The guide to human rights risk assessment

August 8, 2023

Every company should conduct human rights risk assessments. In this guide, we show you how.

You probably already know that there is human rights risk in your supply chain. But do you know how to identify it or what to do about it? Doing so is essential if you wish to reduce the chances of doing harm to people and your company's brand. This guide explains what human rights risks assessments are and how to implement them. It’s based on the United Nations Guiding Principles on Business & Human Rights (the UNGPs), but is informed by our practical experience working with companies around the world to tackle human rights risk. This guide focuses on assessment of corporate supply chains [i].

What is a human rights risk assessment?

A human rights risk assessment is a structured approach to identify actual or potential adverse human rights impacts resulting from your company’s business activities. You should employ a risk-to-people based approach to identify the highest risk parts of your supply chain. You are not expected to know everything that’s going on in your supply chain, that’s impossible. But the process should be thorough and proportionate.

Risk assessments are part of the wider human rights due diligence process. Once you have assessed your supply chain, the UNGPs confirm that you should address identified issues and continue to monitor for new risks.

How to win support for conducting a human rights risk assessment

Ideally senior leadership have already committed to conducting human rights impact assessments. If this is not the case, you will need to gain their backing. Our clients tell us that they do this by identifying the ethical and commercial benefits of human rights risk assessments. For example:

The ethical case:

There are 17 million victims of modern slavery being exploited in business supply chains today.  Reliable statistics on the number of victims of other types of human rights abuse in supply chains are hard to find, but are likely to number in the tens, if not hundreds, of millions. The risk that it’s present in your company’s supply chain is a real one. To end this abuse, companies like yours need to act. Your colleagues are humans. Once you make them aware of these facts, they will likely want to take action.

The business case:

You need to support the ethical case with the business one. There are lots of reasons why tackling slavery makes good business sense, including:

What risk indicators do I need to use?

To conduct a human rights risk assessment of your supply chain, you first need to identify appropriate risk indicators.

There is no prescriptive list of risk indicators. Rather you should select those that you think most relevant to you supply chain and viable to assess. In making that selection, remember that the objective is to assess risk to people, not to your company. Where available, enhance your indicators with credible independent, third-party data.

As an example, RightsDDact, our human rights due diligence platform, uses the following risk indicators:


Once you have selected the relevant risk indicators for your company, you need to capture relevant supply chain data and create a risk assessment matrix to assess your suppliers.

Consider giving a higher weighting to more important indicators. For example, product risk should provide a more precise indicator than an industry risk and should be weighted accordingly. Document the process, the rationale for any potentially controversial aspects of it, and its outcomes. You may be required to justify why you took certain decisions months or years after you have conducted your human rights risk assessment. If that happens, you will be thankful for the documentation you have made.


Your assessment may generate a long list of issues, in which case it will be necessary to prioritise the most significant for action first. To do this firstly divide the issues into actual and potential impacts.

Actual impacts are incidents where your business activity is actually hurting people, to the extent it deprives them of a human right(s). Potential impacts result from policies or practices that create the potential for human rights impacts. For example, charging a worker a recruitment fee, which they repay over a period of time, creates the potential that they fall victim to forced labour. The charging of a fee is not a human rights abuse in itself, but it increases the risk of one occurring.

Clearly, actual impacts should be the priority. But potential impacts should also be addressed.

If it is necessary to further prioritise, do this by considering how many people may be impacted and how bad the impact will be. In the case of potential impacts, also take into account the likelihood that the impact will occur.

Consider the leverage that you have over a supplier. If you have more leverage, you are more likely to be able to get them to do more, e.g. change their practices and policies.

The UNGPs advise that companies should try to work with suppliers to address identified issues and improve workers’ conditions. This may not be viable in some situations. In this case you may have to stop buying from a given supplier.


Supply chains are constantly changing. New suppliers come and old ones go. Ideally you should put a process in place to assess all suppliers before you buy from them.

Equally, the risk profile of your supply chain will change over time. Your risk assessment process should therefore monitor, and address, new developments. For example, our analysis indicates that many electronics shipped via, or processed in, Malaysia contain materials ultimately sourced from Xinjiang, China. They therefore have a high-risk of being linked to forced labour. This relationship was identified in early 2023 and materially changed the risk profile of Malaysian sourced electronics.

If you have stopped buying from a supplier and are unlikely to buy from them in the near future, stop monitoring them. You have enough to do as it is!


You should speak to relevant stakeholders, including suppliers, during the risk assessment.

Once you have completed the assessment phase, you can communicate the results to your colleagues. If your company is subject to the reporting requirements regulations you should include an overview of your assessment process and its outcomes in your modern slavery statement human rights report. Even if your company is not legally obliged to report, it may be advantageous to communicate what you have done, and plan to do, externally.

Be transparent about the steps you have taken and avoid overstating your actions. By doing so, you will better position the company in the eventuality that one of your suppliers is linked to human rights abuses in the media. Avoid claiming that your supply chain is ‘low risk’ unless your risk analysis truly indicates this to be the case.

Consider developing an incident response plan to deal with human rights issues that may arise in the future. RightsDD can assist if required.

[i]Note however that your company should also assess its own operations and, the UNGPs confirm, impacts that may result from its selling goods or services.

About the author
Oliver Cushing is the CEO of RightsDD and a business and human rights expert.
RightsDD are the modern slavery specialists. Our RightsDDact technology enables companies to assess and monitor their supply chains for modern slavery risk. We also provide training and consultancy to companies around the world. Contact us to learn more.