Environmental, Social and Governance (ESG)

ESG has moved from a specialist finance topic to something most organisations now have to engage with. Investors, lenders, insurers and large corporate customers increasingly assess counterparties on environmental, social and governance performance alongside financial performance. For organisations with ambitions to raise capital, win larger contracts, or satisfy stakeholder scrutiny, ESG is no longer optional.

ESG is not the same as sustainability or corporate social responsibility, though the topics overlap heavily. Sustainability is a broader concept - how the organisation's activities affect the environment, society and future generations. ESG is more specifically the framework used to measure and disclose that performance in a way external parties can compare. The three letters define the scope: environmental issues (emissions, waste, resource use, climate risk); social issues (employees, health and safety, communities, human rights, supply chain labour); governance issues (board oversight, ethics, anti-corruption, risk management, transparency).

Why ESG Now Matters to Most Organisations

Three forces have brought ESG into mainstream business:

Regulatory disclosure. UK-listed companies already report under TCFD-aligned climate disclosures. The UK Sustainability Disclosure Requirements (SDR) and upcoming sustainability reporting standards (based on IFRS S1 and S2) will extend mandatory reporting further. Larger private companies are caught by Streamlined Energy and Carbon Reporting (SECR) and modern slavery statements.

Capital markets and lending. Sustainability-linked loans, green finance instruments, and ESG-screened funds all need verifiable data. Lenders increasingly ask ESG questions during credit assessments, and insurance underwriting includes ESG factors for larger risks.

Supply chain flow-through. Large corporate customers increasingly pass ESG expectations down to their suppliers. Questions about Scope 3 emissions, human rights in the supply chain and governance controls come to mid-sized suppliers through contracting processes.

For unlisted, mid-sized organisations, ESG often arrives via customer questionnaires and procurement processes rather than regulators. The practical effect is similar.

How ISO Standards Support ESG Reporting

ESG is a disclosure framework; the underlying management has to come from somewhere. ISO management system standards provide much of the operational infrastructure that ESG reporting depends on.

Environmental: ISO 14001 gives the EMS framework, the aspects register, legal compliance, operational controls and monitoring. Carbon data for ESG disclosure comes through the EMS. The 2024 climate change amendment reinforces the linkage.

Social: ISO 45001 covers occupational health and safety - accident rates, near miss reporting, worker consultation, mental health. ISO 30414 covers human capital reporting. ISO 26000 gives non-certifiable guidance on social responsibility. Modern slavery, diversity and labour practices usually sit in HR policies rather than a formal standard.

Governance: ISO 37001 covers anti-bribery management systems. ISO 37301 covers compliance management systems. ISO 27001 covers information security (an increasingly important governance topic). Board oversight, internal audit and management review exist across all ISO standards through Clauses 5, 9.2 and 9.3.

An integrated management system covering ISO 9001, 14001 and 45001 - with ISO 27001 added where information security is material - already supplies a large part of what ESG reporting needs. The gap is usually in presentation: translating the internal data into the disclosure frameworks external stakeholders expect.

Common ESG Frameworks and Standards

Several disclosure frameworks dominate ESG reporting:

IFRS S1 and S2. Issued by the International Sustainability Standards Board (ISSB) in 2023. S1 covers general sustainability disclosures, S2 covers climate-related disclosures (incorporating TCFD). Becoming the global baseline, and the foundation of the UK SDR.

GRI Standards. Widely used voluntary reporting standards focused on the organisation's impact on the wider world. More detailed than the IFRS standards in some areas, particularly social topics.

TCFD. The Task Force on Climate-related Financial Disclosures recommendations. Mandatory for UK-listed companies since 2022; being absorbed into IFRS S2.

SBTi. Science Based Targets initiative for validating emissions reduction targets. Not a disclosure standard but a verification framework, often referenced in ESG reporting.

CDP. Formerly the Carbon Disclosure Project. Operates questionnaires on climate, water and forests, widely used in supply chain assessments.

Which framework applies depends on the organisation's size, listing status, jurisdiction and stakeholder expectations. Many larger organisations report to more than one.

Practical ESG for Small and Medium Businesses

For most SMEs, ESG is not about publishing a full sustainability report. It is about being able to answer the questions that come through customer questionnaires and PQQs. A basic but credible position typically includes:

A current carbon footprint covering Scopes 1 and 2, reported annually.

