0003492
GRI 1: Foundation 2021
Global Reporting Initiative
International or National Standard
Free
GRI 1: Foundation 2021
GRI 1: Foundation
2023-01-01
The document as a whole was last reviewed and released on 2022-07-18T00:00:00-0700.
0003492
Free
Global Reporting Initiative
International or National Standard
GRI 1: Foundation 2021
GRI 1: Foundation
2023-01-01
The document as a whole was last reviewed and released on 2022-07-18T00:00:00-0700.
This Authority Document In Depth Report is copyrighted - © 2024 - Network Frontiers LLC. All rights reserved. Copyright in the Authority Document analyzed herein is held by its authors. Network Frontiers makes no claims of copyright in this Authority Document.
This Authority Document In Depth Report is provided for informational purposes only and does not constitute, and should not be construed as, legal advice. The reader is encouraged to consult with an attorney experienced in these areas for further explanation and advice.
This Authority Document In Depth Report provides analysis and guidance for use and implementation of the Authority Document but it is not a substitute for the original authority document itself. Readers should refer to the original authority document as the definitive resource on obligations and compliance requirements.
This document has been mapped into the Unified Compliance Framework using a patented methodology and patented tools (you can research our patents HERE). The mapping team has taken every effort to ensure the quality of mapping is of the highest degree. To learn more about the process we use to map Authority Documents, or to become involved in that process, click HERE.
When the UCF Mapping Teams tag Citations and their associated mandates within an Authority Document, those Citations and Mandates are tied to Common Controls. In addition, and by virtue of those Citations and mandates being tied to Common Controls, there are three sets of meta data that are associated with each Citation; Controls by Impact Zone, Controls by Type, and Controls by Classification.
The online version of the mapping analysis you see here is just a fraction of the work the UCF Mapping Team has done. The downloadable version of this document, available within the Common Controls Hub (available HERE) contains the following:
Document implementation analysis – statistics about the document’s alignment with Common Controls as compared to other Authority Documents and statistics on usage of key terms and non-standard terms.
Citation and Mandate Tagging and Mapping – A complete listing of each and every Citation we found within GRI 1: Foundation 2021 that have been tagged with their primary and secondary nouns and primary and secondary verbs in three column format. The first column shows the Citation (the marker within the Authority Document that points to where we found the guidance). The second column shows the Citation guidance per se, along with the tagging for the mandate we found within the Citation. The third column shows the Common Control ID that the mandate is linked to, and the final column gives us the Common Control itself.
Dictionary Terms – The dictionary terms listed for GRI 1: Foundation 2021 are based upon terms either found within the Authority Document’s defined terms section(which most legal documents have), its glossary, and for the most part, as tagged within each mandate. The terms with links are terms that are the standardized version of the term.
Common Controls andAn Impact Zone is a hierarchical way of organizing our suite of Common Controls — it is a taxonomy. The top levels of the UCF hierarchy are called Impact Zones. Common Controls are mapped within the UCF’s Impact Zones and are maintained in a legal hierarchy within that Impact Zone. Each Impact Zone deals with a separate area of policies, standards, and procedures: technology acquisition, physical security, continuity, records management, etc.
The UCF created its taxonomy by looking at the corpus of standards and regulations through the lens of unification and a view toward how the controls impact the organization. Thus, we created a hierarchical structure for each impact zone that takes into account regulatory and standards bodies, doctrines, and language.
