Skip to Main Content
(Press Enter)

Code of Conduct

The Supplier Code of Conduct sets forth our expectations of suppliers for labor, health and safety, environment, ethics, and management systems.

Our Cisco Supplier Code of Conduct is a cornerstone of our commitment to the Organisation for Economic Co-operation and Development Due Diligence Guidance for Responsible Business Conduct and the United Nations Guiding Principles on Business and Human Rights. As a founding member of the Responsible Business Alliance (RBA), Cisco contributed to the development of the RBA Code of Conduct and adopted the Code as our own Supplier Code of Conduct. The RBA sets consistent standards to drive social and environmental responsibility across global supply chains and is comprised of electronics, retail, auto, and toy companies. These standards enable participating companies to drive broad systems change. We hold our suppliers—and their suppliers—accountable to the Supplier Code of Conduct and other responsible sourcing policies.

The supplier engagement process is essential to drive improvement within our supply chain and across our industry. We believe it is important to continually evaluate our suppliers and help them improve through leadership, support, and education. The engagement process includes five main phases, described below:

Supplier engagement on Code of Conduct

Infographic detailing our supplier engagement on Code of Conduct

1 In alignment with RBA guidance.

Assessing risk

Every year, we evaluate our supply base to prioritize suppliers and sites for onsite RBA audits. This annual assessment includes social and environmental risk factors, site-level risks from operations and production, and exposure to those risks. A portion of this process relies on the RBA Risk Assessment Platform, which compiles a variety of indicators to identify vulnerabilities in the geographies where suppliers operate. Indicators include those from:

  • United Nations Human Development Index (HDI)
  • Walk Free Foundation Global Slavery Index
  • U.S. Department of Labor Bureau of International Labor Affairs (ILAB) reports regarding forced labor and child labor
  • World Resources Institute regarding water stress and flood risk
  • Yale and Columbia universities regarding air quality and carbon intensity
  • Transparency International Corruption Perceptions Index

Our assessment methodology includes criteria for assessing the presence of vulnerable workers, such as foreign migrant workers, young workers, and student workers. The inclusion of these factors has helped increase our due diligence focus on protecting vulnerable workers.

We also incorporate suppliers' previous audit performance and repeated nonconformances in our overall methodology. The results of this assessment feed into our due diligence, audits and assessments, and supplier engagement plans.

Risk assessment factors

Supplier risk

High-risk
vs.
Low-risk

Geographic risk factors

  • RBA Risk Assessment results
  • Indicators for forced labor and child labor
  • Indicators for environmental, health and safety, and ethics performance

Site-level risk

  • Past performance on supplier audits
  • Recruitment of vulnerable workers
  • Unresolved issues and repeat findings

Exposure risk

  • Site’s strategic importance to Cisco’s supply chain

Conducting self-assessments and audits

We have adopted the RBA's industry-standard Self-Assessment Questionnaires (SAQs) and the Validated Assessment Program (VAP) for onsite audits. Using RBA's industry-standard programs and protocols reduces survey and audit fatigue and communicates consistent conformance expectations to suppliers.

SAQs engage suppliers to assess their conformance to the RBA Code of Conduct and identify gaps. The assessments give suppliers insight into their own performance and help Cisco develop leading indicators for risks that can be addressed during an audit or other due diligence processes.

Self-assessment questionnaire (SAQ) coverage by supplier type
  FY20 FY21 FY22 FY23 FY24
Manufacturing partners FY20: 100% FY21: 100% FY22: 100% FY23: 100% FY24: 100%
Components suppliers (by spend) FY20: 80% FY21: 85% FY22: 92% FY23: 98% FY24: 98%
Logistics suppliers FY20: 100% FY21: 65% FY22: 100% FY23: 90% FY24: 97%

Our comprehensive supplier auditing program helps suppliers build capability and improve their performance. Third-party auditors trained and certified by the RBA in social and environmental auditing and RBA's VAP protocols conduct audits on site. Auditors walk through production areas, dormitories, and canteens; interview workers and management; and review policy and procedure documentation. More information about VAP standard protocols can be found on the RBA website.

