IBM has a long tradition as a company of operating responsibly. For decades, IBM has connected its economic goals with a commitment to nature and society. The recognition of and respect for human rights and the environment have always been of central importance.
This is commitment is reflected in the the IBM Principles on Human Rights:
“IBM is committed to high standards of corporate responsibility. Our definition of corporate responsibility includes environmental responsibility, as well as social concerns for our workforce, clients, business partners, and the communities where we operate. Underpinning our corporate responsibility standards and practices is our dedication to respect human rights. IBM’s stance on human rights is informed by international standards, including the UN Guiding Principles on Business and Human Rights, the ILO Declaration on Fundamental Principles and Rights at Work, and the UN Universal Declaration of Human Rights.“
Here are some highlights illustrating IBM's sustained efforts to protect human rights and the environment:
Long before the German Act on Corporate Due Diligence in Supply Chains (Lieferkettensorgfaltspflichtengesetz, LkSG) came into force, IBM had already adopted corporate guidelines, such as the IBM Global Employment Standards and the IBM Global Environmental Affairs & Product Safety Policy, which focus on human and environmental rights, among others, such as:
These guidelines and other IBM Policies can be found here.
IBM's continuing commitment to the protection of human and environmental rights is also reflected in its Ecovadis rating. In 2022, IBM (Corporate - Group Level Rating) achieved a Gold rating, above the industry average.
This policy statement reflects IBM's enduring values as well as our responsibility under the LkSG.
Since January 1, 2023, the LkSG applies to IBM Central Holding GmbH and IBM Deutschland GmbH. As a subsidiary of IBM Deutschland GmbH, IBM Deutschland Research & Development GmbH has itself been a norm addressee of the LkSG since January 1, 2024.
This policy statement covers all of the aforementioned norm addressees of the LkSG jointly, which are expressly committed to the LkSG and the protection of human and environmental rights enshrined therein as well as the related due diligence obligations in their respective own business area and in their supply chain.
To fulfill the due diligence obligations under the LkSG, we consider the aforementioned norm addressees as well as their affiliated companies in Germany and abroad over which we exercise a decisive influence.
We understand the supply chain within the meaning of the LkSG to include all products and services of our company as well as the steps in Germany and abroad that are necessary for their production and provision. (That can begin with raw material procurement to final delivery to the end customer together with services such as the transportation or interim storage of goods.) This supply chain encompasses our own business activities, the activities of our direct suppliers and the activities of our indirect suppliers.
Our policy statement underpins the strict observance of human rights and environmental standards that already exist and continue to exist for IBM and shows how we comply with the due diligence obligations of the LkSG.
The IBM Business Conduct Guidelines, our code of conduct including the IBM corporate guidelines referenced therein, as well as the Responsible Business Alliance (RBA) Code of Conduct, a globally recognized code for social, ecological and ethical industry standards, are foundational components of this policy. From this foundation, we monitor the protective positions specified in the LkSG and listed below in our own business areas and at our suppliers, in particular:
1. Prohibitions for the protection of human rights
2. Prohibition for the protection of the environment:
With reference to the above protective positions of the LkSG recognized by us, there are clear expectations towards our employees and our direct suppliers regarding the protection of human and environmental rights.
Expectations towards our employees:
Expectations toward our direct suppliers:
We take the following steps to comply with the due diligence obligations under the LkSG, in particular to identify, prevent, minimize or end human rights and environmental risks and legal violations.
1. Responsibilities
We have defined responsibilities in our risk management framework to ensure compliance with the due diligence obligations under the LkSG. As the highest management level, the respective management board of the aforementioned norm addressees of the LkSG is committed to the responsibility for the protection of human rights and environmental concerns of the LkSG and to the appropriate observance of due diligence obligations. In addition, the position of Human Rights Officer was created as a supervisory body for the implementation of the LkSG and the monitoring of risk management for compliance with the due diligence obligations under the LkSG for the aforementioned norm addressees. The Human Rights Officer reports to the management board at least once a year.
Several departments are involved in the operational implementation of human rights and environmental due diligence processes, such as Purchasing, Human Resources, Occupational Health and Safety, and Diversity and Inclusion.
2. Risk analysis
We carry out risk analyses at least once a year and on an ad hoc basis, both in our own business areas as with our direct suppliers.