Audits and risk management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Audits and risk management CC ID 00677 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a risk management program. CC ID 12051 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Establish/Maintain Documentation | Preventive | |
| Correlate the business impact of identified risks in the risk assessment report. CC ID 00686 [{be sufficient}{be insufficient} The organization should provide sufficient information about its impacts in relation to each material topic so that information users can make informed assessments and decisions about the organization. If the disclosures from the Topic Standards do not provide sufficient information about the organization's impacts, then the organization should report additional disclosures. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Guidance to 5-a ¶ 5] | Audits and Risk Management | Preventive | |
| Conduct a Business Impact Analysis, as necessary. CC ID 01147 | Audits and Risk Management | Detective | |
| Include recovery of the critical path in the Business Impact Analysis. CC ID 13224 | Establish/Maintain Documentation | Preventive | |
| Include acceptable levels of data loss in the Business Impact Analysis. CC ID 13264 | Establish/Maintain Documentation | Preventive | |
| Include Recovery Point Objectives in the Business Impact Analysis. CC ID 13223 | Establish/Maintain Documentation | Preventive | |
| Include the Recovery Time Objectives in the Business Impact Analysis. CC ID 13222 | Establish/Maintain Documentation | Preventive | |
| Include pandemic risks in the Business Impact Analysis. CC ID 13219 | Establish/Maintain Documentation | Preventive | |
| Include tolerance to downtime in the Business Impact Analysis report. CC ID 01172 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the Business Impact Analysis to interested personnel and affected parties. CC ID 15300 | Communicate | Preventive | |
| Establish, implement, and maintain a risk register. CC ID 14828 | Establish/Maintain Documentation | Preventive | |
| Document organizational risk tolerance in a risk register. CC ID 09961 | Establish/Maintain Documentation | Preventive | |
| Align organizational risk tolerance to that of industry peers in the risk register. CC ID 09962 | Business Processes | Preventive | |
| Review the Business Impact Analysis, as necessary. CC ID 12774 | Business Processes | Preventive | |
| Analyze and quantify the risks to in scope systems and information. CC ID 00701 | Audits and Risk Management | Preventive | |
| Establish and maintain a Risk Scoping and Measurement Definitions Document. CC ID 00703 | Audits and Risk Management | Preventive | |
| Identify the material risks in the risk assessment report. CC ID 06482 | Audits and Risk Management | Preventive | |
| Assess the potential level of business impact risk associated with each business process. CC ID 06463 | Audits and Risk Management | Detective | |
| Assess the potential level of business impact risk associated with the business environment. CC ID 06464 | Audits and Risk Management | Detective | |
| Assess the potential level of business impact risk associated with business information of in scope systems. CC ID 06465 | Audits and Risk Management | Detective | |
| Identify changes to in scope systems that could threaten communication between business units. CC ID 13173 | Investigate | Detective | |
| Assess the potential business impact risk of in scope systems caused by deliberate threats to their confidentiality, integrity, and availability. CC ID 06466 | Audits and Risk Management | Detective | |
| Assess the potential level of business impact risk caused by accidental threats to the confidentiality, integrity and availability of critical systems. CC ID 06467 | Audits and Risk Management | Detective | |
| Assess the potential level of business impact risk associated with reputational damage. CC ID 15335 | Audits and Risk Management | Detective | |
| Assess the potential level of business impact risk associated with insider threats. CC ID 06468 | Audits and Risk Management | Detective | |
| Assess the potential level of business impact risk associated with external entities. CC ID 06469 | Audits and Risk Management | Detective | |
| Assess the potential level of business impact risk associated with natural disasters. CC ID 06470 | Actionable Reports or Measurements | Detective | |
| Assess the potential level of business impact risk associated with control weaknesses. CC ID 06471 | Audits and Risk Management | Detective | |
| Establish a risk acceptance level that is appropriate to the organization's risk appetite. CC ID 00706 | Establish/Maintain Documentation | Preventive | |
| Investigate alternative risk control strategies appropriate to the organization's risk appetite. CC ID 12887 | Investigate | Preventive | |
| Select the appropriate risk treatment option for each identified risk in the risk register. CC ID 06483 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the risk acceptance level in the risk treatment plan to all interested personnel and affected parties. CC ID 06849 | Behavior | Preventive | |