We require regular audits of manufacturing partners every two years, and during fiscal 2024, 100% of manufacturing partner sites maintained a valid audit. In fiscal 2024, we audited more than 50% of component supplier facilities that were deemed high risk according to our annual risk assessment process.

RBA Initial Audits1 conducted by supplier type
  FY20 FY21 FY22 FY23 FY24
Manufacturing partner facilities FY20: 6 FY21: 16 FY22: 12 FY23: 13 FY24: 19
Component supplier facilities FY20: 60 FY21: 78 FY22: 107 FY23: 154 FY24: 128
Logistics service provider facilities FY20:   FY21:   FY22: 2 FY23: 2 FY24: 0
Sub-tier supplier facilities FY20:   FY21:   FY22:   FY23:   FY24: 16
Total FY20: 66 FY21: 94 FY22: 121 FY23: 169 FY24: 163

1 Initial Audits cover the full scope of the RBA Code as opposed to "Closure" audits, which address nonconformances identified in an Initial Audit.

In fiscal 2024, 163 Cisco supplier facilities conducted RBA Initial Audits, one of which was an unannounced audit. We estimate these audits covered more than 489,000 workers.2 Working hours and emergency preparedness remained the largest portion of our audit nonconformances. We continue to work with suppliers to drive conformance to our standards and develop long-term improvement plans when necessary.

Number of workers covered by RBA Audits2 in FY24
  Male Female Total Foreign migrant workers
Manufacturing partners Male: 38,062 Female: 40,216 Total: 78,278 Foreign migrant workers: 7867
Components suppliers Male: 190,014 Female: 195,464 Total: 385,478 Foreign migrant workers: 15,899
Sub-tier suppliers Male: 10,562 Female: 15,593 Total: 26,155 Foreign migrant workers: 3402
Grand total Male: 238,638 Female: 251,273 Total: 489,911 Foreign migrant workers: 27,168

2 The RBA is an industry standard scheme that allows suppliers of multiple customers to demonstrate conformance to a single responsible business conduct standard. Number of workers represents all the workers in the supplier facility, not just those supporting Cisco business.

Key audit nonconformances and actions taken across the globe

Here are some of the most common audit nonconformances in fiscal 2024,
including nonconformances that are persistent and challenging.

Prohibition of forced labor

  • China
  • India
  • Malaysia
  • Singapore,Taiwan
  • Thailand

Finding

  • Foreign migrant workers paid recruitment fees (e.g. passport or renewal fee, transportation fee, health examination fee, labor agent fee, etc.)
  • Orientation health check fee paid by workers, though most are reimbursed within 90 days after commencement of employment

Action plan

  • Stop charging fees immediately and reimburse workers per RBA Code; for fees exceeding the equivalent of one month gross base salary, conduct an RBA-approved third-party fees investigation then reimburse workers per RBA-approved amount
  • Take training on the RBA requirements to ensure orientation health check fees are paid by employer at the very beginning
  • Establish a "Zero Fee" policy and communicate it to workers and labor agencies
  • Update procedures and train workers on recruitment fees
  • Monitor the labor agencies to ensure implementation of the "Zero Fee" Policy

Context

  • Supplier had insufficient understanding of RBA Code and requirements regarding recruitment fees, including misinterpretation of the RBA Definition of Fees
  • Local law allows certain recruitment fees to be charged to workers; moreover, local law is silent on orientation health check fee practice, which does not comply with RBA Code
  • Supplier had insufficient monitoring of labor agencies or onsite service providers

Working Hours and Days of Rest

  • China
  • Czech Republic
  • Germany
  • India
  • Japan
  • Malaysia
  • Mexico
  • Philippines
  • Singapore
  • South Korea
  • Taiwan
  • Thailand
  • USA