Starting from an abstract analysis based on risk factors that considers the human rights and environmental risks of our own industry, the industries of our direct suppliers and the respective countries of operation or sourcing countries, the potential human rights and environmental risks are identified. The abstract risk analysis is carried out using an established software solution from a specialized provider of risk data; that software supports the analysis based on sources and other information about human rights and environmental risks.
When analyzing our direct suppliers, we initially take a broad view. If an abstract risk is identified, a more detailed review is carried out. Prioritization of risk is also carried out based on the following criteria, in particular: type and scope of business activity; the ability to exert influence; the typical and expected severity and probability of occurrence of a breach; and the contribution to causation. We also consider whether contractual relationships are permanent or non-recurring and whether services or products are purchased from the IBM Group (which are subject to high standards).
The risks identified in this way are divided into a risk scale that distinguishes between critical, strategic and moderate risk. Non-priority risks are deferred.
The results of the risk analyses in 2023 were communicated to the management of the aforementioned norm addressees and other relevant internal stakeholders, which provided guidance on the findings and future measures. The findings also form the basis for any necessary adjustments to our regulations or processes as well as trainings to meet our due diligence obligations.
The risk analysis of our direct suppliers did not reveal any indication of critical human rights or environmental risks. Based on the fields of activity of our direct suppliers, primarily services, and the countries of our direct suppliers, which have strict legal protections for human and environmental rights, our focus is in the areas of discrimination and occupational health and safety.
Regarding our indirect suppliers, there were no indications, complaints, or information at the time of the adoption of this declaration of principles that would prompt the performance of an event-driven risk analysis in accordance with the LkSG of our indirect suppliers.
3. Preventive measures
3.1 In our own business area
In accordance with the LkSG, we have taken the appropriate preventive measures in our own business area, including and among others:
3.2 With our direct suppliers
We have been embedding human rights and environmental principles and expectations in our business relationships with our direct suppliers for many years. In particular, we take risk-based measures where appropriate:
3.3 With our indirect suppliers
If we obtain substantiated knowledge of a possible violation at an indirect supplier, we take the following measures, among others:
4. Remedial measures
If we determine that a violation of human rights or environmentally protected legal positions under the LkSG has occurred or is imminent in our own business area, we immediately take measures in inland that are appropriate and lead to the prevention or termination of the violation. For own business area abroad, we immediately take measures that are appropriate and generally lead to the prevention or termination of the infringement.
Measures may include the implementation of training courses, the amendment or adaptation of guidelines or processes, steps under local labor law and the cross-functional development of concepts.
In the case of direct suppliers, appropriate measures are taken - in cooperation with them - that are suitable for preventing, ending or minimizing the infringement. This includes the development of measures or action plans to end or minimize infringements, temporary suspension or termination of business relationships.
In the case of indirect suppliers, in the absence of contractual relationships, we will endeavor, also with the participation of the direct supplier, to define measures or action plans with the parties involved in order to achieve mitigation of the infringement or a termination.
5. Complaints procedure
Although we continuously strive to uphold human rights and environmental standards, we acknowledge that violations may still occur. Therefore, we believe that implementing grievance mechanisms is crucial. These mechanisms serve as both a means of identifying potential risks and a way to uncover actual violations, allowing us to take prompt corrective and preventive actions.
Anyone can report human rights and environmental risks, as well as violations of human rights or environmental obligations resulting from our business activities in our own business area or one of our direct or indirect suppliers, via the IBM Global Procurement Ombudsman procedure. For more information on this procedure and its rules, please visit our website.
We ensure the widest possible accessibility of the complaints procedure by providing several communication channels:
The claimant will generally be contacted within 48 hours of submitting a concern (unless logged anonymously).
After receipt of a complaint and entry confirmation, the Ombudsman office will promptly investigate. Subject to the respective allegation and within a reasonable timeframe:
The complain will always be approached with the intention to reasonably investigate the case and find a solution for all parties involved.
The persons entrusted with the Ombudsman Procedure will ensure the confidentiality of the claimant’s identity. In addition, IBM prohibits threats or acts of retaliation in any form in context with concerns made under the Ombudsman Procedure, including for reporting a concern based on reasonable grounds that lead the claimant to believe that the information on any violation reported was true at the time of reporting. This protection will not be limited to the claimant, but also to any facilitators, third persons such as colleagues or relatives and businesses that the claimant owns, works for or is otherwise connected with.
