Expanding the third-party risk management process

Our Third-Party Risk Management (TPRM) team is responsible for identifying, assessing and managing risk, promoting ethical behavior and fostering sustainability in our supply chain. In 2020, we continued to integrate human rights into TPRM, most notably through labor rights; health, safety and environment (HSE); anti-bribery; and corruption. Further, we expanded our risk assessment methodologies to include additional human rights risks and strengthened our due diligence processes.

TPRM covers the following core risk areas: anti-bribery; animal welfare; HSE; labor rights; information security; data privacy; and good manufacturing practices. In 2020, we added financial due diligence and assessment of suppliers’ business continuity plans. The latter has been especially relevant during COVID-19, with some suppliers requiring support in dealing with financial distress. We also included trade sanction checks in TPRM, further integrating our risk management processes.

We expanded our risk management practices to include wholesalers and distributors, who are important Novartis customers. In October, we launched a new global standard for assessing these groups, covering anti-bribery, credit risk and trade sanctions. We will first conduct assessments in 12 pilot countries in Asia, Africa, Europe, and North and South America before rolling out this centralized risk management process globally.

In November, we launched our revised Novartis Third Party Code to strengthen the environmental sustainability language and outline requirements for third parties around setting environmental targets and managing their environmental performance and that of their supply chain. Further, it specifies requirements for our suppliers with respect to human rights (e.g., minimum wages, working hours and child labor), and reinforces our ongoing commitment to diversity and inclusion, prohibiting supplier discrimination based on national or ethnic minority status, and gender identity or expression.

Addressing environmental risk in our supply chain

In 2020, we established a dedicated in-house team of global HSE risk experts within our HSE Supplier Assurance and Risk function to perform supplier audits and assessments, covering all regions. We assess third parties in terms of their compliance with the Novartis Third Party Code, the effectiveness of their management system, and if they meet legal and Novartis HSE standards. The HSE risk assessment team works closely with the Third-Party Labor Rights, Human Rights and Quality teams to help ensure a focus on human rights and community impact.

We continued to monitor the environmental performance of our suppliers against Novartis targets for carbon, energy, water and waste reduction. Every year, we measure and monitor the performance of key suppliers through a dedicated sustainability survey. In 2020, we distributed the survey to more than 80 suppliers, with an 86% response rate. Moving forward, we will also implement an environmental maturity ladder approach, outlining the milestones suppliers should reach within a certain timeframe to continuously enhance their environmental performance. This is important for progressing toward our 2030 sustainability targets, and in particular for achieving carbon neutrality in the supply chain (see page 64 of this report). In addition, we now also embed environmental sustainability objectives in our supplier contracts.

Supply chain performance indicators





Suppliers risk-assessed by TPRM1, 2

8 448

2 8393


Suppliers with remediation action agreed2, 5




Suppliers audited2




Suppliers assessed for anti-bribery risks

2 014



Suppliers assessed for animal welfare




Suppliers assessed for business continuity plans




Suppliers assessed for financial due diligence




Suppliers assessed for health, safety and environment




Suppliers assessed for information security and data privacy

3 174

1 1423


Suppliers assessed for labor rights risks

4 635

1 4233


Suppliers assessed for Quality GmP




Supplier engagements stopped due to risk assessment outcomes





TPRM: Third-Party Risk Management


Includes new suppliers and new products, services or sites from existing suppliers. Figures do not include GxP audits. (see page Helping ensure patient health and safety for more details).


Data reflect April to December 2019, based on the TPRM program geographical rollout.


Data not available; the TPRM program was not launched.


Follow-up includes more information requested, audits or on-site assessments.


Not available; the specific risk domain was not yet included in TPRM

Despite COVID-19, we performed a total of 382 comprehensive HSE assessments in 2020. These included 33 audits and led to 383 findings. Findings across Europe, the Americas, China and India highlighted process safety as an area for improvement. Specifically in China and India, industrial hygiene was also a concern. Together with our suppliers, we have developed mitigation plans with set timelines to address these findings.

In 2020, Novartis identified eight suppliers with unacceptable gaps in HSE compliance leading to either an exit or termination of the evaluation process. We also engaged in capability-building activities with suppliers, especially in India and China as part of our involvement in the Pharmaceutical Supply Chain Initiative (PSCI). In particular, we worked with the PSCI to develop HSE guidance documents based on industry best practices that were rolled out during webinars and published on the PSCI’s supplier platform.