Finding

  • Overtime in violation of local law requirement
  • Weekly working hours exceed 60 hours
  • Workers do not receive at least one day off every seven days

Action plan

  • Refine procedures on working hours, enhance the internal working hours controls system, and monitor working hours internally
  • Hire more workers
  • Adjust the production plan to meet production demand
  • Provide training to workers and improve personnel efficiency
  • Forecast on customer demand to deploy the required human resources
  • Deploy more automated machines

Context

  • Local law has strict overtime (OT) limit (e.g., China only allows 36 OT hours/month) that cannot meet company's production demand
  • Labor shortage in local labor market
  • Workers willing to work more OT to increase their income
  • Insufficiently trained workers
  • Lack of supply material, manpower allocation, production demand, urgent business orders, and lead times are all complex factors that can lead to excessive overtime

Wages and Benefits

  • China
  • India
  • Malaysia

Finding

  • Social insurance or housing fund not provided per legal requirement
  • The baseline of social insurance and housing fund is lower than that legally required

Action plan

  • Enroll workers into social insurance and housing fund programs
  • Communicate social insurance and housing fund information and changes to workers and try efforts to meet legal requirements
  • Because the local government accepts current practice on social insurance and housing fund, these issues should be improved step by step, given worker willingness and sufficient communication with workers

Context

  • Chinese social insurance and housing fund standards and exemptions differed across local jurisdictions, leading to a variety of calculation schemes for workers and employers to pay into social insurance and housing fund programs
  • Sometimes contributions are calculated based on minimum wages, rather than workers average monthly salary that is typically required by law
  • Significant cost for facilities if the social insurance and housing fund is fully covered according to law requirement

Occupational safety (health & safety permits, licenses, and testing reports)

  • China
  • Indonesia
  • Malaysia
  • Philippines
  • Taiwan
  • Thailand
Finding
  • Legally required permits, licenses, and testing reports are expired or not available
  • Safety inspection on buildings, special equipment and machines were not conducted per legal requirement
Action plan
  • Conduct relevant testing
  • Keep a checklist on all certificates/permits and ensure they are renewed/updated on time
  • Appoint responsible persons for certificates/permits and provide training for relevant staff members
  • Refine/amend procedures on certificates/permits management
  • Conduct safety inspections as legally required
Context
  • For factories (in China) whose buildings were constructed a few years prior and didn't get the building completion approval or fire approval at that time, the local government will no longer issue the certificates
  • Renewal process delayed by government
  • Lack of awareness of the permits' expiration
  • Lack of understanding of legal and RBA requirements

Emergency preparedness (emergency exit and evacuation drills)

  • China
  • Czech Republic
  • India
  • Japan
  • Malaysia
  • Netherlands
  • Philippines
  • South Korea
  • Taiwan
  • Thailand
  • USA
Finding
  • Exit route and/or doors do not meet legal or RBA requirements (e.g. missing emergency exits, lack of lighting, blocked exits or evacuation routes, doors can not be opened in one single motion, and/or improper fire doors)
  • Emergency support facilities not inspected as required
  • Evacuation fire drills not conducted as per legal or RBA requirement
Action plan
  • Install fire equipment on emergency exits as required
  • Upgrade the emergency exit doors to meet RBA and legal requirement
  • Train employees on RBA and legal requirements
  • Inspect emergency exits regularly and record the results
  • Conduct fire drills as required
  • Develop and amend procedures on emergency exits, management and evacuation fire drills
Context
  • Auditee did not thoroughly understand RBA Code requirements, which clearly specify emergency exit doors to be opened by one single motion without keys, card swiping, locking devices, etc.
  • Misinterpretation of the fire regulation requirements
  • Negligence of personnel and lack of safety awareness
  • Inadequate regular monitoring or inspection of emergency exit doors

