Skip to Main Content
(Press Enter)

Human rights due diligence

Cisco’s human rights approach is grounded in the United Nations Guiding Principles for Business and Human Rights (UNGPs). This approach allows us to identify actual and potential human rights risks, strategies for addressing those risks, tracking the effectiveness of our response, and communicating about how the impacts are addressed.

Examples of circumstances that could trigger human rights due diligence include:

  • Launch of a new product, offer, or service or a material modification of an existing product, offer, or service
  • Internal review of policies and procedures that may impact human rights, such as updates to our Global Human Rights Policy, Data Protection & Privacy Policy, Cisco Secure Development Lifecycle, or our procedures for responding to law enforcement demands for customer data
  • Entry into or exit from a market
  • Review of a partner’s, supplier’s, or other third-party’s policies and procedures.
  • Export of regulated products
  • Merger with or acquisition of a new company

At Cisco, we are continuously working to integrate human rights due diligence into our broader enterprise risk management systems. For example, in recent years we have worked cross-functionally to incorporate triggers in the context of due diligence processes related to partner onboarding, high-risk products, artificial intelligence (AI) governance, and mergers and acquisitions, among others.

We aim to initiate due diligence as early as possible in the development of new products and relationships. For example, Cisco’s Secure Development Lifecycle (Cisco SDL) includes a baseline set of controls designed to protect and assess impacts on privacy, starting from the ideation phase. Similarly, in 2018, we incorporated security, privacy, and human rights principles into AI design, leveraging the existing Cisco SDL.

In our supply chain, we prioritize due diligence where the risk of adverse human rights impacts is most significant due to the operating context, products/services involved, and other considerations.

Our human rights due diligence process draws on both internal and independent external human rights expertise. In the past several years, Cisco has increased internal subject-matter expertise through trainings and new hires.

Based on what we learn through the due diligence process, we identify potential risks and opportunities that could arise through our business operations, and we develop mitigation strategies to address actual or potential risks.

When we conduct human rights due diligence, we consult a variety of resources, including:

  • International human rights norms
  • Relevant laws and regulations
  • Cisco’s corporate policies
  • Cisco’s business plans and/or product features
  • The geopolitical context and human rights landscape in a particular market, informed by credible journalism and reports by human rights organizations, UN Special Procedures, academic institutions, and the U.S. Department of State

We also consult, as appropriate, with potentially affected groups and other relevant stakeholders, including human rights defenders, academics, and others from civil society, with particular consideration for vulnerable groups.