Yes, HP conducts risk assessments to prioritize implementation of our supply chain responsibility.

The risk factors we use include the following:

Location—Risk is higher in some locations than others.

Procurement category—Risk is higher in some procurement categories, as determined by the type of activity carried out by the supplier and the association to the HP brand. High-risk categories include manufacturing and assembly of parts/components, call centers, warranty/break-fix, reuse/recycling, and branded merchandise. Lower risk categories include consultancy, outsourced financial services, and software licensing.

Supplier-specific factors—These include workforce composition, past performance, nature of the business relationship with HP, and volume of business. Insight from previous audits, press articles, incidents, or accidents may also affect our assessment of supplier risk.

External stakeholder reports—We consider information highlighted in non-governmental organizations (NGO) and other external stakeholder reports and determine the likely impacts for suppliers.

HP works with suppliers to continuously improve. This approach benefits both parties and strengthens the business relationship, as well as supplier performance. HP’s corporate risk management team does an annual risk assessment with HP supply chain management to examine key risk areas and their effects on HP and customers.