ON THIS PAGE:

Risk assessment Self-assessment and audits

Key audit nonconformances and actions Corrective Action Plans

Code of Conduct

The Supplier Code of Conduct captures our expectations of suppliers for labor, health and safety, environment, ethics, and management systems.

Our Cisco Supplier Code of Conduct is a cornerstone of our commitment to the OECD Due Diligence Guidance for Responsible Business Conduct and the UN Guiding Principles (UNGPs) on Business and Human Rights. As a founding member of the Responsible Business Alliance (RBA), Cisco contributed to the development of the RBA Code of Conduct and adopted the Code as our own Supplier Code of Conduct. The RBA sets consistent standards to drive social and environmental responsibility across global supply chains and is comprised of electronics, retail, auto, and toy companies. These standards set a baseline from which to catalyze broad systems change. We hold our suppliers—and their suppliers—accountable to the Supplier Code of Conduct and other responsible sourcing policies.

The supplier engagement process is essential to drive improvement within our supply chain and across our industry. We believe it is imperative to continually evaluate our suppliers and help them improve through leadership, support, and education. The engagement process includes five main phases, described below:

Supplier engagement on Code of Conduct

Risk assessment

Each year we evaluate our supply base to prioritize suppliers and sites for onsite RBA audits. This annual assessment includes social and environmental risk factors, inherent risks from operations and production, and exposure to those risks. We rely on reputable sources to assess vulnerabilities and protections in the geographies where suppliers operate. Reputable sources and data include:

The UN Human Development Index
World Bank Governance Indicators
Indicators for forced labor such as the U.S. State Dept. Trafficking in Persons Report
Indicators for environmental health and performance

Our assessment methodology includes criteria for assessing the presence of vulnerable workers such as foreign migrant workers, young workers, and student workers. The inclusion of these factors has helped increase our due diligence focus on protecting vulnerable workers. In fiscal 2023 we are going to further develop targeted strategies to address the vulnerable worker risks specific to certain regions. Although Cisco already has strategies informed by group and region, we want to deepen this strategic approach and consult with rightsholders to inform those strategies.

We also incorporate suppliers' previous audit performance and repeated nonconformances in our overall methodology. The results of this assessment feed into our due diligence, audits and assessments, and supplier engagement plans.

Risk assessment process

Geographic risk factors

Human development and governance indicators
Forced labor and human trafficking indicators
Environmental
performance indicators

Supply chain risk

Past social and environmental performance
Presence of vulnerable workers
Unresolved issues and repeat findings

Exposure risk

Cisco's strategic relationship with supplier

Self-assessment and audits

We have adopted the RBA's industry-standard accountability and assessment tools. These include Self-Assessment Questionnaires (SAQs) and the Validated Assessment Program (VAP) for onsite audits. SAQs engage suppliers to assess their conformance to the RBA Code of Conduct and identify any gaps. Using RBA's industry-standard programs and protocols reduces survey and audit fatigue and gives suppliers clear conformance expectations. The assessments give suppliers insight into their own performance and help Cisco develop leading indicators for risks that can be addressed during an audit or other due diligence processes.

Self-assessment questionnaire coverage by supplier type
	FY19	FY20	FY21	FY22
Manufacturing partners	FY19: 100%	FY20: 100%	FY21: 100%	FY22: 100%
Components suppliers (by spend)	FY19: 80%	FY20: 80%	FY21: 85%	FY22: 92%
Logistics suppliers	FY19: 100%	FY20: 100%	FY21: 65%	FY22: 100%

Our comprehensive supplier auditing program helps suppliers build capability and improve their performance. Third-party auditors trained and certified in social and environmental auditing and RBA's VAP protocols conduct audits on site. Auditors walk through production areas, dormitories, and canteens; interview workers and management; and review policy and procedure documentation. More information about VAP standard protocols can be found on the RBA website.

Suppliers share their audit results with Cisco through the RBA-ONLINE platform. We require regular audits of manufacturing partners every two years. Each year, we audit at least 25 percent of component supplier facilities that are deemed high risk according to our annual risk assessment process.

RBA Initial Audits conducted by supplier type¹
	FY17	FY18	FY19	FY20	FY21	FY22
Manufacturing partner facilities	FY17: 4	FY18: 13	FY19: 8	FY20: 6	FY21: 16	FY22: 12
Component supplier facilities	FY17: 49	FY18: 47	FY19: 67	FY20: 60	FY21: 78	FY22: 107
Logistics service provider facilities	FY17:	FY18:	FY19:	FY20:	FY21:	FY22: 2
Total	FY17: 53	FY18: 60	FY19: 75	FY20: 66	FY21: 94	FY22: 121

1 Initial Audits cover the full scope of the RBA Code as opposed to 'Closure' audits, which are leveraged to address nonconformances identified from a previous Initial Audit.