| Establish, implement, and maintain a disclosure report. CC ID 15521 [{be the same}{approved standard}{international or national standard} Disclosures that the organization reports from other sources or that are developed by the organization itself, should have the same rigor as disclosures from the GRI Standards, and they should align with expectations set out in authoritative intergovernmental instruments. Requirement 5 Guidance to 5-a ¶ 6 {be the same}{approved standard}{international or national standard} Disclosures that the organization reports from other sources or that are developed by the organization itself, should have the same rigor as disclosures from the GRI Standards, and they should align with expectations set out in authoritative intergovernmental instruments. Requirement 5 Guidance to 5-a ¶ 6 The organization shall report all disclosures in GRI 2: General Disclosures 2021. Requirement 2(a) {compliance disclosure statement} publish a GRI content index that includes: the statement of use; Requirement 7 ¶ 1(a)(ii) for each material topic covered in the applicable GRI Sector Standard(s), either: report the disclosures from the GRI Topic Standards listed for that topic in the Sector Standard(s), or; Requirement 5 ¶ 1(b)(i) {be relevant} For each material topic, the organization needs to identify disclosures from the GRI Topic Standards to report. The organization is required to report only those disclosures relevant to its impacts in relation to a material topic. The organization is not required to report disclosures that are not relevant. Requirement 5 Guidance to 5-a ¶ 1 {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported in accordance with the GRI Standards for the period [reporting period start and end dates]. Requirement 8(a) {be sufficient}{be insufficient} The organization should provide sufficient information about its impacts in relation to each material topic so that information users can make informed assessments and decisions about the organization. If the disclosures from the Topic Standards do not provide sufficient information about the organization's impacts, then the organization should report additional disclosures. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Guidance to 5-a ¶ 5 To apply the Comparability principle, the organization should: if restatements of historical data are not provided, explain the changes to provide contextual information for interpreting the current disclosures. Comparability Guidance ¶ 2 Bullet 8 To apply the Accuracy principle, the organization should: report qualitative information that is consistent with available evidence and other reported information; Accuracy Guidance ¶ 2 Bullet 1 To apply the Balance principle, the organization should: not omit relevant information concerning its negative impacts; Balance Guidance ¶ 1 Bullet 3 {emerging trend}{related} The organization shall select, compile, and report information consistently to enable an analysis of changes in the organization's impacts over time and an analysis of these impacts relative to those of other organizations. Comparability ¶ 1(a) {emerging trend}{related} The organization shall select, compile, and report information consistently to enable an analysis of changes in the organization's impacts over time and an analysis of these impacts relative to those of other organizations. Comparability ¶ 1(a)] | Establish/Maintain Documentation | Preventive | |
| Include a summary of the questions and statements from surveys or studies in the disclosure report. CC ID 15631 | Establish/Maintain Documentation | Preventive | |
| Include a statement that confidential information has been omitted in the disclosure report. CC ID 16598 | Establish/Maintain Documentation | Preventive | |
| Include legal proceedings in the disclosure report. CC ID 15564 | Establish/Maintain Documentation | Preventive | |
| Include the context of monetary losses from legal proceedings in the disclosure report. CC ID 15533 | Establish/Maintain Documentation | Preventive | |
| Include the nature of monetary losses from legal proceedings in the disclosure report. CC ID 15532 | Establish/Maintain Documentation | Preventive | |
| Include goals and targets in the disclosure report. CC ID 16339 | Establish/Maintain Documentation | Preventive | |
| Include the governance, risk, and compliance approach in the disclosure report. CC ID 16024 | Establish/Maintain Documentation | Preventive | |
| Include the relationship between organizational requirements and external requirements in the disclosure report. CC ID 16154 | Establish/Maintain Documentation | Preventive | |
| Include external requirements in the disclosure report. CC ID 16150 | Establish/Maintain Documentation | Preventive | |
| Include the classification of risks and opportunities posed by climate change in the disclosure report. CC ID 16096 | Establish/Maintain Documentation | Preventive | |
| Include board oversight of risks and opportunities in the disclosure report. CC ID 16337 | Establish/Maintain Documentation | Preventive | |
| Include risk management procedures in the disclosure report. CC ID 16058 | Establish/Maintain Documentation | Preventive | |
| Include the risk management strategy in the disclosure report. CC ID 16348 | Establish/Maintain Documentation | Preventive | |
| Include risk assessment procedures in the disclosure report. CC ID 16343 | Establish/Maintain Documentation | Preventive | |
| Include the organization's primary activities in the disclosure report. CC ID 16043 | Establish/Maintain Documentation | Preventive | |
| Include business operations owned by the organization in the disclosure report. CC ID 15614 | Establish/Maintain Documentation | Preventive | |
