Selling into Walmart, Target, Macy’s, Aldi, Smyths Toys, Auchan and Other Majors: A Comprehensive Guide
- Nov 21, 2025
- 8 min read
Updated: Dec 16, 2025
Here’s the part many first-time importers miss: it’s your supplier’s factory—not your brand—that must hold the right audits, be disclosed in the retailer’s portal, and keep those reports current before a PO is released. Programs stall when teams don’t plan who pays, how to handle annual renewals, whether a plant can actually pass, or how factory disclosure can create “free sourcing” risk (retailers contacting your disclosed factory directly).
This 2026 guide is written for brand owners, importers, and sourcing leads. You’ll learn which audits buyers accept, how to vet a plant before you book, what’s changed this year, who should pay (and when to co-fund), realistic timelines, renewal calendars, and practical steps to protect your sourcing once disclosure is mandatory.
Understanding the Audit Landscape
Before you book anything, map the buyer’s ask to the audit type—then match it to an accepted program.
Most buyers accept amfori BSCI or SMETA/SEDEX. BSCI outputs an A–E result derived from 81 audit questions across 13 Performance Areas, including 20 “crucial” questions that carry more weight.
SMETA audits the same social domains and is offered in 2-Pillar (Labour + Health & Safety) or 4-Pillar (+ Environment + Business Ethics).
US-facing retailers typically ask for SCAN or GSV. SCAN is a shared, industry program designed to reduce audit duplication; GSV is Intertek’s verification aligned with C-TPAT/AEO/PIP frameworks. Both map to CTPAT Minimum Security Criteria concepts such as perimeter control, container integrity, and training.
Retailer-specific assessments (e.g., FCCA for Walmart Direct Import) confirm the plant can meet throughput, quality, and documentation expectations before orders. Walmart states FCCA is required prior to order commitment, alongside Responsible Sourcing (social) and Supply Chain Security.
Key point: these are factory-level audits. Your job is to confirm acceptance criteria and timelines and coordinate disclosure; the factory books the audit, hosts the assessor, and closes CAPA.
What Changed in 2026—and Why Timelines Feel Tighter
BSCI integrity shift. Fully announced audits are no longer the norm; semi-announced / unannounced visits are standard to improve integrity. Plants must demonstrate everyday reality—not a staged day. (This policy change rolled out across 2024 and now shapes 2026 planning.)
SMETA 7.0 methodology refresh. The new version emphasizes Workplace Requirements and Management Systems Assessment to surface root causes, not just paper fixes. If your CAPA relies on “train and hope,” expect pushback.
Security alignment. SCAN and GSV continue to anchor their checks to CTPAT expectations; buyers may prefer one label, but the control set is broadly similar.
Bottom line: documentation has to be real, scheduling windows are tighter, and renewal planning matters because reports are typically treated as valid for ~12 months by buyers (always check your retailer’s playbook).
What Buyers Actually Ask For (Typical Stacks You’ll See)
Responsible Sourcing (social) + SCS (security) + FCCA (capability). Walmart notes FCCA is required prior to order commitment for new factories; the site must be onboarded in Walmart’s system before POs.
Beyond social (BSCI/SMETA) and CTPAT-aligned security (often SCAN/GSV per buyer preference), Target commonly requires Higg / Worldly environmental self-assessment (Higg FEM) for in-scope factories—especially Tier 1 & Tier 2 soft-home/apparel/textiles—and tracks completion/verification in their Responsible Sourcing & Sustainability program. Always confirm scope by category on Partners Online, but plan the FEM cycle alongside social/security so onboarding isn’t blocked.
BSCI or SMETA (often SMETA 4-P) for social + SCAN or GSV for security. (Buyer preference decides SCAN vs. GSV.)
BSCI or SMETA broadly accepted; security asks vary by program.
Usually want social proof plus packaging/ship-test compliance; security audits appear more for higher-risk lanes or categories.
Non-negotiable reality: No audit → No factory onboarding → No PO. Walmart also states that suppliers must disclose all facilities involved in production to ensure compliance with audit requirements—so plan disclosure timing.
Retailers with Demanding Audit Playbooks (Quick Reference—Confirm per Program)
Walmart (US)
Requires a three-part pre-qualification stack for Direct Import: Responsible Sourcing (social) + Supply Chain Security + FCCA (capability); FCCA is required prior to order commitment for new factories. Factory must be disclosed/onboarded before POs.