In fiscal 2022, 121 Cisco supplier facilities conducted RBA audits. We estimate these audits covered more than 390,000 workers in our supply chain. Working hours and emergency preparedness remained the largest portion of our audit nonconformances. There were no priority nonconformances in the environment and ethics code sections during fiscal 2022. We are continuing to work with suppliers to drive conformance to our standards and develop long-term improvement plans when necessary.

Number of workers covered by RBA Audits in FY22²
	Male	Female	Total	Foreign migrant workers
Manufacturing partners	Male: 24,812	Female: 25,899	Total: 50,711	Foreign migrant workers: 5366
Components suppliers	Male: 156,016	Female: 189,904	Total: 345,920	Foreign migrant workers: 13,310
Logistics suppliers	Male: 233	Female: 84	Total: 317	Foreign migrant workers: 0
Grand total	Male: 181,061	Female: 215,887	Total: 396,948	Foreign migrant workers: 18,676

2 Includes our manufacturing and components suppliers only.

Key audit nonconformances and actions taken across the globe

Here are some of the most common audit nonconformances in fiscal 2022, including nonconformances that are persistent and challenging.

click on the sections for more info

Freely Chosen Employment (recruitment fees)

China
Japan
Malaysia
Philippines
Singapore
Taiwan

Finding

Workers pay fees that should be paid by the employer (e.g., health check fees, recruitment fees, passport fees)
Employers reimburse workers after commencing work instead of preventing workers from paying during recruitment process

Action plan

Reimburse money owed back to workers per Code requirement and stop allowing workers to be charged fees
Establish Employer Pays Policy and communciate this to the workers and labor agency

Context

Some employers interpret an "Employer Pays Policy" as allowing workers to be reimbursed instead of employer covering all recruitment-related fees up front.

Working Hours and Days of Rest

China
Germany
Japan
Malaysia
Mexico
Philippines
Singapore
Taiwan
Thailand
Vietnam

Finding

Hours worked in a workweek exceed 60 hours
Workers do not receive at least one day off every seven days
Overtime exceeds local law

Action plan

Recruit more workers, improve process automation, establish limits and procedures for approving overtime, and internally monitor the working hours
Arrange the production plan to align with shift planning processes
Accelerate cross-training of workers
Improve customer demand forecasts to inform human resource needs

Context

COVID-19 controls, material shortages, and labor shortages contribute to more overtime.

Wages and Benefits

China
Taiwan

Finding

Workers receive social insurance, but deductions are not calculated according to legal requirements

Action Plan

Enroll workers into social insurance and housing fund programs
Ensure wage deductions for social insurance and housing fund programs are calculated aligned to local law
Communicate social insurance and housing fund changes/knowledge to workers and try to meet legal requirements
As local government accepts current practice on social insurance and housing fund, improve these issues step by step under the willingness of workers and through sufficient communication with workers

Context

Chinese social insurance and housing fund standards vary across provinces. Workers, especially domestic migrant workers, cannot always access social insurance funds. As a result, some opt out of certain insurance deductions, most commonly housing funds.

Occupational Safety (adequate health and safety hazard control)

China
Japan
Philippines
Malaysia
Singapore
Taiwan
Vietnam

Finding

Occupational safety hazards not sufficiently identified
Missing adequate control measures to minimize worker exposure, e.g., missing handrail and guardrail for stairs and platforms that required it
Relevant procedure inadequate as missing tagout/lockout program,
Not following the Hierarchy of Controls

Action plan

Update risk assessment and programs to identify all the potential health and safety hazards that could expose workers to harm
Install proper safety equipment (e.g., handrails, guardrails) and signage
Normalize regular inspections by EHS staff and regular training to workers

Context

Leads responsible for identifying potential hazards are not always adequately trained in legal requirements or health and safety best practices, causing workers to also receive inadequate training for reducing exposure.

Emergency Preparedness (emergency exit doors)

China
Japan
Malaysia
South Korea
Switzerland
Taiwan
Thailand

Finding

Exit discharge and exit route doors do not meet legal/RBA requirements, such as missing emergency exits, blocked exits and evacuation routes, and improper fire doors
Missing or inappropriate emergency exit lighting, directional signs

Action plan

Identify, procure, and install enough exits and fire emergency doors, signs, and lights as required
Develop and implement procedures for routine inspections and monitoring
Update and train workers on new emergency procedures and train people on RBA requirements

Context

In some cases, suppliers have the inappropriate type of doors or lighting installed for adequate emergency evacuation.

