This article contains a summary description of Ignite and Føyen's recommended methodology for addressing the Transparency Act.

As a customer, you should also have been sent a shared document containing a detailed step-by-step checklist, as well as access to relevant documents.

Get in touch via live chat in Ignite if you are missing information or have any questions.

Get an overview of all your suppliers in a system that is easy to work with.

In Ignite, you get a complete overview of your suppliers in our "Supplier table". Here you can search, sort and filter your suppliers based on the information you have associated with your suppliers. This is fundamental to being able to carry out further risk mapping of the supplier base.

Do an initial risk assessment of your suppliers.

The first step in the due diligence assessment is to map and assess the negative impact and damage the company either directly or indirectly contributes to. You want to be able to answer whether there is risk in the activities and value chain of your own company. Ignite helps you make an initial risk assessment of the supply chain to be able to refine further mapping to where the risk is greatest.

With our geographic and industry risk parameters, the company gets a starting point to be able to say something about the social risk of its suppliers. Furthermore, you can also use more parameters, if you have them available, to make risk assessment even more relevant for your own use. Factors here can e.g. be the type of product/service the supplier delivers, the production process, whether they have signed their code of conduct, whether you have a contract that sets certain requirements, or other factors. The aim of this is to use all available information to set a "Social risk" for the suppliers so that you have a picture of where the risk is greater and less. This becomes a data point on the supplier which can be found again in the supplier table.

Geographic/Country risk from Ignite:

From Ignite, you get a predefined risk parameter on country risk which is based on ITUC's index for workers' rights. Here, a country can be categorized into 6 different categories.

Industry risk from Ignite:

Industrial risk is also a predefined risk parameter based on the European Bank for Reconstruction and Development, which has categorized NACE codes (European standard for industrial codes) against social risk.

Social risk:

Based on geographic and industry risk, we set up a starting point for social risk for the suppliers who are uploaded. For suppliers where we cannot find a country or NACE code, we put a note that more information is needed about the supplier.

Custom Evaluation:

If you want to add a column for your own risk assessment, you kan do this by pressing the + sign at the upper right of the supplier table.

​

Once you have identified suppliers where you believe the risk is greater for violations of human rights and decent working conditions, we recommend that the next step is to send them a self-evaluation. The purpose of the self-evaluation is to find out whether the company has the necessary procedures in place and takes human rights and decent working conditions seriously.

Ignite offers a template for a questionnaire that we believe can reveal whether a supplier has any red flags that should be followed up more closely. This is not adapted to industry, but tries to cover things that are relevant for every company. In Ignite, you can of course set up exactly the questionnaires you want, so it will be possible to adapt either one or more forms according to your needs.

The easiest way to send out a self-assessment form to several suppliers is to use our supplier overview. Here you can filter the various data values you have stored about your suppliers, e.g. social risk = "High", and then select suppliers individually or all to start sending out self-assessments.

When the responses start to come back, the work begins to process and decide how each supplier has responded. The point of the forms is precisely to uncover risks or actual violations of human rights or decent working conditions. The answers from the questionnaire can be found in Ignite by clicking on the form and clicking on the "Answers" tab. Here are the answers with date, which campaign they belong to, the company and which contact person received the form. You can read the answers directly in Ignite or export the table to excel.

Once you have read through the answers, it may be a good idea to update the risk parameter for the given suppliers. If you find no reason to think that there may be further risk, you can create a new parameter about the supplier which marks that they have been assessed without reason for further follow-up. See the bottom section of article 2 in this guide for more info.

Consider the need for further investigations and any measures

Based on the answers you receive, you can think that there is reason to either report on risk and/or do further follow-up with the supplier. Here, typical measures could be to engage in dialogue to agree on improvements, use industry networks if you cannot influence alone, carry out an audit via a third party in connection with social risk and, in the worst case scenario, find an alternative supplier. The Norwegian Consumer Protection Authority and the OECD always encourage communication and try to improve suppliers rather than cutting off contact, which should be the last resort if the situation cannot be improved.

This step is about working together with the suppliers you perceive to be the most risky or where there have been negative consequences. Here it is clear that one must prioritize (based on severity and probability of damage) as the work with due diligence assessments must be consistent with the circumstances in which the company operates. This is in accordance with what the "OECD guide for due diligence assessments" describes for points 2 and 3 in a due diligence assessment. Much of the work here will have to take place outside Ignite, but you can use the product to log who you have chosen to follow up on.

Once the due diligence assessment has been carried out: the required measures have been started and, if necessary, the restoration of damages has started, according to the Openness Act, a report must be submitted before 30 June each year.

The report must, as described in part 1 of this guide, contain both the process surrounding the due diligence assessment and findings, measures and preliminary results of any measures. Ignite and Føyen offer customers a template that can be used for this purpose, and have subchapters that cover all the requirements for the report.

The template describes the parts of the due diligence carried out in Ignite, but it is described in general terms, as each company uses different risks and processes to do due diligence. You customize the template for what is specific to your company. As a customer, you should have already been given access to this template and an explanation of the template in a shared document, but please get in touch in the chat if this is not the case and you wish to receive it.