Commitment to continuous improvement is essential to sustained progress in supply chain social responsibility. Our concentrated effort to lead and encourage our supply chain to embrace positive change has generated many improvements. This section includes successes that IBM and our suppliers achieved in 2016, along with our approach to the challenges that still remain.


IBM’s Social and Environmental Management System for its suppliers

In 2010, IBM established a requirement that first-tier suppliers create a management system to address their social and environmental responsibilities. Our objective in establishing this requirement was to help our suppliers build their own capability to succeed in this area. In summary, suppliers are required to:

  • Define, deploy and sustain a management system that addresses intersections with employees, society and the environment, and that addresses integration with and compliance to the Electronic Industry Citizenship Coalition (EICC) Code of Conduct.
  • Measure performance and establish voluntary, quantifiable environmental goals in the areas of waste, energy and greenhouse gas emissions.
  • Publicly disclose results associated with these voluntary environmental goals and other environmental aspects of their management systems.
  • As part of their social and environmental management system, conduct self-assessments, audits and senior leadership reviews of their system.
  • Cascade these requirements to their next-tier suppliers.

In 2016 over 1,200 new suppliers — primarily from the Services and General Procurement sector of our supply chain — were afforded a period not to exceed 12 months to demonstrate compliance with these requirements. Suppliers are tracked monthly and action is taken by purchasing to ensure plans reach acceptance.

More information on these eight supplier requirements may be found on IBM’s supply chain environmental responsibility webpage.


Supply chain social responsibility

Supply chain social responsibility has been a key element of IBM’s procurement strategy since 2004. Today, supply chain social responsibility is a mainstream topic within the technology sector, as the EICC continues to expand and attract new members each year. As a founding member of the EICC, IBM endorses the EICC Code of Conduct for its internal operations and requires the same of our first-tier suppliers for hardware, software and services. IBM communicates our requirement for EICC code compliance at the initial stages of supplier onboarding. Continuous focus on social responsibility as part of our daily business and the commitment of our suppliers has led to many improvements over the past decade and a half. Along with partaking in EICC-generated education, audits and re-audits continue to play a valuable role in providing our suppliers with objective, third-party evidence to determine if their operations are code-compliant or need further improvement.

IBM’s continued focus on improving supply chain compliance manifests itself through assessing a cross-section of our supply chain in the developing world. In this report we are communicating the outcomes of these audits and sharing the results of improvements made by our suppliers, which have positively affected working conditions for thousands of people employed in our extended supply chain.

In 2016, audits to the EICC Code of Conduct took place simultaneously for both our Production and Logistics Procurement suppliers, and those in the Services and General Procurement supply chain. Generally, companies that perform social responsibility assessments on their suppliers focus on factories producing hardware componentry. Historically, this is where perceived risks of noncompliance with Labor, Health and Safety, and Environmental aspects were thought to be higher. However, IBM has long maintained a dual path of supplier assessments and included its services and general purchasing suppliers. Our experience has been that risk of noncompliance is present in these sectors as well, since services suppliers may be less familiar with health and safety and environmental aspects of the EICC code. By including both categories of suppliers we have assessment coverage across our broad set of suppliers, which permits testing of code compliance across the spectrum of suppliers in critical emerging areas such as the prevention of human trafficking. For all of its supplier assessments, IBM continued its long-standing use of the EICC’s Validated Audit Process (VAP), the standardized social responsibility audit developed by the electronics industry.

By year-end 2016, the total number of full-scope audits (not counting re-audits) in the 12-year time frame reached 1,921. These assessments measured supplier compliance to the EICC code and in earlier years — prior to 2010 for Production Procurement suppliers, and 2012 for Services and General Procurement suppliers — to IBM’s Supplier Conduct Principles. Since 2013, IBM has been using the EICC’s Validated Audit Process exclusively for all of its supply chain social responsibility assessments. In order to depict this transition accurately, last year we separated our audit history to show results prior to full EICC audit usage, as well as after. Audit results from 2004 through 2012 are shown in a heritage chart (available in our 2015 report). Starting this year, we will focus exclusively on audit and re-audit results from 2013 onward which are attenuated exclusively to the EICC code and its provisions. This change allows us to present suppliers’ audit results exclusively against the EICC code without any lingering influence from audits performed to the legacy IBM Code of Conduct.

