Examples of circumstances that could trigger human rights due diligence include:
- Launch of a new product, offer, or service or a material modification of an existing product, offer, or service.
- Internal review of policies and procedures that may impact human rights, such as updates to our Global Human Rights Policy, Data Protection & Privacy Policy, Cisco Secure Development Lifecycle, or our procedures for responding to law enforcement demands for customer data.
- Entry into or exit from a market.
- Review of a partner’s, supplier’s, or other third party’s policies and procedures.
- Export of regulated products.
- Acquisition of a new company.
At Cisco, we are continuously working to integrate human rights due diligence into our broader enterprise risk management systems. In fiscal 2020, we worked cross-functionally to incorporate triggers for human rights due diligence for high-risk products.
We aim to initiate due diligence as early as possible in the development of new products and relationships. For example, Cisco’s Secure Development Lifecycle (Cisco SDL) includes a baseline set of controls designed to protect and assess impacts on privacy, starting from the ideation phase.
In our supply chain, we prioritize due diligence where the risk of adverse human rights impacts is most significant due to the operating context, products/services involved, and other considerations.
Our human rights due diligence process draws on both internal and independent external human rights expertise. In the past several years, Cisco has increased internal subject-matter expertise through trainings and new hires. We have also engaged Article One to conduct a saliency mapping of risk in our Collaboration and Security business units, and we are active members of Business for Social Responsibility (BSR).
Based on what we learn through the due diligence process, we identify potential risks and opportunities that could arise through our business operations, and we develop mitigation strategies to address actual or potential risks.
When we conduct human rights due diligence, we consult a variety of resources, including:
- International human rights norms
- Relevant laws
- Cisco’s corporate policies
- Cisco’s business plans and/or product features
- The geopolitical context and human rights landscape in a particular market, informed by credible journalism and reports by human rights organizations, UN Special Procedures, academic institutions, and the U.S. Department of State
We also consult, as appropriate, with potentially affected groups and other relevant stakeholders, including human rights defenders, academics, and others from civil society, with particular consideration for especially vulnerable groups.