Target (US)
Responsible Sourcing & Sustainability Audit Program with location disclosure + annual Higg FEM for in-scope factories; CTPAT-aligned security verification typically required (check portal for SCAN/GSV acceptance by category).
Amazon (Global)
For Amazon-branded/Accelerator, suppliers must submit an Amazon-approved Social Responsibility audit during onboarding and periodically thereafter.
Disney (Global licensing)
FAMA (Facility & Merchandise Authorization) under ILS: facilities must be authorized before production and keep assessments current (Better Work may be required by region).
ALDI (US/EU)
Requires third-party social audits as part of its Social Monitoring Program (common acceptance: BSCI/SMETA); CAPA must close issues.
Widely uses Sedex/SMETA in high-risk supply chains; historically also references BSCI in programs.
Requires Sedex registration, SAQ, and SMETA where indicated; audit reports uploaded to Sedex and CAPR close-out within deadlines.
States suppliers must submit to third-party ethical audits.
Use this as guidance, not legal gospel: acceptance lists change by category and country. Always check the buyer’s latest portal/manual for your SKU.
Who Pays—and How to Keep It Fair
Audits are expensive and factories are (rightly) cautious without guaranteed orders. Use a stance that protects your margin and keeps the relationship healthy:
Default: the factory pays for audits it can reuse to win multiple customers. They own the report and gain marketability.
Co-fund only when you get value. If you request an extra program outside their normal buyer set, consider co-funding only if you receive exclusivity, volume commitments, or a time-limited advantage—in writing.
Avoid the trap. Don’t fully fund a plant-owned audit that will help your competitors court the same factory.
Helpful script (copy/paste):
“Supplier to bear the cost of audits accepted by our target retailers. If we request an extra program, we’re open to co-funding tied to exclusivity or volume. Let’s align a timeline so you can onboard quickly and we can place POs.”
Annual Renewals: Build the Calendar Now
Most buyers treat social/security reports as current for about 12 months. A lapsed report can block PO release. Create a simple renewal rhythm for each applicable program:
T-90 days: book renewal and review last CAPA.
T-45 days: quick internal checks (exits, timekeeping/PPE, seal logs, training).
T-30 days: confirm platform access (Sedex, retailer portals); tidy documents.
Audit day: prepare a quiet room, labeled folders, and a knowledgeable coordinator.
T+7–30 days: upload evidence and close CAPA items.
Repeat the cadence for social, security, and capability audits at the site.
Don’t Book Until You Check “Auditability” (A Fast Two-Step Screen)
Step 1 — Desk Scan (1–2 hours, remote)
Any recent, accepted social/security reports?
HR & OH&S basics: timekeeping that matches payroll; PPE/guarding; MSDS & chemical storage; clear routes.
Subcontracting declared and controlled?
Dorm/canteen (if any): basic hygiene and records?
Step 2 — Light Walkthrough (On-site or Video, Half-Day)
Exits/aisles clear with signage; blocked-exit culture fixed.
Machine guarding actually installed; not just “on order.”
Chemical cabinets & spill kits; labels on containers.
Training/drill records posted; workers can explain them.
Container/seal process exists (if security required).
If this screen fails, don’t push the plant into an audit. Fix fundamentals or pick a more mature supplier.

First-Audit Timeline When a Factory Has None (Realistic Plan)
Week 0–1: Desk scan + walkthrough → go/no-go.
Week 1–2: Factory books BSCI/SMETA (confirm buyer acceptance).
Week 3–6: Social audit window (semi-announced/unannounced). Report in ~1–2 weeks.
Week 6–10: CAPA closes non-conformities; re-checks as needed.
Parallel (Week 2–8): Book SCAN/GSV if your buyer requests it; overlap calendars to compress time.
Onboarding: After acceptable outcomes, submit factory disclosure into the retailer system and complete site set-up.
You can’t promise ship dates until these steps are scheduled and achievable.
Deep Dive: What Each Audit Looks At—and How to Pass First Time
BSCI (amfori)
Scope & scoring. Auditor answers 81 questions across 13 Performance Areas and flags 20 “crucial” questions with extra weight; PA ratings roll up to an A–E audit outcome.
2026 reality. With fully-announced audits out, routine evidence matters: 12 months of timecards & payroll, right-to-work records, OHS risk assessments, guarding photos, chemical storage/MSDS, drills, grievance handling, subcontractor control.
Actionable tips.
- Reconcile timekeeping vs. payroll; cure mismatches before audit day.
- Photograph fixes (guards, PPE stations) with dates; keep purchase receipts.