Review Cisco RBA audit nonconformance results here

Corrective Action Plans

When we receive RBA audit reports, individual nonconformances are recorded and tracked through various phases from discovery until closure. Suppliers must develop Corrective Action Plans (CAPs) for individual nonconformances. In this process, suppliers identify the root cause for the nonconformance and develop an action plan with proposed changes to policies, procedures, worker training, or communications. They also propose key performance indicators to measure the effectiveness of their actions. Plans are submitted to Cisco and approved only if they meet our requirements.

If a CAP does not meet our requirements, we coach suppliers in root cause analysis using best practice frameworks, such as the 5 Whys or Fish-Bone mapping. This work drives lasting positive change by addressing the root cause rather than implementing short-term fixes.

Supplier CAPs must adhere to Cisco deadlines informed by the RBA VAP Protocol. Suppliers must close nonconformances according to Cisco's policies, depending on the severity of the nonconformance. We consider nonconformances closed after we review evidence confirming that workers have been remediated, communicated to, and/or trained on revised policies and procedures. As needed, we use third-party auditors to conduct closure audits onsite, as informed by the RBA VAP protocol.

In fiscal 2022, our closure rate of priority and major nonconformances was 92 percent, excluding nonconformances for working hours and social insurance. We do not include working hours and social insurance nonconformances when calculating closure rates, as they can take longer to implement than RBA's recommended closure guidelines. Of the nonconformances that were not closed during the year, most were due to specific permits awaiting government approval and related activities that did not pose particular risks to workers or the environment.

Most of the social insurance nonconformances are identified in China. A nonconformance occurs when social insurance deductions exclude overtime as part of the worker's total wages, resulting in lower contributions toward social insurance withholdings. Sometimes, in-country migrant workers prefer lower deductions if they know they will have trouble accessing future benefits. When addressing these nonconformances, we ask suppliers to survey their workers to understand their workers' preferences before adjusting paycheck deductions. In most cases, workers prefer to use their base wages for calculating social insurance withholding so that they can increase their take-home pay.

Capability building

Training and building the capabilities of our suppliers is necessary to make lasting improvements to working conditions. Some suppliers require more coaching and monitoring than others. This depends on the maturity of their programs and the complexity or severity of issues discovered in audits.

Cisco may coach suppliers or assign e-learning courses delivered through RBA's e-Learning Academy. For suppliers undergoing the RBA audit for the first time, or that received a low audit score, we conduct a CAP kickoff meeting to comprehensively review nonconformances and provide in-depth coaching on how to improve. We will share best practices with suppliers and assign courses to suppliers new to RBA audit and according to their audit nonconformances. These courses help them gain an understanding of requirements and build more effective CAPs.

For fiscal 2022, Cisco delivered the following trainings to address the most frequent issues identified in fiscal 2021 audits, as well as to ensure compliance with the overall RBA requirements. The goal is to proactively train suppliers who are not yet aware of best practices.

Newly onboarded RBA code supplier training: This training focused on helping newly onboarded suppliers understand general RBA Code requirements, including elevating the top issues Cisco sees in RBA audits. In addition, the training offered newly onboarded suppliers an overview of best practices on how to address common issues, including fees passed on to workers, and Cisco's expectations on supplier evaluation risk performance. More than 31 attendees from at least 20 sites attended this session.
Protection of pregnant women and nursing mothers training: This training for suppliers highlighted the latest RBA code's requirement on protecting pregnant women and nursing mothers. The training also shared emerging best practices not yet captured in the code. At its core, the training covered the physiological and psychological changes affecting pregnant women and nursing mothers, and related workplace risks for these workers. There was a discussion of processes suppliers can implement to assess these risks for these workers and best practices to protect them. A total of 156 attendees from more than 90 sites joined this session.
Next-tier supplier management training: This event trained Cisco suppliers in management systems to effectively hold their own suppliers accountable to the RBA Code. The goal is to strengthen the cascading of our standards to the sub-tiers of our supply chain. At this training, 89 attendees from more than 60 sites attended.

At the end of the trainings, participants were surveyed on their understanding of the content. Survey results showed the modules had improved suppliers' overall clarity around due diligence processes and human rights protections. We will continue developing trainings based on suppliers' needs and trends that we identify throughout the year.