Responsible sourcing

image description


  • All suppliers and sub-suppliers comply with our sustainability requirements
  • All suppliers have signed our Supplier Code of Conduct
2017 progress
  • Local due diligence and on-site audit capacity building in region Eurasia
  • Due diligence process introduced in Estonia and Lithuania
  • New due diligence manual developed and implemented
  • Revised ethical compass under implementation
  • Over 2,900 supplier sustainability due diligence carried out
  • 96 on-site audits
2018 goals
  • 75 percent of assessed suppliers compliant with Supplier Code of Conduct
  • 25 percent reduction of supplier base (baseline 2015)
2018 planned activities
  • Align responsible sourcing practices with the new supplier relationship management model
  • Continue to develop and implement common processes for supplier sustainability assessments
  • Update ethical compass to ensure alignment with EU data protection regulation (GDPR) requirements

Our approach

This focus area is governed by the Supplier Code of Conduct (supplier code), which shall be included in all new or renegotiated contracts. Other governing documents such as the security directives that specify IT security requirements for suppliers handling customer data are used for certain products and services.

Due care process

The due care process starts with setting the expectations for our suppliers, primarily through our supplier code. We use a risk-based due care process, meaning suppliers are categorized based on, for example, the region where the company is registered, the type of product or service provided or how critical the supplier is to our operations. This categorization supports us in designing appropriate risk mitigation activities, such as further due diligence steps (supplier self-assessment, information research and final risk analysis) before contracting and in conducting on-site audits to evaluate whether a supplier’s sustainability performance is sufficient.

Since 2016 all due diligence steps, including risk categorization, are performed in our due diligence platform, a system designed to facilitate and document our process. The process is implemented in Eurasia, and was introduced in Telia in Lithuania and Telia in Estonia during the year. The process is also available for certain third party agreements such as sponsorships and roaming/interconnect agreements, which are not handled by the sourcing organization or otherwise covered by the due care process, and where associated risks may be unknown.

Local sourcing teams are responsible for initiating the due diligence process, initiating on-site audits and following up on suppliers’ performance if needed. Exceptions to the requirements in our supplier code requirements can be approved when a supplier has demonstrated that corresponding or stricter requirements are already in place.

To ensure that the sustainability performance of suppliers is evaluated consistently, we have developed an “ethical compass” that is applied in due diligence and on-site audits when assessing the severity of identified risks. During the year, we also finalized the roll-out of a new due diligence manual, a step-by-step guide to carrying out sustainability due diligence.

Work during the year

Ethical compass revision

The ethical compass was revised to clarify risk ownership and align better with Telia Company’s business risk appetite. The revised ethical compass was rolled out in region Eurasia. It will be further aligned with GDPR requirements and rolled out in core markets in 2018.

Due diligence and on-site audits

Over 2,900 sustainability due diligence were carried out using the due diligence platform. The results showed that the suppliers’ main challenge remains to understand and interpret the requirements of our supplier code.

Around five percent of assessed suppliers were not recommended for contracting due to the high risk involved for Telia Company, mainly as a result of compliance deviations from the supplier code, refusal to provide ownership information or ownership by a high-ranking local public official. A small number of suppliers with compliance deviations were given conditional approval.

We carried out 96 on-site audits, complemented by 91 audits carried out within the industry collaboration Joint Audit Cooperation (JAC). Close to 500 audit deviations were closed. During the year, at any given time, approximately 850 to 900 supplier deviations were open.

Strengthening region Eurasia capacity

In region Eurasia, we improved responsible sourcing capacity by recruiting and training local due diligence officers. This significantly strengthened due diligence resources and allows us to apply much needed local knowledge in complex assessments where language can be a barrier.

Responsible sourcing focus area programs

In 2016, we defined a number of responsible sourcing focus area programs. Since these programs are generally connected to larger societal challenges, most of the programs will be ongoing for years. Below is an update on the current programs.

Occupational health and safety (OHS)

To complement sourcing audit resources, one employee in each local company in core markets and in region Eurasia (most often the local OHS manager) was trained to perform on-site health and safety audits.

Financial punishment

Financial punishment, for example withholding salary for lack of performance, is a widespread disciplinary measure found in our supply chain in almost all regions where we have carried out audits. In 2017, we focused on training of suppliers and strengthening requirements to reduce this practice where it is in conflict with national laws.

Overtime at suppliers in China

In eight out of ten audits of Chinese suppliers in 2015 and 2016, we identified consistent use of overtime in violation of Chinese labor law and our supplier code. In 2017, we primarily engaged these suppliers in dialog and training.

Responsible sourcing of minerals

We see a need to strengthen specific requirements, including traceability of conflict minerals, to clearly reflect our ambition and expectations on responsible sourcing of minerals. We aim to roll out the revised supplier code 
containing these stricter requirements during 2018.

Mapping and managing privacy risk

This program aims to prepare our supply chain for the GDPR requirements. In 2017, we conducted audits and provided training to prepare targeted suppliers for the new requirements.

Bond contracts in India

In 2015, a number of audits conducted on suppliers in the IT service sector in India revealed the use of bond contracts between suppliers and recent IT graduates. We are now in dialog with the executive management of these suppliers to raise awareness. Read more in our 2016 Annual and Sustainability Report, “Responsible procurement.”

Supplier due care process