Implementing Corrective Action Plans
When we receive RBA audit reports, our team records and tracks individual nonconformances through various phases from discovery until closure, and suppliers must develop Corrective Action Plans (CAPs) for individual nonconformances. We typically engage with our suppliers remotely to support implementation of the suppliers’ onsite actions. In this process, suppliers identify the root cause for the nonconformance and develop a CAP with proposed changes to policies, procedures, worker training, or communications. They also propose key performance indicators to measure the effectiveness of their actions. Plans are submitted to Cisco and approved if they meet our requirements. A CAP will be opened for any audit that does not achieve all of the following: RBA Gold Recognition, full conformance with the Code requirements on the Prohibition of Forced Labor and Young Workers, and no other Major nonconformances. In fiscal 2024, Cisco reviewed and approved 100% of these cases.
If a CAP does not meet our requirements, we coach suppliers in root cause analysis using best practice frameworks, such as the 5 Whys or fishbone mapping. This work drives lasting positive change by addressing the root cause rather than implementing short-term fixes.
Supplier CAPs must adhere to Cisco deadlines and closure requirements as informed by the RBA VAP Protocol. We consider nonconformances closed after we review evidence confirming that workers have been remediated, communicated to, and/or trained in revised policies and procedures. As needed, we use third-party auditors to conduct closure audits on site, as informed by the RBA VAP Protocol.
In fiscal 2024, our closure rate of Priority and Major nonconformances was 99%, excluding nonconformances for working hours and social insurance. We do not include working hours and social insurance nonconformances when calculating closure rates, as they can take longer to implement than RBA's recommended closure guidelines. Of the nonconformances that were not closed during the year, most were due to specific permits awaiting government approval and related activities that did not pose particular risks to workers or the environment.
Building suppliers' capabilities
Training and building our suppliers’ capabilities is important to make lasting improvements to working conditions. Some suppliers require more coaching and monitoring than others. This depends on the maturity of their programs and the complexity or severity of issues discovered in audits.
For suppliers undergoing the RBA audit for the first time, or that received a low audit score, we conduct a CAP kickoff meeting to comprehensively review nonconformances and provide in-depth coaching on how to improve. Cisco may coach suppliers and share best practices or assign e-learning courses delivered through RBA's e-Learning Academy according to their audit nonconformances. These courses help them understand requirements and build more effective CAPs.
Our goal is to proactively train suppliers on best practices. For fiscal 2024, Cisco delivered the following trainings to address the most frequent issues identified in fiscal 2023 audits, as well as to support overall RBA requirements:
- RBA Code 8.0 training: This training focused on helping newly onboarded suppliers and existing suppliers to understand the code revisions in version 8.0 and the general RBA Code requirements, including elevating the top findings from Cisco's RBA audits. In addition, it offered suppliers an overview of best practices on how to address key issues in Cisco's supply chain, such as fees passed on to workers, and Cisco's expectations on supplier evaluation risk performance. More than 400 attendees from at least 128 sites attended this session.
- Next-tier supplier responsibility training: This training educated Cisco suppliers on the process to communicate code requirements to their suppliers and how to monitor supplier compliance to the Code. It also highlighted the common findings under Supplier responsibility, and the best practices on how to address those common issues. More than 190 attendees from at least 91 sites attended this session.
- Chemical management training: This training highlighted how to manage chemicals in their whole life cycle so that the suppliers can protect workers from hazardous exposures. A total of 200 attendees from more than 83 sites joined this session.
We continue developing trainings based on suppliers' needs and trends that we identify throughout the year.
Expanding the Supplier Code of Conduct to indirect suppliers
We have taken steps to expand the application of our Supplier Code of Conduct to our indirect supply chain, a network of suppliers that provide goods and services that support Cisco’s operations. These are suppliers that do not contribute to the manufacturing of Cisco products. Since fiscal 2020, we have required indirect suppliers to abide by the code.
During fiscal 2024, Cisco conducted a risk assessment on our global preferred suppliers within indirect procurement. The global preferred suppliers were prioritized based on their strategic relationships to Cisco and included the majority of Cisco’s indirect spend. The process assessed specific spend categories against the potential for human rights impacts and risks to worker wellbeing. To identify high-risk suppliers, Cisco leveraged existing risk management data, including data obtained during the supplier onboarding process, open ethics cases, denied parties list, and geographic supply chain risk considerations. The risk assessment resulted in 22 suppliers in 12 countries that required further investigation. To understand the potential risks at these supplier sites, Cisco leveraged the RBA Indirect Spend SAQ. This questionnaire, which Cisco was involved in developing, was created to help companies better understand the unique risks posed by indirect suppliers. The RBA provides a risk rating for submitted SAQs to help companies determine appropriate actions to address identified risks.
Indirect SAQs submitted to date have indicated these suppliers are not deemed “high risk.” Cisco continues to conduct due diligence to better understand risks facing our indirect supply chain and prepare those suppliers to mitigate risks in their own operations. As we continue, we compile learning and best practices with the aim to continuously improve the due diligence process. When risks are identified, appropriate steps will be taken to address actual and potential impacts.
Cisco continues to participate in the RBA Working Group on Indirect Supply Chains. This group focuses on understanding key human rights, environmental, and ethical risks associated with indirect spend suppliers and developing special tools to assess, remedy, and prevent future risks. Collaborating with industry peers and the RBA has allowed us to adapt tools and processes to the indirect procurement space while collectively learning and addressing unique challenges related to service procurement.