial login by continuously monitoring user activity throughout the session. If suspicious behaviour is detected, the system can prompt for additional authentication or even terminate the session.

Prior to Razorpay, he spent over nine years as a sports journalist with The Hindu, where he covered major ICC tournaments and led the Bangalore sports bureau. This diverse experience helps him bridge customer insight with product strategy in high-growth tech environments. Biometric factors, such as fingerprints, facial recognition, or voice recognition, provide a strong and unique identifier for users. Integrating biometrics into RBA flows can significantly increase the assurance level of high-risk authentication scenarios.