From 2013 through year-end 2016, IBM’s suppliers were engaged in 330 full-scope EICC audits. Data included in the 2013-16 cumulative chart includes second-, third- and fourth-cycle full-scope audits reflecting IBM’s practice of including social assessment as part of its ongoing engagement with suppliers. For the EICC audit results, we are showing two levels of data. The first level depicts the percentage of major and minor nonconformance to the EICC code based on the five pillars of the code: labor, health and safety, environmental, ethics, and management system. (For reporting purposes, incidents of priority nonconformance found during IBM-commissioned audits to the EICC code are consolidated into major nonconformance depicted in the charts.)

2013 – 16 full audits: Distribution of nonconformances

2013 – 16 full audits: Distribution of nonconformances 30% Labor 28% Health and safety 23% Management systems 11% Ethics 8% Environmental

Our second-level data reporting presents the 10 most frequent code nonconformance (major and minor) for these same 330 full-scope audits, showing both major and minor nonconformance. (For reporting purposes, incidents of priority nonconformance found during IBM-commissioned audits to the EICC code are consolidated into major nonconformance depicted in the charts). For linkage of the provisions to the five code sections, we have noted this via abbreviation: Lab (labor), H&S (health and safety), Env (environmental), Eth (ethics) and Mgt (management system).

Full audit results: 330 total, cumulative 2013-16

Emergency preparedness (H&S)

Emergency preparedness (H&S)

23

13

Working hours (Lab)

Working hours (Lab)

23

11

Freely chosen employment (Lab)

Freely chosen employment (Lab)

12

5

Occupational safety (H&S)

Occupational safety (H&S)

10

5

Wages and benefits (Lab)

Wages and benefits (Lab)

9

5

Occupational injury and illness (H&S)

Occupational injury and illness (H&S)

9

4

Management accountability and responsibility (Mgt)

Management accountability and responsibility (Mgt)

8

4

Hazardous substances (Env)

Hazardous substances (Env)

6

3

Audits and assessments (Mgt)

Audits and assessments (Mgt)

6

3

Food, sanitation and housing (H&S)

Food, sanitation and housing (H&S)

6

3

In 2016, IBM engaged its first-tier suppliers in 63 full-scope audits and 36 re-audits for a total of 99 assessments in 15 countries or territories. China was the most active for audits and re-audits, followed by Mexico, Taiwan, India, Malaysia, Singapore and the Philippines. Of these assessments, 78 percent were with our Production and Logistics suppliers, and 22 percent with our Services and General Procurement suppliers. Eleven countries had re-audit activity, following audits conducted in the prior two years, as we aim for re-audits to follow any full-scope audits with noncompliance. Year to year, total audits and re-audits performed decreased 34 percent as a result of changes in business with suppliers caused by prior years’ divestitures of System x servers and Microelectronics Group business units. Full audits were commissioned only with suppliers having continued IBM business; re-audits were completed with divested suppliers in order to complete the EICC recommended cycle. By comparison with aggregated data from the 2016 EICC annual report (page 28), IBM’s 63 full-scope audits comprised 17 percent of all full-scope EICC audits conducted, while IBM’s 36 re-audits represented 22 percent of all EICC re-audits performed in 2016.

2016 completed audits by country

China

China

41

23

Mexico

Mexico

11

10

Taiwan

Taiwan

8

6

India

India

7

6

Malaysia

Malaysia

6

3

Singapore

Singapore

5

3

Philippines

Philippines

5

3

Thailand

Thailand

4

2

Korea

Korea

4

1

Hungary

Hungary

2

1

Brazil

Brazil

2

1

The following chart depicts the 2016 full audit results mapped to the five sections of the EICC code.

2016 full audits: Distribution of nonconformances

2016 full audits: Distribution of nonconformances 35% Labor 35% Health and safety 14% Management systems 13% Ethics 4% Environmental

In 2016, the largest two contributors to noncompliance were labor, and health and safety. The environmental category improved its compliance level as a result of continued dialogue with our suppliers &mash; as described earlier, relating to our requirement for suppliers to have a social and environmental management system in place. Examining 2016 audit results at the second level of data reporting, the following chart depicts the 10 most frequent nonconformances found in the 63 full-scope audits.

