Policy Center
Human Rights Saliency Assessment
Posit Software, PBC
Addendum to the Posit Human Rights Policy
Purpose
Posit’s Human Rights Policy commits us to identifying and addressing the human rights risks connected to our operations and value chain. A commitment to respect human rights is only meaningful if we periodically step back and ask honestly: where are we most likely to fall short, and who is most at risk if we do?
This Addendum sets out the requirements for that assessment process. It describes what a saliency assessment is, how it should be conducted, what it must cover, and how its findings feed into Posit’s ongoing human rights work. It is intended to give the people responsible for conducting these assessments a clear and practical framework.
What We Mean by “Salient”
Not every human rights issue is equally relevant to every company. A saliency assessment identifies the issues that matter most given who we are, what we do, and where our operations and relationships reach. In the language of the UN Guiding Principles on Business and Human Rights, salient issues are those at risk of the most severe negative impact through Posit’s activities or business relationships.
Our lens here is people-centered, not company-centered. We are not asking where human rights issues create risk for Posit as a business. We are asking where our operations, relationships, and products create risk for the people affected by them: our employees, our contractors, the workers in our supply chain, our users, and the communities we touch.
A saliency assessment is intended to be a structured exercise in identifying actual and potential harms to understand where those harms exist now, and where they could emerge if conditions change.
When Assessments Are Required
Posit must complete a human rights saliency assessment at least every two years, aligned where possible with our B Corp recertification cycle. Beyond the baseline cadence, an assessment should be triggered whenever:
- We enter a new market, geographic region, or business area with materially different human rights conditions.
- We add a significant new vendor, supplier, or partner relationship, particularly in higher-risk categories.
- We launch a product or service with significant new human rights implications (for example, an AI-assisted tool that could affect how people are evaluated or treated).
- A credible concern or complaint surfaces through our reporting channels that suggests an issue we have not previously assessed.
- Material external developments, regulatory change, sector-wide reporting, or events involving our peers.
How the Assessment Should Be Conducted
A saliency assessment that is well-researched but internally self-referential is unlikely to surface what matters most. The process should draw on two distinct inputs: desk research and meaningful stakeholder engagement.
Desk Research
Desk research provides the foundation of the assessment: an understanding of the human rights context in which Posit operates, the types of issues commonly associated with our industry and value chain, and the specific regulatory and normative frameworks that apply. This should include review of:
- Country and region-specific human rights conditions relevant to where our employees are based and where our key vendors and suppliers operate.
- Sector-specific human rights risks associated with technology companies, software development, and data science, including issues related to privacy, surveillance, labor in hardware supply chains, and AI.
- Authoritative external sources, including reports from the UN and its specialized agencies, the ILO, civil society organizations, and academic research.
- Our own prior assessments, any complaints or concerns raised through our reporting channels, and outcomes from prior remediation efforts.
Stakeholder Engagement
Because the people most affected by a company’s activities see things that documents do not reveal, stakeholder engagement is therefore a required component of every assessment.
Stakeholder engagement for a saliency assessment is specifically designed to surface perspectives on human rights risks from those who are or could be affected, or who have particular insight into those risks. The assessment process may engage, as appropriate to the scope of the assessment:
- Posit employees, including those in roles with particular exposure to the issues being assessed, and with attention to whether people in different geographies or employment categories have different experiences.
- Contractors and others who work with Posit but whose working conditions may differ from those of direct employees.
- Representatives of our open-source community and user base, particularly where product-related human rights risks are in scope.
- Relevant civil society organizations, human rights experts, or peer companies, where direct engagement with affected groups is not practicable.
Engagement must be conducted in a way that is safe, genuinely accessible, and free from any suggestion that participation will have adverse consequences. Where language barriers or power dynamics could limit candor, the process design should address this directly.
What the Assessment Must Cover
The scope of each assessment should be calibrated to the risks most relevant at the time it is conducted. At a minimum, however, assessments should address the following across Posit’s own operations and, to the degree our relationships allow, our value chain.
Employment and Labor Practices
Given that our most direct human rights exposure is to the people who work at and with Posit, labor and employment is always in scope. This includes fair wages, working hours, freedom of association, non-discrimination, access to grievance mechanisms, and the particular conditions facing employees in each of the jurisdictions where we operate. For a remote-first global company, questions of isolation, monitoring, and the right to disconnect are also relevant.
Supply Chain and Vendor Relationships
We do not manufacture physical goods, but we do rely on infrastructure providers, cloud platforms, hardware vendors, and other suppliers. The assessment must consider where labor rights risks, including forced labor, unsafe conditions, or suppression of worker voice, may exist in those relationships, with attention to higher-risk geographies and categories.
Our Products and How They Are Used
Posit builds tools that influence how people work with data. That creates specific human rights considerations, including:
- Privacy and data rights: whether our products could be used in ways that compromise users’ personal data or facilitate surveillance.
- Algorithmic harm: whether tools that support or automate decision-making could contribute to discriminatory outcomes for individuals.
- Access and accessibility: whether barriers to using our tools create or reinforce inequalities.
- Dual-use risks: whether our open-source or commercial tools could be misused in ways that cause harm to individuals or groups.
How Issues Are Identified and Prioritized
The assessment must not only identify human rights issues; it must help us understand which ones to focus on. Every issue identified should be characterized along two dimensions:
- Severity: how serious is the harm to the people affected? Severity is assessed by considering the scale of the impact (how many people), its scope (how significantly does it affect their rights or wellbeing), and its remediability (can the harm be undone, or is it irreversible).
- Likelihood: how probable is it that the harm will occur or continue? Likelihood is informed by evidence from desk research, what stakeholders tell us, and the degree of Posit’s connection to the issue (whether we cause it directly, contribute to it, or are linked to it through a business relationship).
The output of this prioritization should provide a good perspective on which issues are most salient and where they occur in our operations or value chain, who is affected, and whether the harm is already happening or is a risk that could materialize. This picture is what drives our mitigation and remediation planning.
Prioritization does not mean deprioritized issues are ignored. It means resources and attention are allocated where they are most needed, while less salient issues remain monitored and are reassessed over time.
What Happens With the Findings
The findings must feed into Posit’s operations. Once an assessment is complete:
- The General Counsel, in coordination with People Operations and relevant business leads, is responsible for reviewing the findings and determining appropriate responses, including whether existing policies, controls, or contracts need to be updated.
- A summary of the key findings, the prioritization rationale, and planned actions is presented to the Board of Directors.
- Where remediation is required for actual harms, that process is initiated in accordance with the Human Rights Policy.
- Material findings are reflected in our PBC Report and, where applicable, our B Corp recertification materials, consistent with our public transparency commitments.
- The assessment document itself is retained and used as the baseline for the next review cycle.
This policy is a living document and may be updated as our community and regulatory environment evolve.
Last Update: 2026