SUPPLIER DIVERSITY
The absence of maturity assessment can hinder strategic decision-making and improvement efforts.
• Minimal compliance focus By design, certifications ensure adherence to minimum compliance requirements. While they may satisfy regulatory obligations, they do not necessarily equate to the level of security required to safeguard against sophisticated threats.
• Overlooking specific risks Generic certifications may fail to address unique risk factors facing a company, particularly in complex business environments. If left unmitigated, this oversight can leave critical vulnerabilities.
• Regulatory gaps Third-party certifications may not cover all governmental laws or industryspecific regulations applicable to a company. Relying solely on certifications could result in non-compliance with legal or regulatory requirements.
Mitigating the risks Procurement teams should adopt a proactive approach beyond thirdparty certifications to mitigate the risks associated with the CSDDD vulnerabilities. Key strategies include:
• Comprehensive risk management programmes Implement robust third-party risk management practices to identify, assess and mitigate potential threats effectively.
• Thorough due diligence Conduct detailed assessments of vendors’ security practices, going beyond certification requirements.
• Continuous Monitoring Regular monitoring and evaluating the security posture of vendors to ensure compliance and address evolving risks.
By combining certifications with comprehensive risk management practices, procurement teams can enhance their security posture, reduce vulnerabilities and ensure better compliance with regulations and industry standards.
As procurement teams navigate the complexities of the CSDDD’ s new regulatory landscape, the directive’ s success will depend on collaboration, innovation and a shared commitment to ethical business practices. The journey may be challenging, but it promises a more sustainable future for industries, communities and the planet.
Claudine Maeijer, an executive at PwC, sums up the role, responsibility and accountability of procurement teams, stating:“ Complying with the CSDDD is not a one-off exercise, but an ongoing activity. Companies will have to take moral, societal and social responsibility to do business in a way where sustainability is rooted at the core of the strategy.”
134 April 2025