At all times, the Ombudsman office will ensure the confidentiality and protection of personal data relating to one’s concern.
Case documents are stored in the Ombudsman data repository for at least seven years.
6. Documentation and reporting
In addition to the information disclosed in the annual IBM Impact Report, which documents our ESG goals and performance can be found here, we comply locally with the documentation and reporting requirements under the LkSG. We also document the fulfillment of due diligence obligations internally on an ongoing basis and report annually on our human rights and environmental risk due diligence process as required by law.
The effectiveness of the preventive and remedial measures and the complaints procedure are reviewed annually and on an ad hoc basis (event driven). If necessary, measures are adapted, further developed or even repeated.
The world and our market environment are constantly changing. We therefore continuously review our risk assessment and measures.
Based on our risk assessments, our procedures, this policy statement and our communications, we regularly review our processes and adapt them as necessary to changing circumstances.
IBM is always focused on the challenges and complexities facing today’s world and we stand ready to collaborate with our clients, employees, partners, suppliers, public authorities and individuals to build a safer, more equitable and healthier environment.
Names of the managing directors
IBM Central Holding GmbH
Wolfgang Wendt
Dr. Andreas Buchelt
Dr. Frank Kohls
IBM Deutschland GmbH
Wolfgang Wendt
Dr. Andreas Buchelt
Christine Rupp
Dr. Frank Kohls
IBM Research & Development GmbH
David Faller
These below questions and answers provide an overview of how concerns in context with the above referred Act will be processed.
Who can report a concern?
The complaints procedure is open for every person who wants to report human rights and environment-related risks as well as violations of human rights-related or environment-related obligations that have arisen as a result of the economic actions of the IBM enterprise the Act on Corporate Due Diligence Obligations in Supply Chains applies to in its own business area or of any of its direct or indirect suppliers.
How can I report a concern?
Any human rights and environment-related concern according to the scope of the Act on Corporate Due Diligence Obligations in Supply Chains (Germany) may be reported to the IBM Procurement Ombudsman office.
A concern may be raised in person, email, by regular mail or by phone.
If you choose to submit your concern anonymously, please consider providing a means for us to contact you (for example an anonymous email account). Otherwise, we will not be able to provide you with feedback.
You can raise your concern via the below routes:
Why the Ombudsman office to report to?
For all concerns brought to the Ombudsman office, designated impartial persons bound to confidentiality will be entrusted with handling the concern.
The IBM Ombudsman office has been established in 1994 being the safeguard of the ethics and Integrity of IBM’s Supply Chain. The experts of Ombudsman office have decades of investigative experience and concern management practice.
The IBM Procurement Ombudsman office is an independent team within the Global Supply Chain Organization of IBM having the authority to investigate and resolve matters outside of the normal business channels.
The Ombudsman office is acting as an avenue to bring concerns and allegations to a neutral party.
Since its inception the office does not serve as an advocate for any person or organization, but rather an advocate for a fair outcome.
Will the claimant receive a response to its concern?
The claimant will generally be contacted within 48 hours of submitting a concern (unless lodged anonymously).
What are the steps of the complaints procedure?
After receipt of a complain and entry confirmation the Ombudsman office will promptly start the work in regard of the respective case.
Subject to the respective allegation, within reasonable time.
It will be always acted with the intention to reasonably investigate the case and to find a for all parties involved reasonable solution.
Worried about raising a concern?
The persons entrusted with the Ombudsman procedure will take care about the confidentiality of claimant’s identity. In addition, IBM prohibits threats or acts of retaliation in any form in context with concerns made under the Ombudsman Procedure, including for reporting a concern based on reasonable grounds that lead the claimant to believe that the information on any violation reported was true at the time of reporting.
This protection will not be limited to the claimant, but also to any facilitators, third persons such as colleagues or relatives and businesses that the claimant owns, works for or is otherwise connected with.
At all times, the Ombudsman office will take care about confidentiality and protection of personal data relating to your concern.
Does a documentation exist?
Case documents are stored in Ombudsman data repository for at least seven years.
Will the effectiveness of the mentioned procedure be periodically reviewed?
Reviews of the procedure will take place at least once a year and on an ad hoc basis.