Process requirements 1
Here we explain what is meant by integrating the commitments into policies and management systems. We describe the requirements for policies and how responsibility for due diligence should be distributed between the board of directors, persons in management positions and employees.
Excerpt from the contract terms
Supplier shall integrate the commitments in the Code of Conduct for suppliers into policies and allocate responsibility for policies and due diligence, by
a. ensuring that relevant policies, established at the highest management level, are adopted or revised to comply with the commitments in the Code of Conduct for suppliers,
b. publishing the policies and communicating them to rights-holders affected by its own operations,
c. ensuring that the board of directors takes the policies into account when making decisions;
d. appointing one or more persons in management positions as responsible for the due diligence process and
e. assigning responsibility for the implementation of the policies to employees whose decisions are most likely to increase or decrease the risks of adverse impacts.
a) Policies
You shall ensure that relevant policies, established at the highest management level, are adopted or revised to comply with the commitments.
By "policy" is meant a high-level public statement that sets out your commitments. This policy is distinct from operational guidelines and processes, which are usually not public and help to translate the high-level position into operational terms.
-
How to carry out a risk analysisStep 1: Mapping the supply chain The first step in a risk analysis consists of mapping the supply chain to find out its structure. This includes identifying in which countries the work is carried out, and if possible also in which regions. This is particularly relevant if the work is carried out in any region known to have high risks. Within certain industries such as food, textiles and IT there is a lot of information. For other industries such as pharmaceuticals, however, transparency is low. To obtain this information, you can ask the category manager, the category councils, ask questions of suppliers, find out import data, read audit reports and market analyzes for specific industries. It is also important to identify what type of work is carried out and what type of actors in the supply chain that performs it. Is it, for example, an industry characterized by low wages and health-hazardous processes? Does the workforce consist of migrant workers or seasonal workers? Is the supply chain complex with many subcontractors and a lack of transparency? This type of information is important as both geographical risks, industry risks and product risks need to be taken into account. Step 2: Gather information from credible and independent sources Once you have mapped the origin and the supply chain, the next step is to gather information about the situation of human rights, workers' rights, the environment and business ethics in the relevant countries where the work is carried out, that is, both for final manufacturing, component manufacturing and raw materials. For this you need to turn to credible and independent sources such as international organizations, authorities, voluntary and civil society organizations and global trade unions. Sources Step 3: Identify and assess negative impacts The last step involves assessing the actual and potential negative impact the supply chain is associated with, based on the information that has been compiled in steps 1 and 2. This is to be able to determine which concrete measures need to be taken to manage the risks. Often several risks have been identified and to prioritize them you need to make a seriousness assessment. The most significant risks are prioritized based on probability and seriousness ( read more under point d in process requirement 2 )
Proposal for verification
All relevant policies with the executive director's signature and date of signature, or with a statement of the board's date of adoption.
If you use a multi-stakeholder initiative's code of conduct, a comparison of the code of conduct against the commitments and a description of how you are working for the initiative to revise the code, if necessary.
b) Publish and communicate the policies
You must make the policies publicly available and communicate them to rights holders affected by your own operations.
The policies shall be publicly available to each stakeholder group. This means that policies aimed at suppliers must be available on your website. The same applies to policies aimed at people living near or downstream from the operation, including landowners, farmers and indigenous peoples. Policies aimed at people living near or downstream from your business can also be communicated in consultation with rights holders.
Consult with rights holders and retrieve information
You can make policies aimed at employees publicly available on your premises or on your intranet, and communicate them during staff introductions or training sessions and regularly as needed.
Regardless of where the policies are available, they must be available in local languages.
Rights holders should also be informed about complaint procedures linked to the policies. These are often a combination of formal complaints mechanisms and guidelines on who to contact within management or Human Resources, if the complainant prefers to raise the matter directly with those responsible.
Suggtested verifications
-
Links to websites.
-
Photos of policies publicly available on your premises.
-
Screenshots or printouts of intranet pages or onboarding systems.
-
PowerPoint presentations from staff introductions or training.
-
Minutes from meetings or hearings with rights holders who live near or downstream from your business
-
Printouts of e-mail communications with rights holders who live near or downstream from your business.
c) The board
You must ensure that the board takes the policies into account when making decisions.
The board is generally involved in approving policies and sustainability reports. The board can also be involved in decisions about business strategies that may have consequences for people, the environment, and society. It can therefore be useful to appoint board members with competence in and responsibility for sustainability.
The requirement to ensure that the board takes the commitments into account when it makes decisions is aimed at all decisions that the board may take. One way to ensure that the board takes the policies into account is through a checklist. Please find a template checklist at the bottom of this page.
Suggested verification
-
Process document that describes how the board takes the policies into account when making decisions, both regarding your own business and the supply chain.
-
Checklists for each decision.
-
Minutes of meetings where the considerations have been recorded.
d) Responsible persons in management function
You shall appoint one or more person in the company's management who are responsible for the due diligence process.
The person or persons in the company management are responsible for the policies being implemented in the operational work. The CEO, finance manager, human resource manager, general counsel, procurement manager orsustainability manager can be counted as management. However, it is up to you to identify the relevant functions depending on the specific characteristics of your company, such as the nature of the business and the risks you face.
Suggested verification
-
Organization charts.
-
Job descriptions for management positions.
e) Employees who increase or decrease the risks
You shall assign the responsibility for the implementation of the policies to employees whose decisions are most likely to increase or decrease the risks of negative impact. Listed below are various departments/functions and examples of commitments they are often responsible for.
As noted above, there can be significant overlap between departments. You may therefore need to appoint cross-functional groups or committees to share information and decision-making.
The distribution of responsibilities requires internal communication of commitments, policies, and processes. It also requires that you ensure that the employees concerned have the necessary skills and training as well as sufficient influence within the organization.
The internal capacity for the implementation of policies should be commensurate with your risk profile. If you are a small business with limited risks, it is likely a task can be assigned to an existing employee and that requires a limited amount of his or her time. If you are a company with significant risks, more dedicated staff and budget resources are required.
Departments/functions
Examples of commitments
Sustainability, responsible purchasing
Environmental and/or social experts
Personnel/HR
Operations, production
Legal, Compliance, Ethics/Integrity
Purchasing, supply chain management, business relations
Community development
Risk management
Potentially all commitments
Human rights, workers' rights including occupational health and safety in the workplace, environment, other social commitments
Workers' rights including recruitment and labor market relations as well as occupational health and safety
Human rights, workers' rights including occupational health and safety in the workplace, environment
Human rights, workers' rights including employment and industrial relations, business ethics including corruption and compliance, contracting with supplier
All commitments, including screening, contracting and monitoring of supply chains (through audits and other methods)
Human rights, environment, community health and safety, stakeholder engagement, disclosures
Potentially all commitments
Suggested verification
-
Organization charts.
-
Job descriptions for employees.
-
PowerPoint presentations from training courses.
Templates for process requirements 1