| Include critical business operations that support cloud services in the disclosure report. CC ID 15612 | Establish/Maintain Documentation | Preventive | |
| Include the relationship between the tax strategy and the organizational strategy in the disclosure report. CC ID 16035 | Establish/Maintain Documentation | Preventive | |
| Include reference to assurance statements in the disclosure report. CC ID 16033 | Establish/Maintain Documentation | Preventive | |
| Include a description of assurance processes in the disclosure report. CC ID 16031 | Establish/Maintain Documentation | Preventive | |
| Include metrics in the disclosure report. CC ID 15916 | Establish/Maintain Documentation | Preventive | |
| Include metrics on diversity and equal opportunity in the disclosure report. CC ID 15934 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of individuals in each racial group or ethnic group in the disclosure report. CC ID 15632 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of individuals in each gender category in the disclosure report. CC ID 15952 | Actionable Reports or Measurements | Detective | |
| Include the percentage of individuals in specified age groups in the disclosure report. CC ID 15871 | Establish/Maintain Documentation | Preventive | |
| Include the number of individuals in each region in the disclosure report. CC ID 15835 | Establish/Maintain Documentation | Preventive | |
| Include the number of individuals in each gender category in the disclosure report. CC ID 15633 | Establish/Maintain Documentation | Preventive | |
| Include the ratio of the basic salary and remuneration of women and men in the disclosure report. CC ID 15869 | Establish/Maintain Documentation | Preventive | |
| Include the total number of incidents of discrimination in the disclosure report. CC ID 15788 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of individuals in specified diversity categories in the disclosure report. CC ID 15870 | Establish/Maintain Documentation | Preventive | |
| Include metrics criteria in the disclosure report. CC ID 16143 | Establish/Maintain Documentation | Preventive | |
| Include risk management metrics in the disclosure report. CC ID 16345 | Establish/Maintain Documentation | Preventive | |
| Include financial management metrics in the disclosure report. CC ID 16042 | Establish/Maintain Documentation | Preventive | |
| Include the total amount of corporate income tax accrued on profit/loss in the disclosure report. CC ID 16107 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of subsidies received from the government in the disclosure report. CC ID 16101 | Actionable Reports or Measurements | Detective | |
| Include revenues in the disclosure report. CC ID 16099 | Actionable Reports or Measurements | Detective | |
| Include the economic value distributed in the disclosure report. CC ID 16086 | Actionable Reports or Measurements | Detective | |
| Include total monetary value of payments to capital providers in the disclosure report. CC ID 16092 | Actionable Reports or Measurements | Detective | |
| Include total monetary value of payments to governments in the disclosure report. CC ID 16091 | Actionable Reports or Measurements | Detective | |
| Include total monetary value of employee wages and benefits in the disclosure report. CC ID 16090 | Actionable Reports or Measurements | Detective | |
| Include total monetary value of community investments in the disclosure report. CC ID 16089 | Actionable Reports or Measurements | Detective | |
| Include operating costs in the disclosure report. CC ID 16088 | Actionable Reports or Measurements | Detective | |
| Include economic value retained in the disclosure report. CC ID 16094 | Actionable Reports or Measurements | Detective | |
| Include the direct economic value generated and distributed in the disclosure report. CC ID 16085 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of financial assistance received from the government in the disclosure report. CC ID 16087 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of awards received from the government in the disclosure report. CC ID 16106 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of financial incentives received from the government in the disclosure report. CC ID 16105 | Actionable Reports or Measurements | Detective | |
| Include a breakdown of financial assistance received from the government in the disclosure report. CC ID 16104 | Establish/Maintain Documentation | Preventive | |
| Include the total monetary value of tax relief and tax credits received from the government in the disclosure report. CC ID 16102 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of grants received from the government in the disclosure report. CC ID 16100 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of royalty holidays received from the government in the disclosure report. CC ID 16097 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of financial assistance received from Export Credit Agencies in the disclosure report. CC ID 16095 | Actionable Reports or Measurements | Detective | |
| Include the total amount of corporate income tax paid on a cash basis in the disclosure report. CC ID 16050 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of tangible assets other than cash and cash equivalents in the disclosure report. CC ID 16048 | Actionable Reports or Measurements | Detective | |
