Process requirements 2
Here we explain what is meant by identifying and assessing adverse impacts. We describe the concepts of risk suppliers, supply chain mapping, consultation with rights-holders and particularly vulnerable groups, and how you can prioritise risks based on likelihood and severity.
Excerpt from the contract terms
Supplier shall identify and assess actual and potential adverse impacts, by
a. identifying risk suppliers,
b. mapping the supply chains of risk suppliers,
c. regularly examining the risks of adverse impacts in its own operations and in the supply chains of risk suppliers.
d. consulting in a meaningful way with rights-holders or their representatives and retrieving information from credible and independent sources if consultations are not possible in the supply chains of risk suppliers,
e. paying attention to adverse impact on individuals from groups and populations that are at heightened risk of vulnerability or marginalisation, including environmental and human rights defenders and
f. prioritising the most significant risks based on likelihood and severity.
a) Identify risk suppliers
You must map the supply chain and identify risk suppliers. This is our definition of risk suppliers:
Risk suppliers are first tier suppliers prioritised for further assessment on the basis of their supply chains’ risk profiles and not on the strength of their relationship with the supplier. The categorization shall be based on the entire supply chain’s operating context (e.g. presence of conflict or vulnerable groups, weak rule of law, high rates of corruption), the operations, products or services involved (e.g. high employment of informal work, use of hazardous chemicals, use of heavy machinery), or other relevant considerations.
The considerations that are relevant in identifying risk suppliers vary from industry to industry. However, we have developed a template that you can use as a starting point. The template is based on our country risks and can be found further down this page.
Suggested verifications
-
Process document describing the identification of risk suppliers.
-
Identification of risk suppliers, for sample products.
b) Mapping the supply chains
You must map the supply chains for risk suppliers. Mapping the supply chains and identifying risksuppliers is most likely done in parallell.
Mapping is not the same as tracking supply chains, which requires informationas most suppliers do not have. However, you should have information on which countries and regions final manufacturing or final assembly takes place. What is expected beyond that is an overall scoping excersice of the countries for component manufacturing and raw material extraction.
This overall scoping excersice requires assumptions, especially when it comes to raw materials. One source to base these assumptions on is the U.S.Geological Surveys annual Mineral Commodity Summaries. These summaries estimate world mining production and reserves for over 90 minerals and materials. Search engines are also useful when mapping supply chains.
-
How to carry out a risk analysisStep 1: Mapping the supply chain The first step in a risk analysis consists of mapping the supply chain to find out its structure. This includes identifying in which countries the work is carried out, and if possible also in which regions. This is particularly relevant if the work is carried out in any region known to have high risks. Within certain industries such as food, textiles and IT there is a lot of information. For other industries such as pharmaceuticals, however, transparency is low. To obtain this information, you can ask the category manager, the category councils, ask questions of suppliers, find out import data, read audit reports and market analyzes for specific industries. It is also important to identify what type of work is carried out and what type of actors in the supply chain that performs it. Is it, for example, an industry characterized by low wages and health-hazardous processes? Does the workforce consist of migrant workers or seasonal workers? Is the supply chain complex with many subcontractors and a lack of transparency? This type of information is important as both geographical risks, industry risks and product risks need to be taken into account. Step 2: Gather information from credible and independent sources Once you have mapped the origin and the supply chain, the next step is to gather information about the situation of human rights, workers' rights, the environment and business ethics in the relevant countries where the work is carried out, that is, both for final manufacturing, component manufacturing and raw materials. For this you need to turn to credible and independent sources such as international organizations, authorities, voluntary and civil society organizations and global trade unions. Sources Step 3: Identify and assess negative impacts The last step involves assessing the actual and potential negative impact the supply chain is associated with, based on the information that has been compiled in steps 1 and 2. This is to be able to determine which concrete measures need to be taken to manage the risks. Often several risks have been identified and to prioritize them you need to make a seriousness assessment. The most significant risks are prioritized based on probability and seriousness ( read more under point d in process requirement 2 )
Suggested verifications
-
Process document describing the mapping of supply chains.
-
Mappings of the supply chain (Excel spreadsheets, Word documents, etc.), where the sample products are included.
