The Supply Chain Due Diligence Act (LkSG) module helps you to understand and mitigate sustainability risks in your supply chain. Find out how you can do this with the help of Daato in this step-by-step article.
Introduction to the module and Launchpad
First of all, welcome to the LkSG module. Here we give you an initial overview of how the module is structured:
With the help of our launchpad, we also explain the various steps you can take with Daato to fulfil essential requirements of the LkSG. See how the workflow works here:
Module settings
Before you start working in the module, you should first look at the settings. There you can adjust the risk settings, activate the complaints mechanism, activate the use of the organisational structure and store your code of conduct(s) in order to request the consent of suppliers. You can see how this works here:
Background: Daato's risk logic was developed and reviewed together with the law firm Hogan Lovells. The risk classifications are based on more than 50 globally recognised country risk indices and various background documents on product risks. Find out more about our risk logic here.
Complaints mechanism
It is a requirement of the LkSG to offer a publicly accessible complaints mechanism. You can do this with the help of Daato by activating the LkSG complaints mechanism in the settings and including the associated link on your company website. Parties who wish to submit a complaint can then do so by clicking on the link. You can see how this works in these videos:
Supplier directory
Once the settings have been set up, it is now time to upload your suppliers to the tool and carry out the abstract risk analysis. This is done in the supplier directory, which is a list of all your suppliers together with their risk classification. You can filter this list and quickly interact with suppliers via the directory, by requesting self-assessments for example.
You can see how this directory works here:
However, the basis of the directory is the supplier data with which it must be filled with. You can find out how to upload suppliers here:
To upload the supplier data, you need the supplier name, a contact email, the country in which the supplier is based and the product that the supplier delivers to you. These two criteria form the basis of the abstract risk assessment. In this article, you will learn what you need to consider in detail when uploading supplier data.
Supplier profile
You can also access the supplier profile via the supplier directory. Here you can find out more about the risk assessment of the respective supplier, the answers to the self-assessment, store more detailed data about the supplier and also track the interaction with the supplier. Here you can see how the profile is structured:
Abstract risk assessment
A centrepiece of the LkSG is the abstract risk assessment. The law requires companies to classify and prioritise all their suppliers according to country and sector risk. The abstract risk assessment thus provides a very good overview of potential risks in the supply chain and potentially high-risk suppliers that you as a company should better deal with.
Concrete risk assessment using the code of conduct
After the , you are now faced with the decision of how to proceed and which risks you would like to analyse and manage more specifically. Our specific risk analysis can help here. At Daato, this comprises various steps, including obtaining your suppliers' consent to the Supplier Code of Conduct.
The LkSG requires that you as a company not only introduce a company-internal code of conduct that includes the risk categories of the LkSG, but also a supplier code of conduct (which also covers the risk categories of the LkSG).
On Daato, you can upload the supplier code of conduct in the settings and then obtain approval from suppliers via the supplier directory. If you have already done this outside of Daato, you can document this in the supplier profiles.
Watch this video to find out how to set up the functionality and obtain your suppliers' consent to the Supplier Code of Conduct:
Suppliers will then receive an email from Daato with a message written by you. They can then agree to your code of conduct by logging into the Daato platform, reject your request or upload an alternative document, which ensures that the requirements of your code of conduct are met.
Concrete risk assessment using the self-assessment
In addition to the option of obtaining consent to the Code of Conduct, the specific risk assessment on Daato includes the so-called supplier self-assessment. Together with Hogan Lovells, we have developed a self-assessment questionnaire for this purpose. You can send this to high-risk suppliers to check whether abstract risks are actually well-founded or whether the suppliers have introduced any measures to mitigate risks.
The feature works in such a way that only risk categories that exceed the standard risk threshold (medium) or the risk threshold you have customised are requested. This means that suppliers are not unnecessarily burdened, but only answer the points where there is cause for concern based on the abstract risk analysis.
Sending and requesting the self-assessment works as follows:
Suppliers will then receive an email from Daato with a message written by you. They can then answer the questionnaire by logging into the Daato platform, upload evidence documents and send the completed self-assessment back to you. This works as follows:
As soon as the supplier has answered the self-assessment and sent it back to you, you will receive a notification by email. You can also see which feedback you have received in the system under the request menu item. To view the results, either click on the supplier's feedback in the request menu or go to the self-assessment tab via the supplier profile, as shown in the following video.
Here you can now see how the supplier has responded, which documents have been uploaded, etc. Depending on the supplier's answers, the supplier's risk assessment will now also change. For example, if a supplier has a high country risk for child labour as a result of the abstract risk analysis, but can now prove with the help of the self-assessment that sufficient internal guidelines and measures exist to mitigate this risk, the risk is reduced. You can see what the self-assessment looks like in the following video.
If the answers in the supplier's feedback are missing or unsatisfactory, you can also request a correction in the request.
Preventive measures
After carrying out the self-assessment, it is also possible to request further preventive measures from the supplier.
This works as follows: if you consider the feedback and measures that the supplier has taken in certain risk categories to be insufficient, you can request that the supplier take further measures. For this purpose, various measures are suggested by default on Daato, which you can select and which are directly linked to the risk logic from the self-assessment. The supplier therefore has the option of minimising risks that have become transparent as part of the self-assessment by taking their own measures.
To do this, use the "Request preventive measures" button in the supplier directory or initiate this action directly in the supplier profile.
The supplier is then asked to introduce certain measures within a certain period of time, for example an internal guideline on the avoidance of child labour, and can accept or reject these. If the supplier implements the requested measures, this would have a positive impact on its risk assessment.
Incidents
In addition to the abstract and concrete risk assessment, it is possible to track potential incidents in your supply chain via Daato. These can arise from three situations on Daato:
- Complaint mechanism
- Media monitoring
- Historical incidents
The complaint mechanism and its function have already been explained in this article.
Media monitoring is an add-on feature that Daato offers on request. Please contact our support team directly.
Historical incidents are incidents that have happened in the past and can be entered manually to ensure that the supplier has a history of past incidents.
Watch this video to find out how the Incidents menu item works:
Remedial action
In response to incidents such as complaints received, you can also request corrective action from the supplier. This works in a similar way to the preventive measures, but Daato does not suggest any measures here because the incidents are usually very case by case. Instead, you can formulate a message to the supplier in which you ask them to take specific steps to remedy the situation.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article