Our client is a global high technology leader operating in the defense and security, aerospace, digital identify and security, and transportation markets. Embracing the digital revolution, the company is heavily investing in deep tech digital innovations – Big Data, connectivity, artificial intelligence, cybersecurity, quantum). The company engaged Ksapa to provide critical feedback on its Duty of Care risk mapping, and develop a robust action plan including executives across the 80k employee organization.

the challenge

The French duty of care law of March 27, 2017 requires parent companies and ordering companies develop and implement of a Duty of Care plan. The regulatory details specifically call for Group Duty of Care measures to be described in a comprehensive due diligence plan that covers the following 5 core components:

  1. A risk map identifying, analyzing and prioritizing risks
  2. Procedures for regular assessment of the situation of the Group’s employees and its subsidiaries, as well as of subcontractors or suppliers with whom it has an established business relationship, and finally of the communities and environment surrounding the Group’s operations, with regard to the underpinning Duty of Care risk map
  3. Appropriate actions to mitigate risks or prevent serious harm to employees, suppliers and communities
  4. A mechanism for alerting and collecting information on potential and actual Duty of Care risks
  5. A system for monitoring the measures implemented and evaluating their effectiveness


RISK MAPPING – Ksapa kicked off the process with a critical review of the Duty of Care risk matrix developed by Group internal audit and Risk Management teams:

  • We did so by triangulating the proposed risk map with the priorities outlined by a materiality assessment tool aligned with international standards on human rights, as well as a comprehensive review of publicly available reports, policies and action plans.
  • As a result, Ksapa outlined additional considerations for the Group to embed into its subsequent action plan – notably with regards to the recent pandemic, climate action, supply chain, D&I actions or role in the community.
  • Based on a common understanding of gross risks (meaning the prevalence of said risk regardless of Group actions), the assessment was collaboratively converted into a net risk analysis based on the existence of robust policies, Group leverage, risk occurrence and, finally, risk management.

The aim of this first step is to consider Group employees, subcontractors or suppliers and local communities and environment surrounding the Group’s operations as priority rightsholders.

ACTION PLAN – Based on this Duty of Care risk matrix, Ksapa developed a Duty of Care action plan intended to ensure that the corresponding risks are identified and actually mitigated:

  • Building on existing Group policies and programs, Ksapa engaged Group directors in charge of each of the Duty of Care priorities in order to develop a robust action plan, including the Human Resources, Health, Safety and Environment, Global Procurement, Security and the Legal and Cybersecurity Departments.
  • Given the client’s maturity in scaling its anti-corruption system, we preposed exploring the relevance and methods of strengthening existing pillars to embed Duty of Care considerations. This operating principle guided Ksapa in outlining 3-year ambitions for the Group to advance performance across all Duty of Care priorities, with target actions in the short, mid- and long-term.
  • Ksapa’s recommendations also stressed the importance of internal and external stakeholder engagement. For each Duty of Care priority, the action plan indeed outlines who is responsible, who is accountable, who should be engaged and informed to streamline risk remediation and bolster progress over time.

The resulting Duty of Care action plan summarizes core issues to prioritize as well as the corresponding tools and stakeholder ecosystems. As part of the continuous improvement dynamic underpinning the Duty of Care regulation, it also commits the Group to update its Duty of Care risk matrix and finetune the corresponding action plan accordingly on a regular basis.


Ksapa mobilized its extensively tested practical methodologies aligned with global standards and key regulatory frameworks to guide the client towards as comprehensive as possible an understanding of its Duty of Care regulatory requirements, the breadth of its specific priorities and how best to leverage existing tools to improve risk remediation measures and progress metrics. The Group was guided in reaching the appropriate level of ambition both through internal engagement and the results of a benchmark of Duty of Care from companies of comparable stature and related industrial sectors. Enshrining its ambition to progress on the matter, the Group opted to publish an overview of its Duty of Care program in as part of a public-facing, standalone report.

More About Us

Related Article

Our Services

Farid Baddache is the main author of this blog about resilience, impact and inclusion subject

Farid Baddache