-
Printouts of digital tracking of the supply chain, where the sample products are included.
c) Examining the risks of negative impact
You must regularly review the risks of adverse impact in your own operations and in the supply chains of risk suppliers. A recommended way to do this is to draw up a list of the risks of advserse impact based on the commitments in Appendix 1: Supplier Code of Conduct. This list should also include information on affected right-holders and particularly vulnerable groups. We have developed a template for supply chain risk assessments, which can be found further down this page.
It is not sufficient for this examination of risks to be based on indications. If the main workers’ rights risk is restrictions in the right to organise this shall be identified, linked to the rights-holders workers and their representatives. Otherwise suppliers do not know which risks to focus on in the prevention and mitigation of adverse impact.
In many cases, suppliers are already examining risks and potentially affected individuals or groups in and around its own operations, due to requirements in domestic law. In Sweden, this includes requirements in the Work Environment Act, the provisions of the Swedish Work Environment Authority on Systematic Work Environment Management (AFS 2001:1), the Discrimination Act and the Environmental Code. The persons in charge often differ though. Regarding risks in and around a supplier’s own operations, it is primarily HR experts and environmental experts who assess risks, whereas responsible sourcing or sustainability specialists assess risks in supply chains.
-
How to carry out a risk analysisStep 1: Mapping the supply chain The first step in a risk analysis consists of mapping the supply chain to find out its structure. This includes identifying in which countries the work is carried out, and if possible also in which regions. This is particularly relevant if the work is carried out in any region known to have high risks. Within certain industries such as food, textiles and IT there is a lot of information. For other industries such as pharmaceuticals, however, transparency is low. To obtain this information, you can ask the category manager, the category councils, ask questions of suppliers, find out import data, read audit reports and market analyzes for specific industries. It is also important to identify what type of work is carried out and what type of actors in the supply chain that performs it. Is it, for example, an industry characterized by low wages and health-hazardous processes? Does the workforce consist of migrant workers or seasonal workers? Is the supply chain complex with many subcontractors and a lack of transparency? This type of information is important as both geographical risks, industry risks and product risks need to be taken into account. Step 2: Gather information from credible and independent sources Once you have mapped the origin and the supply chain, the next step is to gather information about the situation of human rights, workers' rights, the environment and business ethics in the relevant countries where the work is carried out, that is, both for final manufacturing, component manufacturing and raw materials. For this you need to turn to credible and independent sources such as international organizations, authorities, voluntary and civil society organizations and global trade unions. Sources Step 3: Identify and assess negative impacts The last step involves assessing the actual and potential negative impact the supply chain is associated with, based on the information that has been compiled in steps 1 and 2. This is to be able to determine which concrete measures need to be taken to manage the risks. Often several risks have been identified and to prioritize them you need to make a seriousness assessment. The most significant risks are prioritized based on probability and seriousness ( read more under point d in process requirement 2 )
Suggested verifications
-
Process documents describing the examination of risks in your own business and supply chains, including the cataloguing of risks, potentially affected rights holders and particularly vulnerable groups, the sources commonly used and the time intervals and circumstances under which risks are assessed.
-
Risk assessments for sample products, including cataloguing of risks, affected right holders and particularly vulnerable groups and the sources used.
d) Consult with rights-holders and retrieve information
You shall consult meaningfully with rights-holders or their representatives and obtain information from credible and independent sources if consultation is not possible in the supply chains of risk suppliers. Consultation can take place through social dialogue, worker voice programs, surveys, meetings, hearings or other procedures. The aim is to understand the specific impact on specific people, given a specific context.
Consultation with rights-holders or their representatives enables you to identify whether rights-holders have the same or different views (than you and each other) about what constitutes an adverse impact and its significance. Changes to factory shift hours that make sense to your management may have a particular impact on parents with childcare responsibilities or individuals whose religious practice would be disrupted by the new times. Consultation with rights-holders also helps to show that you take rights-holders' views and their dignity, welfare, and human rights seriously. This can help build trust and make it easier to find ways to manage impacts in an agreed and sustainable way and avoid complaints and disputes.
