RISK MITIGATION
The absence of maturity assessment can hinder strategic decision-making and improvement efforts .
• Minimal compliance focus By design , certifications ensure adherence to minimum compliance requirements . While they may satisfy regulatory obligations , they do not necessarily equate to the level of security required to safeguard against sophisticated threats .
• Overlooking specific risks Generic certifications may fail to address unique risk factors facing a company , particularly in complex business environments . If left unmitigated , this oversight can leave critical vulnerabilities .
• Regulatory gaps Third-party certifications may not cover all governmental laws or industryspecific regulations applicable to a company . Relying solely on certifications could result in non-compliance with legal or regulatory requirements .
Mitigating the risks Procurement teams should adopt a proactive approach beyond thirdparty certifications to mitigate the risks associated with the CSDDD vulnerabilities . Key strategies include :
• Comprehensive risk management programmes Implement robust third-party risk management practices to identify , assess and mitigate potential threats effectively .
• Thorough due diligence Conduct detailed assessments of vendors ’ security practices , going beyond certification requirements .
• Continuous Monitoring Regular monitoring and evaluating the security posture of vendors to ensure compliance and address evolving risks .
By combining certifications with comprehensive risk management practices , procurement teams can enhance their security posture , reduce vulnerabilities and ensure better compliance with regulations and industry standards .
As procurement teams navigate the complexities of the CSDDD ’ s new regulatory landscape , the directive ’ s success will depend on collaboration , innovation and a shared commitment to ethical business practices . The journey may be challenging , but it promises a more sustainable future for industries , communities and the planet .
Claudine Maeijer , an executive at PwC , sums up the role , responsibility and accountability of procurement teams , stating : “ Complying with the CSDDD is not a one-off exercise , but an ongoing activity . Companies will have to take moral , societal and social responsibility to do business in a way where sustainability is rooted at the core of the strategy .”
106 February 2025