- Keep subcontracting transparent; hidden sites derail approvals.
SMETA / Sedex (2-Pillar vs 4-Pillar)
What it covers. SMETA is the world’s most widely used social audit; 4-Pillar adds Environment & Business Ethics to Labour & H&S. Many big retailers prefer 4-P by default.
What’s new in 7.0. Workplace Requirements and Management Systems Assessment raise the bar on root-cause analysis and sustained controls. Build CAPA that prevents recurrence, not just “did a training.”
Actionable tips.
- Pre-align on which pillar set your buyer accepts.
- Use Sedex platform sharing to simplify buyer access post-audit.
Security: SCAN vs. GSV (CTPAT-Aligned)
SCAN. An industry shared audit program to reduce redundancy; members share reports against consistent security expectations (think: fewer duplicate visits, same bar).
GSV (Intertek). A security verification program that integrates C-TPAT, AEO and PIP frameworks—familiar to many North American retailers and brands.
CTPAT baseline. Expect checks around perimeter/access control, 7-point container inspections, seal handling, HR screening, cargo storage, training, and incident response.
Actionable tips.
- Create a one-page SOP for 7-point inspections and keep signed checklists by departure.
- Maintain a numbered seal log (issued/used/voided) with exception handling.
Capability/Capacity: FCCA (e.g., Walmart DI)
Why it exists. Confirms the plant can build at quality and volume with competent systems, lines, and documentation.
When it happens. Before order commitment; part of Walmart’s pre-qualification alongside RS (social) and SCS (security).
What to prep. Golden-sample control, station work instructions, calibrated tools with visible stickers, first-article inspection template, CTQ matrix with sampling frequency.

Roles & Responsibilities—Keep Them Crystal Clear
You (Brand/Importer):
Confirm exact programs your buyer accepts (BSCI vs. SMETA; SCAN vs. GSV; FCCA?).
Run the auditability screen; don’t waste months on unready plants.
Set the calendar (first audits and renewals).
Protect your sourcing (NNN, exclusivity, Vendor-of-Record/commission).
Submit factory disclosure once reports are acceptable.
Factory (Supplier Partner):
Books the audit body (often via an agent).
Hosts the audit; owns documents and CAPA.
Schedules renewals and shares reports on accepted platforms (e.g., Sedex).
Factory Disclosure Risk: Reduce “Free Sourcing”
Retailers often require factory disclosure to verify compliance, but disclosure can give buyers a pathway to approach your plant directly. Reduce the risk:
NNN + project-specific confidentiality with the factory (Chinese-law NNN if relevant).
Vendor-of-Record or commission protection with the retailer for named SKUs or a time-boxed exclusivity.
Scope control: disclose only the producing site(s) required for onboarding.
Own the value-add: keep IP (design files, artwork, firmware), control master tooling/split inserts, own packaging assets—so “going direct” costs time/quality.
Stage timing: disclose when a PO is near, not months in advance.
Paper the co-fund: if you contribute to audit cost, tie it to exclusivity/volume in writing.
Remember Walmart’s stance: suppliers are responsible for disclosing facilities and meeting audit requirements; Walmart does not schedule audits for suppliers. Use that phrasing when aligning roles internally.
FAQs
Can we get a PO while we’re auditing? Not with majors—your factory must be onboarded with accepted audits first.
SMETA 2-P or 4-P? Many big retailers prefer 4-P; confirm with the buyer.
SCAN vs. GSV—what’s better? Neither globally; use the buyer-preferred security program—both align to CTPAT practices.
How long are audits valid? Often ~12 months in practice; check your retailer’s routing guide.
Who pays? Typically the factory; consider co-funding only with exclusivity/volume tied in writing.
Conclusion: Source Smart, Disclose Safely, Plan Renewals
Major retailers don’t just want “an audit”—they want the right audit stack performed at the actual producing site, shared on the right platforms, and kept current. Treat social, security, and capability as three legs of the same stool. Screen auditability before you book, negotiate payment terms that protect your margin, build a renewal calendar, and protect your sourcing when disclosure is non-negotiable. That’s how you replace last-minute fire drills with predictable launches and clean PO flow.
Need a second set of eyes? Awen Hollek can run pre-audit scans, set renewal calendars, and help negotiate fair payment models without undermining your leverage. Book a 30-minute pre-audit review—bring a target buyer list and two factory options, and we’ll discuss the fastest safe path to onboarding.



Comments