Supplier's due diligence
Here we explain the supplier's due diligence, i.e. what is meant by identifying, preventing, mitigating and remedying advsere impact. In the guidance to each process requirements, you will also find supporting documents and suggestions for verification to show that you meet the requirement.
After the introduction, you will find the sections on:
Introduction
The regions have adopted a joint code of conduct for suppliers that covers the areas of human rights, workers' rights, the environment and business ethics. The purpose of the code of conduct is to ensure that our suppliers work in accordance with internationally recognized frameworks. That you as a supplier have one or more policies, or codes of conduct, covering these areas is therefore necessary, but not sufficient.
In order for you as a supplier to be able to identify and manage risks to people and the environment during the entire life cycle of the product or service, a due diligence process is required to be able to manage these risks effectively.
You can explain the difference between the code of conduct and the due diligence process is that the code of conduct states WHAT to be achieved while the due diligence process states HOW that should be achieved.
Excerpt from the contract terms
In order to ensure compliance with the commitments in the Code of Conduct for suppliers, Supplier shall have a due diligence process in accordance with clauses 2.1.1 - 2.1.7. The process shall be documented and applied from [the start of the contract/other time determined by the contracting organisation]. Through this process, Supplier shall identify, prevent, mitigate and remedy adverse impacts on people, the environment and society in its own operations and in its supply chains. This means that:
What is due diligence?
Due diligence has been defined as:
Due diligence is the process enterprises should carry out to identify, prevent, mitigate and account for how they address these actual and potential adverse impacts in their own operations, their supply chain and other business relationships, ... (OECD Due Diligence Guidance for Responsible Business p. 15)
Within the scope of the contract term on due diligence for sustainable supply chains, due diligence includes identifying, preventing, mitigating and remedying negative impacts on people, the environment and society in your own operations and in the supply chains.
This means that the contract terms contain both results requirements and process requirements: to ensure compliance with the commitments on human rights, workers' rights, the environment and business ethics, you must have a due diligence process.
-
How to carry out a risk analysisStep 1: Mapping the supply chain The first step in a risk analysis consists of mapping the supply chain to find out its structure. This includes identifying in which countries the work is carried out, and if possible also in which regions. This is particularly relevant if the work is carried out in any region known to have high risks. Within certain industries such as food, textiles and IT there is a lot of information. For other industries such as pharmaceuticals, however, transparency is low. To obtain this information, you can ask the category manager, the category councils, ask questions of suppliers, find out import data, read audit reports and market analyzes for specific industries. It is also important to identify what type of work is carried out and what type of actors in the supply chain that performs it. Is it, for example, an industry characterized by low wages and health-hazardous processes? Does the workforce consist of migrant workers or seasonal workers? Is the supply chain complex with many subcontractors and a lack of transparency? This type of information is important as both geographical risks, industry risks and product risks need to be taken into account. Step 2: Gather information from credible and independent sources Once you have mapped the origin and the supply chain, the next step is to gather information about the situation of human rights, workers' rights, the environment and business ethics in the relevant countries where the work is carried out, that is, both for final manufacturing, component manufacturing and raw materials. For this you need to turn to credible and independent sources such as international organizations, authorities, voluntary and civil society organizations and global trade unions. Sources Step 3: Identify and assess negative impacts The last step involves assessing the actual and potential negative impact the supply chain is associated with, based on the information that has been compiled in steps 1 and 2. This is to be able to determine which concrete measures need to be taken to manage the risks. Often several risks have been identified and to prioritize them you need to make a seriousness assessment. The most significant risks are prioritized based on probability and seriousness ( read more under point d in process requirement 2 )
Process requirements 1
Here we explain what is meant by integrating the commitments into policies and management systems. We describe the requirements for policies and how responsibility for due diligence shall be distributed between the board of directors, persons in management positions and employees.
Process requirements 2
Here we explain what is meant by identifying and assessing adverse impacts. We describe the concepts of risk suppliers, supply chain mapping, consultation with rights-holders and particularly vulnerable groups, and how you can prioritise risks based on likelihood and severity.
Process requirements 3
Here we explain what is meant by preventing and mitigating advserse impact that you cause or contribute to. We describe the responsibility and the need to cease activities that cause or contribute to adverse impact, establish action plans and take into account purchasing methods.
Process requirements 4
Here we explain what is meant by preventing and mitigating adverse impacts linked to the supplier. We describe the responsibility and the need to use your leverage through, for example, supplier assessments, the establishment of action plans and the forwarding of requirements in writing.
Process requirements 5
Here we explain what is meant by monitoring the measures to prevent and mitigate adverse impacts. We describe what we mean by following-up established action plans, by consulting in a meaningful way with rights-holders or their representatives, and by addressing deviations.
Process requirements 6
Here we explain what is meant by enabling grievances. We describe the key functions of grievance mechanisms, for which stakeholders they shall be open, the need to address submitted grievances and the different requirements for the supplier’s own operations and its supply chains.
Process requirements 7
Here we explain what is meant by providing remediation. We describe the concept, when you are obliged to remedy and the need to consult in a meaningful way with affected rights-holders and evaluate whether they are satisfied with the process and the result.