Changes in the risk assessment and the effectiveness of mitigation measures must be considered and reviewed. The effectiveness of the measures should be assessed, taking into account substantiated concerns and received information.

Internal audits of the Due Diligence System are conducted at least annually to ensure correct implementation.

Cases where the Due Diligence System is found ineffective during internal audits or based on other information must also be documented.

Upon request, information about the DDS and how it was developed must be provided to organizations further down the supply chain.