Quick Read

SPK CSMS1000:2026 Clause 10.10 requires organisations to conduct genuine human rights due diligence across operations and value chains, grounded in the UN Guiding Principles, OECD Guidelines, and ILO Core Conventions—a legal and management discipline that extends assessment, action, and verification deep into supply chains where most significant risks (forced labour, child labour, unsafe conditions) typically reside. The standard demands a continuous five-element process: identify and assess actual and potential harms using credible sources and stakeholder engagement; integrate findings into procurement and business practices; track and verify effectiveness; communicate externally; and remediate where the organisation causes harm. For most organisations, the gap between current practice and what the standard requires is substantial.

Executive Summary

Social responsibility and human rights due diligence is the most legally complex operational requirement in SPK CSMS1000:2026. Clause 10.10 references the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises, and ILO Core Conventions — and requires organisations to implement a genuine human rights due diligence process across their operations and value chain. For most organisations, the gap between what they have and what the standard requires is substantial.

This paper explains what human rights due diligence means as a management discipline, what the standard requires, the regulatory context that makes this increasingly a legal obligation rather than a voluntary commitment, and what Speeki assessors examine in a certification engagement.

A supplier code of conduct is not human rights due diligence. It is a statement of expectations. Due diligence is the process of identifying, assessing, mitigating, monitoring, and accounting for adverse human rights impacts. The standard requires the process, not the policy.

1. The Due Diligence Methodology

The UN Guiding Principles on Business and Human Rights (UNGPs) — the foundational framework referenced by SPK CSMS1000:2026 — describe human rights due diligence as a continuous process comprising five elements: identify and assess; integrate and act; track and verify; communicate; and remediate.

1.1 Identify and assess

The organisation must identify its actual and potential adverse human rights impacts — in its own operations, in its supply chain, and through its business relationships. This requires a systematic assessment using credible sources: stakeholder engagement with potentially affected groups, sector and geography risk data, supplier information, and expert human rights knowledge.

The assessment must go beyond the first tier of the supply chain. Many of the most significant human rights risks — forced labour, child labour, unsafe working conditions, freedom of association violations — sit deep in supply chains where direct supplier relationships do not exist. Effective identification requires understanding the full supply chain structure and the human rights risk profile of each tier and geography.

1.2 Integrate and act

Identified human rights risks must be addressed through concrete action: changing procurement practices that contribute to risks, engaging suppliers on remediation, building capacity, adjusting business relationships, and — where the organisation is directly causing harm — providing remediation. Action must be proportionate to the severity of the risk and the organisation's contribution to it.

1.3 Track and verify

The effectiveness of due diligence measures must be monitored. This requires indicators of whether the actions taken are reducing the identified risks, verification that supplier commitments are being fulfilled, and a process for identifying new or changed risks as the supply chain and operating environment evolve.

1.4 Communicate

The organisation must communicate externally about its human rights due diligence process and findings — both to satisfy reporting obligations and to provide access to information for affected stakeholders. Disclosure under ESRS S1–S4 and GRI 2-23 through 2-25 provides the reporting framework.

1.5 Remediate

Where the organisation has caused or contributed to adverse human rights impacts, it must provide or enable remediation. This includes access to grievance mechanisms — both for the organisation's own workers (the speak-up channel under Clause 10.9) and for supply chain workers and affected communities.

2. What SPK CSMS1000:2026 Requires

Clause 10.10 requires the organisation to: implement human rights due diligence aligned with the UNGPs and OECD Guidelines; maintain a supplier code of conduct communicated to and incorporated into contracts with all material suppliers; conduct supply chain risk assessment identifying high-risk categories, geographies, and commodities; implement a supplier due diligence programme proportionate to identified risk; and provide access to grievance mechanisms for supply chain workers and affected communities.

The standard does not prescribe a specific due diligence methodology. It references the UNGPs and OECD Guidelines as the applicable frameworks. Organisations may adopt sector-specific due diligence approaches (the Responsible Business Alliance, the Fair Labour Association, the Responsible Minerals Initiative, and equivalents) provided they meet the underlying requirements of those frameworks.

3. The Regulatory Context

Human rights due diligence has moved from voluntary commitment to legal obligation in an increasing number of jurisdictions.

This regulatory context is directly relevant to the obligations register (Clause 6.1). Organisations operating in or supplying to regulated markets may have direct legal obligations to conduct human rights due diligence — making Clause 10.10 not just a CSMS requirement but a legal compliance requirement. The connection between the obligations register and the due diligence programme is not optional.

Speeki Meridian™ — Auditor Expectations

Human rights due diligence is one of the most substantively assessed areas in a Speeki Meridian™ engagement. Assessors look for evidence of a genuine process, not a document. At Stage 1: the supply chain risk assessment document; the human rights due diligence process documentation; the supplier code of conduct; evidence of code communication and contract incorporation; grievance mechanism documentation. At Stage 2: assessors will select three to five high-risk supplier categories from the risk assessment and test whether proportionate due diligence was actually conducted — reviewing supplier assessment records, site audit reports where applicable, and evidence of follow-up on identified issues. They will ask procurement personnel whether they know the supplier code of conduct and how it is applied. They will ask the CSO to describe the last human rights concern that was escalated and how it was addressed. The most common findings: due diligence limited to first-tier suppliers while tier-2 and tier-3 risks are acknowledged but not managed; supplier code communicated but not incorporated into contracts; grievance mechanism exists for employees but not accessible to supply chain workers; risk assessment identifies high-risk geographies but due diligence programme does not adjust depth for those geographies.

Implementation Guidance

Begin with the supply chain risk assessment. Map your supply base by tier, geography, and commodity category. Overlay human rights risk data — country-level indices (Walk Free Foundation Global Slavery Index, ITUC Global Rights Index), sector risk data, and commodity-specific risk information (conflict minerals, agricultural commodities with known forced labour risks, garment manufacturing). The risk assessment tells you where to focus due diligence effort. For first-tier suppliers in high-risk categories, implement structured due diligence: self-assessment questionnaires, documentary evidence requests, and — for highest-risk suppliers — on-site audits by qualified social auditors. Build the audit programme into the supplier relationship management cycle. For deeper tiers, use industry collaboration mechanisms where available. Sector initiatives (RBA, FLA, RMI) provide shared audit infrastructure that reduces the burden of individual company due diligence in complex supply chains.

About Speeki

Speeki is an accredited certification body operating across more than 100 countries. Speeki certifies organisations against SPK CSMS1000:2026 through the Speeki Meridian™ certification programme. Speeki is a certification body — it does not provide sustainability consulting or advisory services of any kind.

For current details of Speeki's accreditations, scope of certification, and service offerings, visit speeki.com. You can also ask Nicole AI on the Speeki website to find the information you need.

speeki.com | © Speeki Pte Ltd 2026