2016 full audit results (63 total)

Working hours (Lab)

Working hours (Lab)

20

7

Emergency preparedness (H&S)

Emergency preparedness (H&S)

12

10

Hazardous substances (Env)

Hazardous substances (Env)

7

5

Occupational safety (H&S)

Occupational safety (H&S)

5

4

Food, sanitation and housing (H&S)

Food, sanitation and housing (H&S)

5

3

Supplier responsibility (Mgt)

Supplier responsibility (Mgt)

5

2

Wages and benefits (Lab)

Wages and benefits (Lab)

4

3

Freely chosen employment (Lab)

Freely chosen employment (Lab)

4

2

Occupational injury and illness (H&S)

Occupational injury and illness (H&S)

3

2

Nondiscrimination (Lab)

Nondiscrimination (Lab)

3

1

Among the 63 full-scope EICC audits in 2016, 52 were from Production Procurement suppliers and 11 were from Services and General Procurement suppliers; in the latter group, these often were the first time suppliers were assessed to the EICC Code of Conduct. IBM is one of the pioneering companies in the extensive use of EICC audits in the so-called indirect supply chain (services and software).

In 2016 full-scope audits, four of the top 10 nonconformances were labor-oriented and four were related to health and safety. Audits are a valuable tool, and if combined with long-term supplier relationships and suppliers’ agreements to invest in improvements toward code compliance, they can help drive relative long-term improvement. For example, consider “working hours.” By comparing results over the near- and mid-term, we can see improved results. In 2016 data, combined major and minor nonconformance for working hours was 20 percent for audits conducted; in 2015 it was 26 percent. “Emergency preparedness” saw an improvement from 2015’s 21 percent to 12 percent in 2016. And “freely chosen employment” saw noncompliance drop from 15 percent total to 4 percent in 2016. The EICC Code (by design) is very robust in management systems relating to an organization’s structure to attain and maintain long-term compliance to the code provisions. Suppliers with nonconformance were often lacking one or more elements of a strong management system — having documented goals, objectives, metrics, periodic reviews with in-line management and tracking of closure actions. For each nonconformance found in an EICC assessment, the EICC audit report provides a description of the finding — and very importantly, a cross-reference to the specific provision of the EICC code and/or the local law or regulation. This level of detail is an important feature of an EICC audit and enables suppliers to isolate the root cause of any finding and work on lasting improvements.

IBM’s supplier assessment activity stringently follows the methodology developed by the EICC, whereby audited suppliers create and submit a CAP for all nonconformance discovered in an assessment. This requirement is a core tenet of IBM’s supplier management system and is fully supported by IBM Global Procurement and its executive team. The CAP enables the audited company to create meaningful targeted improvements — and later, test their effectiveness by means of a re-audit. During 2016, 117 supplier CAPs were reviewed and accepted within 90 days of submission, reflecting audits and re-audits that occurred in late 2015 and throughout 2016.

The effectiveness of our audit/CAP/re-audit system is depicted by comparing “before and after” results of suppliers undergoing a complete assessment cycle, as shown by the following chart. Re-audits conducted during 2016 at 36 Production and Services and General Procurement suppliers are compared with their full-scope audits (conducted over the 2013-15 timeframe). For ease of reading and comparison, only major noncompliance results are depicted.

Improved nonconformance rates from 2016 re-audits

Working hours (Lab)

Working hours (Lab)

20.4

11.7

Emergency preparedness (H&S)

Emergency preparedness (H&S)

19.3

0.4

Occupational injury and illness (H&S)

Occupational injury and illness (H&S)

10.2

0.4

Occupational safety (H&S)

Occupational safety (H&S)

9.9

0.4

Wages and benefits (Lab)

Wages and benefits (Lab)

7.3

1.5

Freely chosen employment (Lab)

Freely chosen employment (Lab)

6.9

0.4

Food, sanitation and housing (H&S)

Food, sanitation and housing (H&S)

4.7

0

Management accountability and responsibility (Mgt)

Management accountability and responsibility (Mgt)

4.4

0

Industrial hygiene (H&S)

Industrial hygiene (H&S)

4.4

0.4

Nondiscrimination (Lab)