Consultation with rights-holders may require particular sensitivity, depending on, for example, linguistic, cultural, gender-related or other barriers that rights holders may face in speaking openly with your representatives. Certain individuals or groups may also risk being excluded if targeted efforts are not made to reach out to them. There may also be competing opinions among rights-holders about the significance of certain impacts, which can increase the sensitivity of the issue.
-
How to carry out a risk analysisStep 1: Mapping the supply chain The first step in a risk analysis consists of mapping the supply chain to find out its structure. This includes identifying in which countries the work is carried out, and if possible also in which regions. This is particularly relevant if the work is carried out in any region known to have high risks. Within certain industries such as food, textiles and IT there is a lot of information. For other industries such as pharmaceuticals, however, transparency is low. To obtain this information, you can ask the category manager, the category councils, ask questions of suppliers, find out import data, read audit reports and market analyzes for specific industries. It is also important to identify what type of work is carried out and what type of actors in the supply chain that performs it. Is it, for example, an industry characterized by low wages and health-hazardous processes? Does the workforce consist of migrant workers or seasonal workers? Is the supply chain complex with many subcontractors and a lack of transparency? This type of information is important as both geographical risks, industry risks and product risks need to be taken into account. Step 2: Gather information from credible and independent sources Once you have mapped the origin and the supply chain, the next step is to gather information about the situation of human rights, workers' rights, the environment and business ethics in the relevant countries where the work is carried out, that is, both for final manufacturing, component manufacturing and raw materials. For this you need to turn to credible and independent sources such as international organizations, authorities, voluntary and civil society organizations and global trade unions. Sources Step 3: Identify and assess negative impacts The last step involves assessing the actual and potential negative impact the supply chain is associated with, based on the information that has been compiled in steps 1 and 2. This is to be able to determine which concrete measures need to be taken to manage the risks. Often several risks have been identified and to prioritize them you need to make a seriousness assessment. The most significant risks are prioritized based on probability and seriousness ( read more under point d in process requirement 2 )
Proposal for verification
-
Process documents that describe the consultations with rights holders in and around your own operations, how these meet the requirement for "meaningful" consultations and how they inform risk assessments.
-
Process documents that describe the consultations with rights holders in the supply chains and how they inform risk assessments.
-
Minutes of meetings of social dialogues, hearings and other proceedings, for sample products.
-
Results from worker voice programs and/or surveys, for sample products.
-
Risk assessments for sample products, including information about sources used as an alternative to consultations with rights-holders.
e) Pay attention to particularly vulnerable groups
You must pay attention to the adverse impact on individuals from groups and populations that have an increased risk of vulnerability or marginalization, including environmental and human rights defenders. The aim is to ensure that you do not contribute to or exacerbate such vulnerability or marginalisation.
UN instruments have elaborated on the rights of the following groups:
-
indigenous peoples
-
women
-
national or ethnic, religious and linguistic minorities
-
children
-
persons with disabilities
-
migrant workers and their families.
In situations of armed conflict, you must also respect the norms of international humanitarian law.
However, it is important to remember that vulnerability depends on the context. Although women are more vulnerable than men in most contexts, they are not necessarily so in all contexts. Conversely, women from marginalized groups may in certain situations be doubly vulnerable: because they belong to a marginalized group and because they are women. This is called intersectionality.
-
How to carry out a risk analysisStep 1: Mapping the supply chain The first step in a risk analysis consists of mapping the supply chain to find out its structure. This includes identifying in which countries the work is carried out, and if possible also in which regions. This is particularly relevant if the work is carried out in any region known to have high risks. Within certain industries such as food, textiles and IT there is a lot of information. For other industries such as pharmaceuticals, however, transparency is low. To obtain this information, you can ask the category manager, the category councils, ask questions of suppliers, find out import data, read audit reports and market analyzes for specific industries. It is also important to identify what type of work is carried out and what type of actors in the supply chain that performs it. Is it, for example, an industry characterized by low wages and health-hazardous processes? Does the workforce consist of migrant workers or seasonal workers? Is the supply chain complex with many subcontractors and a lack of transparency? This type of information is important as both geographical risks, industry risks and product risks need to be taken into account. Step 2: Gather information from credible and independent sources Once you have mapped the origin and the supply chain, the next step is to gather information about the situation of human rights, workers' rights, the environment and business ethics in the relevant countries where the work is carried out, that is, both for final manufacturing, component manufacturing and raw materials. For this you need to turn to credible and independent sources such as international organizations, authorities, voluntary and civil society organizations and global trade unions. Sources Step 3: Identify and assess negative impacts The last step involves assessing the actual and potential negative impact the supply chain is associated with, based on the information that has been compiled in steps 1 and 2. This is to be able to determine which concrete measures need to be taken to manage the risks. Often several risks have been identified and to prioritize them you need to make a seriousness assessment. The most significant risks are prioritized based on probability and seriousness ( read more under point d in process requirement 2 )
Suggested verifications
-
Process document that describes how you pay attention to particularly vulnerable groups and how this informs the risk assessment.
