Our Third-Party Risk Management (TPRM) Approach

• Identify risks: before onboarding a supplier, it is important for us to conduct an initial risk assessment as part of our decision-making. We conduct a basic risk assessment of the supplier and the nature of their product or service to gain a more comprehensive picture of the potential risk profile and thus reduce the likelihood of unknowingly taking unwanted risks.
• Analyse and assess risks: the identified risks are categorized using The Adecco Group Risk Catalog, a library of the most common risks that may arise due to our business model. We assess supplier risk based on their inherent risk profile by applying a risk-based tiering approach. Based on the supplier's risk profile, the risk assessment can include multiple risk areas such as compliance, ESG, IT risk, data protection, and others.
• Plan action: based on the analysis, appropriate remediation plans and steps are planned.
• Implement: Risks must either be eliminated or mitigated. This is done by subject matter experts who define the necessary risk mitigation measures and monitor their implementation.
• Measure, control and monitor: suppliers can be involved in several evaluation rounds to ensure continuous evaluation and to be able to continuously mitigate risks. Changes in the supplier profile, the relationship or, for example, regulatory changes can trigger a reassessment. Our supplier portfolio is continuously monitored to ensure that commitments are met and that The Adecco Group and its stakeholders are not exposed to undesirable risks.

Our TPRM framework covers a wide range of risk areas, including but not limited to: