Corporate social responsibility (CSR) has become a relevant topic for enterprises offering products and services on a global scale. International organizations provide for guidelines and private associations publish codes of conduct requiring businesses to integrate social, environmental and ethical aspects, human rights as well as consumer concerns into their operations. Not at least the EU is promoting CSR through an Agenda for Action 2011–14. The implementation of CSR is a multidimensional ethical process and gains particular importance for the IT industry which by its nature is global. Therefore, IT enterprises are invited to conduct a CSR assessment, to develop a CSR strategy and to implement CSR commitments. These tasks are to be done by introducing specific CSR processes and compliance measures for risk assessment and risk mitigation.