Nondiscrimination (Lab)

4

0.4

Contained within 36 re-audits, there were 41 code provisions from the full-scope audits with major or minor nonconformance. The CAPs drove compliance improvement across all 41 code provisions. The above chart shows a sample of these improvements focusing on the 10 provisions having the highest relative nonconformance in the full audits that preceded the 36 re-audits. All 10 provisions registered significant improvement, including working hours (43 percent improvement), emergency preparedness (98 percent) and occupational injury and illness (96 percent). For the following 25 code provisions, all prior major and minor noncompliance were fully rectified in the CAP/re-audit process:

  • Food, sanitation, and housing (H&S)
  • Management accountability and responsibility (Mgt)
  • No improper advantage (Eth)
  • Hazardous substances (Env)
  • Child Labor Avoidance (Lab)
  • Supplier Responsibility (Mgt)
  • Fair business, advertising, and competition (Eth)
  • Communication (Mgt)
  • Humane treatment (Lab)
  • Legal and customer requirements (Mgt)
  • Improvement objectives (Mgt)
  • Freedom of association (Lab)
  • Machine safeguarding (H&S)
  • Air emissions (Env)
  • Protection of identity (Eth)
  • Environmental permits and reporting (Env)
  • Non-retaliation (Eth)
  • Company commitment (Mgt)
  • Training (Mgt)
  • Physically demanding work (H&S)
  • Intellectual property (Eth)
  • Privacy (Eth)
  • Worker feedback and participation (Mgt)
  • Corrective action process (Mgt)
  • Health and safety communication (H&S)

Analyzing the 2016 re-audit data further, 60 percent of the re-audited suppliers resolved all major code noncompliance after completion of their re-audit cycle — a sizable accomplishment and testament to the results of following the full EICC process as well as the commitment of our suppliers to invest in lasting improvements. IBM Global Procurement has contingency plans for suppliers that remain noncompliant after a re-audit, and each is handled with executive involvement. Our procurement executive team reviews the results of all supplier assessments (full-scope and re-audits) on a monthly basis, and quarterly with IBM’s chief procurement officer.

From the results of 2016 EICC full-scope audits and re-audits, IBM is able to attenuate its communication plans with suppliers for the following year of assessments. Our 2017 audit plan includes full-scope audits aligned with the EICC Code of Conduct version 5.1 (effective Jan. 1, 2016), and to further improve full-audit compliance we will be extending to suppliers access to a core set of EICC learning academy courses designed to build capability in the provisions of the code.


Center of Excellence for Product Environmental Compliance

IBM’s Center of Excellence (CoE) for Global Product Environmental Compliance enables IBM to meet the environmental regulations in all the countries in which IBM does business, by rolling out consistent methodologies to deliver environmentally compliant products. The CoE’s mission includes comprehensive and detailed review of regulations, the development of compliance strategies, processes and deployment plans, as well as education and training materials for IBM’s employees and suppliers. The CoE is also an active member on many industry and regulatory bodies around the world.

As governments worldwide become increasingly concerned about the environment and health and safety of their citizens, the number of product environmental laws has grown exponentially over the last several years and looks set to continue this trend. Not only are such laws growing in number year over year, but they are also increasingly more detailed, and the scope of what constitutes an environmental law has continued to expand. The product-oriented laws directly pertain to all hardware products IBM designs, manufactures or contracts to manufacture, and/or purchases for resale, and the scope of IBM’s product environmental compliance work includes but is not limited to:

  • Validating that all IBM hardware products do not contain prohibited substances, or do not exceed certain maximum thresholds of reportable substances, as called out by EU RoHS and REACH regulations, in addition to non-EU RoHS and REACH-type regulations.
  • Meeting eco-design directives as well as power and energy reduction regulations and voluntary standards such as the U.S. Environmental Protection Agency’s ENERGY STAR program.
  • Complying with the U.S. Toxic Substance Control Act, nanomaterials reporting requirements, battery laws, product takeback regulations and annual reporting.
  • Delivering supplier education via dedicated global webinars.

Globally, in 2016 the CoE identified 154 new or modified product-related regulations for review, of which 129 required implementation plans and all were successfully executed to meet their respective compliance dates.

Download the 2016 report