S2 Workers in the value chain
ESRS 2 GOV-4
Processes to identify material IROs related to value chain workers
SoftwareOne identifies material impacts, risks, and opportunities (IROs) related to value chain workers through its DMA process. The assessment draws on SoftwareOne’s operating footprint, business model, and experience across multiple jurisdictions, combined with industry knowledge and risk insights relevant to labor and human rights in the technology and services sector. Further details on the methodology applied are provided in the section Double materiality assessment.
Identifying the workers in our value chain
The workers in SoftwareOne’s value chain encompass the workers of our upstream suppliers, spanning:
- Software vendors/publishers and software distributors
- Hyperscalers
- Services partners and subcontractors
- Workers of our local business partners and local suppliers who support our local operations (e.g., couriers, providers of office supplies)
Where relevant and appropriate, we also consider workers of our downstream customers – our customers are public/government entities and private companies. As a result, value chain workers may span a broad range of occupational groups, from operational and service roles to highly skilled professional functions.
Value chain workers who are likely to be materially impacted by SoftwareOne’s operations and business relationships are included in the scope of our disclosures.
Given the diversity of regional, country, cultural, and socio-political contexts in which SoftwareOne operates, some of the labor and human rights negative impacts may be systemic, beyond the direct control of a single company. We do not currently have insight into which negative impacts would be described as systemic, nor in which country. Neither are we aware of which impacts, risks, and opportunities affect only certain groups of value chain workers rather than all value chain workers. SoftwareOne’s assessment, therefore, prioritizes identifying areas of heightened risk and potential impact, recognizing that leverage and mitigation approaches may vary depending on the nature of the business relationship and local context.
Policies related to value chain workers
SoftwareOne’s Code of Conduct for Partners sets out expectations for ethical conduct, compliance, and responsible business practices applicable to suppliers and other business partners involved in SoftwareOne’s value chain. This includes, but is not limited to, suppliers, distributors, resellers, contractors, and subcontractors.
The Code of Conduct for Partners is communicated to relevant third parties as part of the commercial framework governing the business relationship and is supported by applicable contractual terms and conditions addressing ethical conduct and compliance requirements. While a separate written acknowledgement of the Code is not uniformly required across all partner relationships, the Code forms part of the standards against which partner conduct is assessed in the context of due diligence, risk assessment, and ongoing business relationship management. Based on defined risk criteria, SoftwareOne’s Compliance function may conduct additional due diligence activities to support risk assessment and decision-making in relation to business relationships. Applicable contractual rights, including termination rights, may be exercised where potential violations of ethical standards are identified.
Alignment with international standards
SoftwareOne’s approach to labor and human rights in its value chain is aligned with internationally recognized standards for responsible business conduct, including the United Nations Guiding Principles on Business and Human Rights, the ILO Declaration on Fundamental Principles and Rights at Work, and the OECD Guidelines for Multinational Enterprises.
The Code of Conduct for Partners reflects internationally recognized labor and human rights standards by setting out expectations relating to non-discrimination, the prohibition of child labor, forced labor, human trafficking, and other forms of modern slavery, as well as respect for freedom of association and collective bargaining where permitted by law, occupational health and safety, and fair labor practices.
Alignment with these standards is also evidenced through SoftwareOne’s governance framework and risk-based due diligence processes. This includes the establishment of expectations for business partners through the use of ESG and human rights risk screening tools (including Integrity Next risk assessments, ESG questionnaires, and sanction/adverse media screening), and the prioritization of suppliers and partners based on identified risk indicators. SoftwareOne provides reporting channels for internal and external parties to raise concerns or report suspected misconduct through the Integrity Line, which is designed to comply with the EU Whistleblower Protection Directive (Directive (EU) 2019/1937) and supports ethical business conduct and transparency.
Concerns raised through these channels are assessed in accordance with SoftwareOne’s established processes and contribute to the ongoing identification and management of potential risks and impacts related to internationally recognized labor and human rights standards.
In 2025, there were no reported cases of non-respect of the UN Guiding Principles on Business and Human Rights, ILO Declaration on Fundamental Principles and Rights at Work, or OECD Guidelines for Multinational Enterprises that involved value chain workers in our upstream and downstream value chain.
Governance
SoftwareOne’s compliance team is responsible for updating and implementing our Code of Conduct for Partners. The mandate of the team is to safeguard SoftwareOne’s business operations around the world, including third-party due diligence to identify, mitigate, and prevent the risk of labor and human rights violations in our value chain. The compliance team is led by the Chief Legal Officer, who reports to the Co-Chief Executive Officers.
Due to the significant practical and logistical overlap between general third-party due diligence and human rights due diligence, the same roles and responsibilities apply to both processes. For additional information, please refer to G1 Business Conduct - Management of relationships with suppliers.