| Include revenues from intragroup transactions with other tax jurisdictions in the disclosure report. CC ID 16046 | Actionable Reports or Measurements | Detective | |
| Include revenues from third party sales in the disclosure report. CC ID 16045 | Actionable Reports or Measurements | Detective | |
| Include the profit and loss before tax in the disclosure report. CC ID 16044 | Actionable Reports or Measurements | Detective | |
| Include metrics on anti-corruption in the disclosure report. CC ID 16052 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of interested personnel and affected parties that have received training on anti-corruption in the disclosure report. CC ID 16073 | Actionable Reports or Measurements | Detective | |
| Include the percentage of interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16072 | Actionable Reports or Measurements | Detective | |
| Include the total number of interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16071 | Actionable Reports or Measurements | Detective | |
| Include the total number of incidents where contracts with business partners were terminated due to corruption in the disclosure report. CC ID 16070 | Actionable Reports or Measurements | Detective | |
| Include the total number of interested personnel and affected parties that have received training on anti-corruption in the disclosure report. CC ID 16069 | Actionable Reports or Measurements | Detective | |
| Include the total number of incidents in which employees were dismissed or disciplined for corruption in the disclosure report. CC ID 16068 | Actionable Reports or Measurements | Detective | |
| Include the total number of incidents of corruption in the disclosure report. CC ID 16066 | Actionable Reports or Measurements | Detective | |
| Include the percentage of operations assessed for risks related to corruption in the disclosure report. CC ID 16063 | Actionable Reports or Measurements | Detective | |
| Include the total number of operations assessed for risks related to corruption in the disclosure report. CC ID 16062 | Actionable Reports or Measurements | Detective | |
| Include environmental management metrics in the disclosure report. CC ID 16012 | Establish/Maintain Documentation | Preventive | |
| Include the total number of listed species with habitats in areas affected by organizational operations in the disclosure report. CC ID 16038 | Actionable Reports or Measurements | Detective | |
| Include a breakdown, by extinction risk, of the listed species with habitats in areas affected by organizational operations in the disclosure report. CC ID 16041 | Establish/Maintain Documentation | Preventive | |
| Include the size of operational sites near areas of high biodiversity value in the disclosure report. CC ID 16032 | Actionable Reports or Measurements | Detective | |
| Include the size of habitat areas protected or restored by the organization in the disclosure report. CC ID 16023 | Actionable Reports or Measurements | Detective | |
| Include metrics on procurement practices in the disclosure report. CC ID 16011 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of the procurement budget spent on local suppliers in the disclosure report. CC ID 16022 | Actionable Reports or Measurements | Detective | |
| Include emissions management metrics in the disclosure report. CC ID 15987 | Establish/Maintain Documentation | Preventive | |
| Include gross energy indirect greenhouse gas emissions in the disclosure report. CC ID 16340 | Actionable Reports or Measurements | Detective | |
| Include the total exports of ozone-depleting substances in the disclosure report. CC ID 16083 | Actionable Reports or Measurements | Detective | |
| Include the total imports of ozone-depleting substances in the disclosure report. CC ID 16081 | Actionable Reports or Measurements | Detective | |
| Include the total production of ozone-depleting substances in the disclosure report. CC ID 16079 | Actionable Reports or Measurements | Detective | |
| Include gross other indirect greenhouse gas emissions in the disclosure report. CC ID 16013 | Actionable Reports or Measurements | Detective | |
| Include gross direct greenhouse gas emissions in the disclosure report.. CC ID 16009 | Actionable Reports or Measurements | Detective | |
| Include gross direct greenhouse gas emissions from perfluorinated compounds in the disclosure report. CC ID 16146 | Actionable Reports or Measurements | Detective | |
| Include gross market-based energy indirect greenhouse gas emissions in the disclosure report. CC ID 16008 | Actionable Reports or Measurements | Detective | |
| Include biogenic carbon dioxide emissions in the disclosure report. CC ID 16007 | Actionable Reports or Measurements | Detective | |
| Include gross location-based energy indirect greenhouse gas emissions in the disclosure report. CC ID 16006 | Actionable Reports or Measurements | Detective | |
| Include the total amount of significant air emissions in the disclosure report. CC ID 16005 | Actionable Reports or Measurements | Detective | |
| Include the total emissions of nitrogen oxides in the disclosure report. CC ID 16084 | Actionable Reports or Measurements | Detective | |
| Include the total emissions of sulfur oxides in the disclosure report. CC ID 16082 | Actionable Reports or Measurements | Detective | |