Supplier responsibility

  • China
  • India
  • Malaysia
  • Mexico
  • Philippines
  • South Korea
  • Taiwan
  • Thailand

Finding

  • Missing verification visits or audits on major suppliers, onsite service providers, or labor agencies
  • Audits on major suppliers, onsite service providers, or labor agencies have critical nonconformances that have not been closed
  • Inadequate or missing process to ensure next-tier major suppliers implement the RBA Code

Action plan

  • Conduct verification visits or audits on major suppliers, onsite service providers, or labor agencies
  • Follow up and correct the nonconformances on major suppliers, onsite service providers, or labor agencies
  • Establish proper procedures to ensure next-tier major suppliers implement the RBA Code
  • Communicate and provide training to next-tier major suppliers on RBA Code requirements

Context

  • Facilities are not aware that major suppliers, onsite service providers, or labor agencies need to have verification visits or audits per RBA Code requirements
  • Some noncomformances, such as overtime and social insurance are more complex or difficult to close
  • Lack of understanding of RBA Code requirements
Review Cisco RBA audit nonconformance results here

Implementing Corrective Action Plans

When we receive RBA audit reports, our team records and tracks individual nonconformances through various phases from discovery until closure, and suppliers must develop Corrective Action Plans (CAPs) for individual nonconformances. We typically engage with our suppliers remotely to support implementation of the suppliers’ onsite actions. In this process, suppliers identify the root cause for the nonconformance and develop a CAP with proposed changes to policies, procedures, worker training, or communications. They also propose key performance indicators to measure the effectiveness of their actions. Plans are submitted to Cisco and approved if they meet our requirements. A CAP will be opened for any audit that does not achieve all of the following: RBA Gold Recognition, full conformance with the Code requirements on the Prohibition of Forced Labor and Young Workers, and no other Major nonconformances. In fiscal 2024, Cisco reviewed and approved 100% of these cases.

If a CAP does not meet our requirements, we coach suppliers in root cause analysis using best practice frameworks, such as the 5 Whys or fishbone mapping. This work drives lasting positive change by addressing the root cause rather than implementing short-term fixes.

Supplier CAPs must adhere to Cisco deadlines and closure requirements as informed by the RBA VAP Protocol. We consider nonconformances closed after we review evidence confirming that workers have been remediated, communicated to, and/or trained in revised policies and procedures. As needed, we use third-party auditors to conduct closure audits on site, as informed by the RBA VAP Protocol.

In fiscal 2024, our closure rate of Priority and Major nonconformances was 99%, excluding nonconformances for working hours and social insurance. We do not include working hours and social insurance nonconformances when calculating closure rates, as they can take longer to implement than RBA's recommended closure guidelines. Of the nonconformances that were not closed during the year, most were due to specific permits awaiting government approval and related activities that did not pose particular risks to workers or the environment.

Building suppliers' capabilities

Training and building our suppliers’ capabilities is important to make lasting improvements to working conditions. Some suppliers require more coaching and monitoring than others. This depends on the maturity of their programs and the complexity or severity of issues discovered in audits.

For suppliers undergoing the RBA audit for the first time, or that received a low audit score, we conduct a CAP kickoff meeting to comprehensively review nonconformances and provide in-depth coaching on how to improve. Cisco may coach suppliers and share best practices or assign e-learning courses delivered through RBA's e-Learning Academy according to their audit nonconformances. These courses help them understand requirements and build more effective CAPs.