A modern slavery statement where turnover triggers it (currently £36m plus).

Active ISO 14001, 45001 and 9001 certification, or equivalent systems.

A sustainable procurement policy and basic supplier due diligence.

A board-endorsed sustainability or ESG policy.

Health and safety performance data that can be shared.

Diversity and inclusion statistics at an appropriate level.

An anti-bribery position or ISO 37001 if the risk profile merits it.

Putting this together for the first time is work. Keeping it current is a smaller job once the systems are in place.

For SMEs, ESG often feels overwhelming because the language is aimed at large listed companies. The starting point is to recognise that most of the actual content of an ESG response is already produced by a competent management system - safety stats, environmental data, supplier checks, governance policies. The task is to pull it together into the format the questioner is asking for, not to build a whole new function.

The biggest mistake I see is organisations reinventing the wheel with specialist ESG consultants when an integrated management system already produces eighty per cent of the content. The second biggest is treating the ESG response as a PR exercise - buyers and investors have become adept at spotting the gap between claims and evidence.

ESG itself is not an ISO audit topic, but ESG claims are increasingly my territory because organisations often use their ISO-certified management systems as substantiation for ESG disclosures. If a sustainability report says the organisation is certified to ISO 14001 with continual improvement in environmental performance, I need to be able to confirm that is accurate. Disparities between ESG narrative and audit evidence - an impressive headline claim without data behind it - are increasingly picked up in our findings.

Practical Compliance Guidance

IMS1 addresses the integrated management system covering quality, environment and H&S - the operational backbone that supplies most of the content needed for ESG reporting.

The following alphaZ documents support ESG alongside the wider management system.

alphaZ document	How to use it
ISO 9001/14001/45001 IMS Toolkit	The integrated toolkit for quality, environment and H&S. Provides the operational foundation that ESG reporting draws on.
ISO 14001 Toolkit	The environmental toolkit - the primary source of environmental content for the E in ESG.
P-53 Sustainability Policy	The broader sustainability policy that ESG reporting will draw on. Sits alongside P-2 (environment) and P-110 (net zero) where adopted.
P-110 Net Zero Policy	Where a net zero commitment applies, provides the climate element of ESG reporting.
P-5 Sustainable Procurement Policy	Supports the supply chain questions in ESG - modern slavery, supplier due diligence, Scope 3 emissions influence.
P-2 Environmental Policy	The top-level environmental commitment that most ESG environmental reporting traces back to.
F-IMS38 Climate Change Review	Documents climate change considerations under ISO management systems, relevant to TCFD and IFRS S2 alignment.
ER9 Legal Register	Captures ESG-relevant compliance obligations - SECR, Modern Slavery Act, Companies Act reporting, SDR.

Note - all the above files can be downloaded with an alphaZ subscription.

Frequently Asked Questions

What is the difference between ESG and sustainability?

Sustainability is the broader concept - running the business in a way that does not deplete environmental or social capital. ESG is the more specific framework for measuring and disclosing sustainability performance in a way external stakeholders can use, particularly investors and large customers.

Does ISO 14001 cover ESG?

Not directly. ISO 14001 covers the environmental part of ESG. For full ESG coverage, it usually sits alongside ISO 45001 (social - H&S), ISO 27001 (governance - information security), ISO 37001 (governance - anti-bribery) and internal policies on HR, ethics and diversity.

Do we need to produce an ESG report if we are a private SME?

For most SMEs, a formal published ESG report is not required. What is increasingly needed is the ability to answer customer and investor questionnaires with credible data - carbon footprint, modern slavery statement, certification status, policies and basic performance data. The underlying work is similar either way.

What is the UK Sustainability Disclosure Requirements (SDR)?

SDR is the UK framework for corporate sustainability disclosure, being developed alongside UK-endorsed versions of the ISSB's IFRS S1 and S2 standards. It will apply progressively to listed and larger private companies. Smaller organisations will feel it indirectly through customer and investor expectations.

UK Legislation

The following UK legislation is directly relevant to ESG disclosure and underlying commitments. Organisations outside the UK should identify the equivalent legislation applicable in their jurisdiction.

Further Resources