Accessibility
The Code of Conduct for Partners and the Modern Slavery Statement are available on our internal SharePoint and the global corporate website.
Actions related to value chain workers in 2025
Due diligence assessments of our suppliers and business partners
We are dedicated to continually enhancing our practices and contributing to the advancement of human rights and global value chain risk management.
We assess our business partners throughout the lifecycle of our relationships with them. From a labor and human rights perspective, SoftwareOne’s due diligence assessments emphasize crucial aspects such as human rights, anti-slavery, child labor, decent working conditions, and diversity and inclusion. The assessments ensure our business partners’ compliance with international regulations as well as our own rigorous standards.
In 2025, SoftwareOne conducted further expansion and refinement of our supply chain due diligence process. Through the Integrity Next platform and other internal tools, our suppliers are asked to complete questionnaires that cover a range of topics such as environmental protection, energy management, data protection, anti-corruption, modern slavery, human rights, child labor, conflict minerals, health & safety, conflicts of interest, diversity & inclusion, quality management, and carbon footprint. Suppliers are divided into categories depending on their sales volume and risk profile, and undergo an assessment through the questionnaires that allow us to identify those posing the highest ESG risks. The questionnaires provide a comprehensive assessment of the supplier’s practices, policies, and controls, enabling a consistent and objective evaluation of supplier risk.
In addition to the questionnaires, we perform supplier screening on over 11,000 suppliers based on ESG criteria, as well as country-specific and sector-specific risks. Suppliers that are identified as high-risk are subjected to enhanced due diligence. By using this process, SoftwareOne can effectively manage supplier risks, mitigate potential vulnerabilities, and ensure compliance with applicable regulations and industry standards.
The third parties currently within scope of our due diligence process include prospective and existing publishers/vendors and global suppliers.
The third-party due diligence process is managed by a combination of Supply Chain Risk Management and Legal & Compliance, with the collaboration of the ESG function.
Effectiveness of due diligence assessments
The effectiveness of our due diligence assessments is measured in different ways, mainly by the increased coverage of our third parties assessed and by the quality of the information received through our assessments. The above is monitored through our Integrity Next platform on a regular cadence. This is an ongoing process for the combined company, as we strive to strengthen our overall due diligence process and enhance the effectiveness of our measures by implementing strict remedial actions to high-risk suppliers.
Grievance mechanisms
SoftwareOne provides a reporting channel, the Integrity Line, which is available to both internal and external parties to raise concerns related to working conditions, labor practices, or human rights-related issues. The Integrity Line allows confidential and anonymous reporting by employees, value chain workers, and other external stakeholders. In addition, SoftwareOne maintains external reporting hotlines available to external stakeholders. Reports submitted through these channels are handled in accordance with established procedures and support the identification and assessment of potential labor and human rights-related risks in the value chain.
Further information is provided in G1 Business conduct under the heading Whistleblower channels.
Accessibility to value chain workers
All of these channels, including whistleblowing solutions, are equally accessible to workers in our value chain as to our own employees. They are communicated on our global corporate website and our Code of Conduct for Partners. Workers who may be particularly vulnerable to impacts or are marginalized can also use these same channels.
Investigations and remedies for value chain workers
SoftwareOne takes all legitimate reports made in good faith seriously. Reports of potential misconduct involving employees of our partners (value chain workers) are handled with care and due process. All investigations are carried out by the Compliance team under the supervision of the Chief Legal Officer and ultimate oversight by SoftwareOne’s Board of Directors. The Compliance team may also collaborate with other internal teams (such as finance, internal audit, people and culture, and legal) for investigative purposes or to ensure that appropriate actions are taken.
Although SoftwareOne has a standardized investigation methodology, the appropriate interventions and remedies are assessed on a case-by-case basis, influenced by factors such as whether SoftwareOne is the direct cause of the harm, and the severity level or negative impact experienced by the value chain worker(s).
Protection of value chain workers from retaliation
External parties who make use of our reporting and whistleblowing channels are protected from retaliation by our strict non-retaliation principle applicable to concerns reported in good faith through our different channels, as stated and communicated in our Code of Conduct for Partners and in our Integrity Line Reporting Policy.
Engagement with value chain workers
Our grievance mechanisms described above are the ways in which we interact directly with workers in our value chain, mainly from our direct vendors/suppliers. The Chief Legal Officer is the most senior role within the combined company involved with the engagement with value chain workers. The frequency of engagement with value chain workers is open-ended, as the channels are perpetually available and monitored at all times. Engagement can occur whenever concerns are raised or input is received.
Effectiveness of grievance mechanisms
The effectiveness of our engagement with value chain workers is determined through the accessibility of our grievance mechanisms (ease of access and different channels available), stakeholders’ awareness of how to use the system, performance reports with key metrics (e.g., turnaround time from first answer to final resolution), and possible feedback from users of these mechanisms. While grievance mechanisms are available to all stakeholders, we do not currently have additional monitoring or verification processes in place to confirm that suppliers disseminate this information across their workforce.
