2. Supplier’s due diligence
What is due diligence?
In the OECD Due Diligence Guidance, the concept is defined as follows:
“Due diligence is the process enterprises should carry out to identify, prevent, mitigate and account for how they address actual and potential adverse impacts in their own operations, their supply chain and other business relationships.”
Within the scope of the contract clauses, due diligence means that you shall identify, prevent, mitigate and remediate adverse impacts on people, the environment and society in your own operations and throughout your supply chains.
The contract clauses therefore include both outcome requirements and process requirements. To ensure compliance with the commitments, you need to have a due diligence process in place. Put simply, the code of conduct describes what is to be achieved, while the due diligence process explains how it is to be carried out.
We have defined seven process requirements in the contract clauses, corresponding to sections 2.1-2.7.
Contract clause
To ensure compliance with the commitments in the Supplier Code of Conduct in section 1, Supplier shall have a due diligence process in accordance with sections 2.1 – 2.7. The process shall be documented and applied from [contract start/other time determined by contracting organisation]. Through this process, Supplier shall identify, prevent, mitigate and remedy adverse impacts on people, the environment and society in its own operations and supply chains. This means that:
Our due diligence process
Our due diligence process is based on the UN Guiding Principles on Business and Human Rights and the OECD Due Diligence Guidance for Responsible Business Conduct, illustrated through the model below:
Because contract clauses must be linked to the subject-matter of procurement, the clauses do not cover the entire model. Instead of communication requirements, you are required to report severe deviations to the contracting organisation.
Purpose of due diligence
TThe purpose of due diligence is for you to avoid causing or contributing to actual and potential adverse impacts, and to seek to prevent and mitigate adverse impacts linked to your operations through your supply chains.
- An actual adverse impact has occurred or is occurring and shall be remediated.
- A potential adverse impact may occur but has not yet occurred and shall be prevented or mitigated.
Integral part of decision-making and risk management
Due diligence encompasses several related processes, such as occupational health and safety management, risk assessments and action plans for specific projects or supply chains, and supplier assessments.
The work should therefore be integrated into decision-making and risk management. Unlike traditional risk management, however, due diligence focuses on risks to people, the environment and society — not risks to the company.
Adapt the work to risks and circumstances
The extent of due diligence required depends on factors such as the size of the company, the business context, business model, position in the supply chain, and the types of goods or services provided.
Larger companies with complex supply chains may need more formalised processes than smaller companies with fewer products and shorter decision-making chains. At the same time, small companies may also be linked to high risks.
Each company in the supply chain has its own responsibility to identify, prevent, mitigate and remediate adverse impacts. The contract clauses are therefore not intended to shift responsibility from sub-suppliers to suppliers.
If you are linked to adverse impacts through your business relationships, you are expected to use your leverage to seek to prevent or mitigate those impacts.
If you have limited resources or limited leverage, you can, for example:
- use free sources of information,
- use publicly available risk assessments,
- collaborate through industry initiatives or multi-stakeholder initiatives.
Documentation
You need to be able to demonstrate your due diligence and thereby comply with the contract terms. This means that you shall be able to communicate relevant information and provide documentation to contracting organisations.
Examples of documentation include:
- codes of conduct,
- supply chain mappings,
- risk assessments,
- audit reports,
- action plans.
Under the process requirements, you will find suggested verifications and templates.
Process requirements
Policies and responsibilities
Risk assessments
Prevent and mitigate (causation/contribution)
Prevent and mitigate (linkage)
Monitoring
Complaints
Remediation
Guidance auditors
Templates and tools
At the bottom of each process requirement page, you will find templates and tools relevant to that specific requirement. We have also compiled all templates and tools on this page. Please note that the templates for due diligence policy and instruction are only available here, as they are overarching and apply to all process requirements.
PAGE CONTENT
RELATED LINKS SUPPLIERS
3. Supplier’s reporting obligation
RELATED LINKS BUYERS
PROCESS REQUIREMENTS DUE DILIGENCE
1. Policies and responsibilities
3. Prevent and mitigate (causation/contribution)
All templates and tools
- Due diligence policy template
- Due diligence instruction template
- Human rights policy template
- Environmental policy template
- Business ethics policy template
- Checklist for the board of directors
- Supplier code of conduct template
- Responsible sourcing instruction template
- Template for identification of risk suppliers (prioritised purchasing categories)
- Supply chain mapping template
- Supply chain risk assessment template incl. action plans and remediation plan
- Pre-qualification questionnaire
- Responsible Purchasing Code of Conduct (The Buyer Code)
- European Model Clauses (draft)
- Open Supply Hub
- Notification mechanism template
- Complaints procedure template
- Template for mapping procedures for remediation
- Remediation plan template for own operations
- Survey template for assessment of satisfaction with process and outcome