-
Risk assessment for sample products, which contains information on identified particularly vulnerable groups.
f) Prioritize risks based on likelihood and severity
You must prioritize the most significant risks based on likelihood and severity.
There is no hierarchy in international human rights law. Human rights are interrelated, interdependent and indivisible. However, it is often impossible to address all adverse impacts immediately or simultaneously. Therefore, you must prioritize.
Standard approaches to risk assessment suggest that the likelihood of an adverse impact is as important as its severity. However, if a potential human rights impact has low likelihood but high severity, the severity of the impact must become decisive. The focus must be on those adverse impacts that would cause the greatest harm to people. For example, if an adverse impact can result in loss of life, it should be prioritised even if it is less likely.
Suppliers shall judge the severity of impacts by their scale, scope and irremediable character:
-
Scale refers to the gravity of the adverse impact.
-
Scope concerns the reach of the impact, for example the number of individuals that are or will be affected, or the extent of environmental damage.
-
Irremediable character means any limits on the ability to restore the individuals or environment affected to a situation equivalent to their situation before the adverse impact.
Severity is not an absolute concept – it is relative to other adverse impacts identified in the specific case. Often the most severe adverse impacts are faced by persons belonging to groups or populations that are at heightened risk of vulnerability or marginalization. This means that the previously identified particularly vulnerable groups need to be taken into account in the prioritisation of the most significant risks.
It is also important to remember that as soon as the most significant risks have been addressed, suppliers shall turn to those with the next greatest severity and so on.
-
How to carry out a risk analysisStep 1: Mapping the supply chain The first step in a risk analysis consists of mapping the supply chain to find out its structure. This includes identifying in which countries the work is carried out, and if possible also in which regions. This is particularly relevant if the work is carried out in any region known to have high risks. Within certain industries such as food, textiles and IT there is a lot of information. For other industries such as pharmaceuticals, however, transparency is low. To obtain this information, you can ask the category manager, the category councils, ask questions of suppliers, find out import data, read audit reports and market analyzes for specific industries. It is also important to identify what type of work is carried out and what type of actors in the supply chain that performs it. Is it, for example, an industry characterized by low wages and health-hazardous processes? Does the workforce consist of migrant workers or seasonal workers? Is the supply chain complex with many subcontractors and a lack of transparency? This type of information is important as both geographical risks, industry risks and product risks need to be taken into account. Step 2: Gather information from credible and independent sources Once you have mapped the origin and the supply chain, the next step is to gather information about the situation of human rights, workers' rights, the environment and business ethics in the relevant countries where the work is carried out, that is, both for final manufacturing, component manufacturing and raw materials. For this you need to turn to credible and independent sources such as international organizations, authorities, voluntary and civil society organizations and global trade unions. Sources Step 3: Identify and assess negative impacts The last step involves assessing the actual and potential negative impact the supply chain is associated with, based on the information that has been compiled in steps 1 and 2. This is to be able to determine which concrete measures need to be taken to manage the risks. Often several risks have been identified and to prioritize them you need to make a seriousness assessment. The most significant risks are prioritized based on probability and seriousness ( read more under point d in process requirement 2 )
Suggested verifications
-
Process document that describes the prioritization based on likelihood and severity, and how this informs the work to prevent and mitigate adverse impact.
-
Risk assessments for sample products, which include prioritization based on likelihood and severity.
Templates for process requirements 2