Our goal is to proactively train suppliers on best practices. For fiscal 2024, Cisco delivered the following trainings to address the most frequent issues identified in fiscal 2023 audits, as well as to support overall RBA requirements:

  • RBA Code 8.0 training: This training focused on helping newly onboarded suppliers and existing suppliers to understand the code revisions in version 8.0 and the general RBA Code requirements, including elevating the top findings from Cisco's RBA audits. In addition, it offered suppliers an overview of best practices on how to address key issues in Cisco's supply chain, such as fees passed on to workers, and Cisco's expectations on supplier evaluation risk performance. More than 400 attendees from at least 128 sites attended this session.
  • Next-tier supplier responsibility training: This training educated Cisco suppliers on the process to communicate code requirements to their suppliers and how to monitor supplier compliance to the Code. It also highlighted the common findings under Supplier responsibility, and the best practices on how to address those common issues. More than 190 attendees from at least 91 sites attended this session.
  • Chemical management training: This training highlighted how to manage chemicals in their whole life cycle so that the suppliers can protect workers from hazardous exposures. A total of 200 attendees from more than 83 sites joined this session.

We continue developing trainings based on suppliers' needs and trends that we identify throughout the year.

Expanding the Supplier Code of Conduct to indirect suppliers

We have taken steps to expand the application of our Supplier Code of Conduct to our indirect supply chain, a network of suppliers that provide goods and services that support Cisco’s operations. These are suppliers that do not contribute to the manufacturing of Cisco products. Since fiscal 2020, we have required indirect suppliers to abide by the code.

During fiscal 2024, Cisco conducted a risk assessment on our global preferred suppliers within indirect procurement. The global preferred suppliers were prioritized based on their strategic relationships to Cisco and included the majority of Cisco’s indirect spend. The process assessed specific spend categories against the potential for human rights impacts and risks to worker wellbeing. To identify high-risk suppliers, Cisco leveraged existing risk management data, including data obtained during the supplier onboarding process, open ethics cases, denied parties list, and geographic supply chain risk considerations. The risk assessment resulted in 22 suppliers in 12 countries that required further investigation. To understand the potential risks at these supplier sites, Cisco leveraged the RBA Indirect Spend SAQ. This questionnaire, which Cisco was involved in developing, was created to help companies better understand the unique risks posed by indirect suppliers. The RBA provides a risk rating for submitted SAQs to help companies determine appropriate actions to address identified risks.

Indirect SAQs submitted to date have indicated these suppliers are not deemed “high risk.” Cisco continues to conduct due diligence to better understand risks facing our indirect supply chain and prepare those suppliers to mitigate risks in their own operations. As we continue, we compile learning and best practices with the aim to continuously improve the due diligence process. When risks are identified, appropriate steps will be taken to address actual and potential impacts.

Cisco continues to participate in the RBA Working Group on Indirect Supply Chains. This group focuses on understanding key human rights, environmental, and ethical risks associated with indirect spend suppliers and developing special tools to assess, remedy, and prevent future risks. Collaborating with industry peers and the RBA has allowed us to adapt tools and processes to the indirect procurement space while collectively learning and addressing unique challenges related to service procurement.

Supplier engagement on Code of Conduct

  1. Supplier onboarding: New suppliers are assessed to identify potential social and environmental risks within their operations.

    After suppliers are fully onboarded to provide products to Cisco, they become part of our regular supplier engagement process.

  2. Risk assessment: We evaluate suppliers based on social and environmental risk factors and Cisco's exposure to those risks from operations and production.
  3. Self assessment and audits: We require suppliers to complete RBA Self-Assessment Questionnaires (SAQs) and audit high-risk suppliers using RBA's Validated Assessment Program (VAP) to assess their conformance to our Code of Conduct.
  4. Corrective action plans (CAPs): If nonconformances are found, we review and approve supplier CAPs and monitor their progress toward closure.
    • Suppliers produce CAPs and evidence that they have implemented their plans.
    • Suppliers must address or downgrade priority issues within days and other findings within 180 days.1
    • For issues such as the monitoring of working hours, suppliers provide long-term improvement plans.
    • Cisco works closely with suppliers until performance improves and to validate finding closure.
  5. Capability building: We offer training to help suppliers better align with our values and to drive continuous improvement. For example, we provide guidance and support factories where practicable to engage workers on use of personal protective equipment.

1 In alignment with RBA guidance.