Corrective Action Plans
When we receive RBA audit reports, individual nonconformances are recorded and tracked through various phases from discovery until closure. Suppliers must develop Corrective Action Plans (CAPs) for individual nonconformances. In this process, suppliers identify the root cause for the nonconformance and develop an action plan with proposed changes to policies, procedures, worker training, or communications. They also propose key performance indicators to measure the effectiveness of their actions. Plans are submitted to Cisco and approved if they meet our requirements.
If a CAP does not meet our requirements, we coach suppliers in root cause analysis using best practice frameworks, such as the 5 Whys or Fish-Bone mapping. This work drives lasting positive change by addressing the root cause rather than implementing short-term fixes.
Supplier CAPs must adhere to Cisco deadlines informed by the RBA VAP Protocol. Suppliers must close nonconformances according to Cisco's policies, depending on the severity of the nonconformance. We consider nonconformances closed after we review evidence confirming that workers have been remediated, communicated to, and/or trained on revised policies and procedures. As needed, we use third-party auditors to conduct closure audits on site, as informed by the RBA VAP protocol.
In fiscal 2023, our closure rate of priority and major nonconformances was 99 percent, excluding nonconformances for working hours and social insurance. We do not include working hours and social insurance nonconformances when calculating closure rates, as they can take longer to implement than RBA's recommended closure guidelines. Of the nonconformances that were not closed during the year, most were due to specific permits awaiting government approval and related activities that did not pose particular risks to workers or the environment.
Capability building
Training and building the capabilities of our suppliers is necessary to make lasting improvements to working conditions. Some suppliers require more coaching and monitoring than others. This depends on the maturity of their programs and the complexity or severity of issues discovered in audits.
For suppliers undergoing the RBA audit for the first time, or that received a low audit score, we conduct a CAP kickoff meeting to comprehensively review nonconformances and provide in-depth coaching on how to improve. Cisco may coach suppliers and share best practices or assign e-learning courses delivered through RBA's e-Learning Academy according to their audit nonconformances. These courses help them gain an understanding of requirements and build more effective CAPs.
Our goal is to proactively train suppliers on best practices. For fiscal 2023, Cisco delivered the following trainings to address the most frequent issues identified in fiscal 2022 audits, as well as to support overall RBA requirements:
- Newly onboarded RBA code supplier training: This training focused on helping newly onboarded suppliers understand general RBA Code requirements, including elevating the top issues Cisco sees in RBA audits. In addition, the training offered newly onboarded suppliers an overview of best practices on how to address common issues, including fees passed on to workers, and Cisco's expectations on supplier evaluation risk performance. More than 16 attendees from at least 13 sites attended this session.
- Health and safety risk assessment and management training: This training highlighted the latest RBA requirements on health and safety risk assessments. The training also shared emerging best practices on how to assess and control for risks identified. It highlighted common workplace health and safety hazards and actions to protect workers from exposure. A total of 137 attendees from more than 48 sites joined this session.
- Industrial hygiene training: This event trained Cisco suppliers on the latest RBA code requirements on industrial hygiene and provided a preview of what will be changed in the updated version of the code. There were 58 attendees from more than 36 sites that attended this training.
We continue developing trainings based on suppliers' needs and trends that we identify throughout the year.
Expanding the Supplier Code of Conduct to indirect suppliers
We have taken steps to expand the application of our Supplier Code of Conduct to our indirect supply chain, or suppliers that provide goods and services not directly related to the manufacturing of Cisco products. Since fiscal 2020, we have required indirect suppliers to abide by the code.
During fiscal 2023, Cisco conducted a risk assessment on our global preferred suppliers within indirect procurement. The global preferred suppliers were prioritized based on their strategic relationships to Cisco and included more than 80 percent of Cisco’s indirect spend. The process assessed specific spend categories against the potential for human rights impacts and risks to worker wellbeing. To identify high-risk suppliers, Cisco leveraged existing risk management data, including data obtained during the supplier onboarding process, open ethics cases, denied parties list, and geographic supply chain risk considerations. The result of the risk assessment was a total of 15 suppliers in six countries that required further investigation. To understand the potential risks at these supplier sites, Cisco leveraged the RBA Indirect Spend SAQ. This questionnaire, which Cisco was involved in developing, was created to help companies better understand the unique risks posed by indirect suppliers. The RBA provides a risk rating for submitted SAQs to help companies determine appropriate actions to address identified risks.
Indirect SAQs submitted to date have been deemed “low risk.” Using the findings from this process, Cisco compiled key best practices to inform our procedures moving forward. Cisco continues conducting due diligence to better understand risks facing our indirect supply chain and prepare those suppliers to mitigate risks in their own operations.
Cisco continues to participate in the RBA Working Group on Indirect Supply Chains. This group focuses on understanding key human rights, environmental and ethical risks associated with indirect spend suppliers, and developing special tools to assess, remedy, and prevent future risks. Collaborating with industry peers and the RBA has allowed us to adapt tools and processes to the indirect procurement space while collectively learning and addressing unique challenges related to service procurement.