Factoring in the interests and views of value chain workers
In the event that incidents are reported, the findings from SoftwareOne’s investigation inform the strategic decision-making of the internal stakeholders who manage our relationships with suppliers and business partners.
Adjustments may also be made to our human rights due diligence processes if deemed necessary. In this way, the perspectives of value chain workers can inform SoftwareOne’s decisions or activities aimed at managing actual and potential impacts.
Different roles within SoftwareOne are therefore positioned to ensure engagement with value chain workers takes place, with the Chief Legal Officer in the forefront by virtue of leading the global compliance team.
Plans for 2026
In 2026, SoftwareOne will migrate to a standardized, group-wide process for the combined organization. This initiative aims to strengthen and streamline third-party risk management by addressing legacy processes, expediting required due diligence checks, and mitigating operational and compliance challenges.
Performance related to our value chain workers
2025 | |
Number of severe human rights issues and incidents connected to upstream and downstream value chain, e.g., forced labor, human trafficking, child labor | 0 |
Number of fines, penalties, and compensation for severe human rights issues and incidents connected to upstream and downstream value chain (monetary value, CHF) | CHF 0 |
Number of grievances related to labor and human rights reported by SoftwareOne against third parties | 0 |
Number of grievances related to labor and human rights reported against SoftwareOne by third parties | 0 |
The metrics on the number of severe human rights incidents and the monetary value of fines and penalties are being reported for the first time in 2025 for the combined company. Other metrics shown in the table are optional, entity-specific data points that Crayon previously reported in its stand-alone 2024 Annual Report. As the combined company, we have chosen to include and continue reporting on them in the current reporting period for completeness of reporting.
2023-2025
The metrics on SoftwareOne’s third-party due diligence and risk assessments are optional, entity-specific data points that were previously reported in SoftwareOne’s stand-alone 2024 Non-financial Report. As a combined company, we have chosen to include and continue reporting on them in the current reporting period (2025) for the completeness of reporting.
As explained in the section Due diligence assessments of our suppliers and business partners, third-party due diligence assessments are conducted through a series of questionnaires covering multiple topics and managed through the Integrity Next platform and other internal tools. Between 2023 and 2025, a total of 3,991 third parties have been invited to our assessment process, with an overall completion rate of 65%.
The disclosed metrics from 2023 and 2024 are exclusive to SoftwareOne, as is pre-merger. The 2025 results reflect information from both SoftwareOne and Crayon. During the 2025 reporting year, Crayon used a different due diligence tool; however, it covered similar topics.
Methodology
Reporting boundaries and definitions of key terms
- All labor and human rights complaints pertaining to our value chain workers are taken seriously and are subject to initial screening. References to labor and human rights concerns include allegations or risks related to internationally recognized labor and human rights standards. Concerns related to labor and human rights may be raised through SoftwareOne’s internal and external reporting channels and are subject to initial screening by the Compliance function in line with established procedures. Where appropriate, matters may be reviewed further to support risk assessment and decision-making.
- Our due diligence assessment metrics disclose the third parties with assessment results and those with no assessment results. The former includes all third parties that received an invitation to answer questionnaires, have registered successfully to our tool, and provided appropriate information; the latter includes the cases that have not replied to our invitation to answer questionnaires. Our due diligence process is continuous, so we expanded our reporting scope to cover the period from 2023 to 2025 to accurately reflect our efforts and the status of our due diligence process. The disclosed metrics will be reassessed in 2026 as part of the post-merger improvements.
Data sources
- We rely on data from multiple systems (such as the Integrity Line and EQS tool), reports from our whistleblowing channels, which are received and updated on an ongoing basis; and our internal investigations dashboard.
- For risk assessment, we rely on internal tools like CRMs and data from a third-party management system like Integrity Next.
Scope
- Reported metrics are global in scope, covering SoftwareOne’s FY2025 and Crayon’s H2 2025 operations worldwide.
- The metrics on third-party due diligence assessments include data from 2023 to 2025.
Assumptions and limitations
- This disclosure is based on information available through SoftwareOne’s established reporting, compliance, and due diligence processes. While these mechanisms are designed to support the identification and management of labor and human rights-related risks in the value chain, SoftwareOne recognizes that visibility across complex, multi-tier value chains may be limited and that not all potential impacts or concerns may be identified or reported.
- Due to the structure of the assessment process, there is a possibility that a supplier may be included as with assessment results even where not all questionnaires have been fully completed.
Targets
We do not have targets to manage the material impacts, risks, and opportunities related to our value chain workers in 2025. We may consider setting targets upon completion of our group-wide process for the combined organization.