| Include the total emissions of volatile organic compounds in the disclosure report. CC ID 16080 | Actionable Reports or Measurements | Detective | |
| Include the total emissions of persistent organic pollutants in the disclosure report. CC ID 16078 | Actionable Reports or Measurements | Detective | |
| Include the total emissions of particulate matter in the disclosure report. CC ID 16077 | Actionable Reports or Measurements | Detective | |
| Include the total emissions of hazardous air pollutants in the disclosure report. CC ID 16076 | Actionable Reports or Measurements | Detective | |
| Include the greenhouse gas emissions intensity ratio in the disclosure report. CC ID 16004 | Actionable Reports or Measurements | Detective | |
| Include the total amount of reductions in greenhouse gas emissions in the disclosure report. CC ID 15999 | Actionable Reports or Measurements | Detective | |
| Include compliance metrics in the disclosure report. CC ID 15932 | Establish/Maintain Documentation | Preventive | |
| Include the total number of legal actions against the organization in the disclosure report. CC ID 16003 | Actionable Reports or Measurements | Detective | |
| Include the total number of fines for instances of non-compliance in the disclosure report. CC ID 15950 | Actionable Reports or Measurements | Detective | |
| Include the total amount of monetary losses from legal proceedings in the disclosure report. CC ID 15548 | Establish/Maintain Documentation | Preventive | |
| Include the total number of incidents of non-compliance in the disclosure report. CC ID 15813 | Establish/Maintain Documentation | Preventive | |
| Include metrics on labor-management relations in the disclosure report. CC ID 15935 | Establish/Maintain Documentation | Preventive | |
| Include the minimum number of weeks' notice provided to employees and their representatives prior to the implementation of significant operational changes that could substantially affect them in the disclosure report. CC ID 15895 | Establish/Maintain Documentation | Preventive | |
| Include waste management metrics in the disclosure report. CC ID 15925 | Establish/Maintain Documentation | Preventive | |
| Include the total weight of hazardous waste generated from manufacturing operations in the disclosure report. CC ID 16163 | Actionable Reports or Measurements | Detective | |
| Include the total volume of significant spills in the disclosure report. CC ID 16010 | Actionable Reports or Measurements | Detective | |
| Include the total number of significant spills in the disclosure report. CC ID 15965 | Actionable Reports or Measurements | Detective | |
| Include the total weight of waste generated in the disclosure report. CC ID 15778 | Establish/Maintain Documentation | Preventive | |
| Include the total weight of hazardous waste directed to disposal in the disclosure report. CC ID 15774 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of hazardous waste directed to disposal in the disclosure report. CC ID 15781 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of waste generated in the disclosure report. CC ID 15775 | Establish/Maintain Documentation | Preventive | |
| Include the total weight of non-hazardous waste directed to disposal in the disclosure report. CC ID 15772 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of non-hazardous waste directed to disposal in the disclosure report. CC ID 15780 | Establish/Maintain Documentation | Preventive | |
| Include the total weight of non-hazardous waste diverted from disposal in the disclosure report. CC ID 15770 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of non-hazardous waste diverted from disposal in the disclosure report. CC ID 15771 | Establish/Maintain Documentation | Preventive | |
| Include the total weight of waste diverted from disposal in the disclosure report. CC ID 15766 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of waste diverted from disposal the disclosure report. CC ID 15767 | Establish/Maintain Documentation | Preventive | |
| Include the total weight of hazardous waste diverted from disposal in the disclosure report. CC ID 15768 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of hazardous waste diverted from disposal in the disclosure report. CC ID 15769 | Establish/Maintain Documentation | Preventive | |
| Include the total weight of waste directed to disposal in the disclosure report. CC ID 15777 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of waste directed to disposal in the disclosure report. CC ID 15776 | Establish/Maintain Documentation | Preventive | |
| Include product and service management metrics in the disclosure report. CC ID 15917 | Establish/Maintain Documentation | Preventive | |
| Include the performance qualification score of laptops in the disclosure report. CC ID 16176 | Actionable Reports or Measurements | Detective | |
| Include the battery life score of laptops in the disclosure report. CC ID 16175 | Actionable Reports or Measurements | Detective | |
| Include the energy efficiency of laptop computer processors in the disclosure report. CC ID 16174 | Actionable Reports or Measurements | Detective | |
| Include the energy efficiency of desktop computer processors in the disclosure report. CC ID 16172 | Actionable Reports or Measurements | Detective | |
| Include the energy efficiency of server processors in the disclosure report. CC ID 16170 | Actionable Reports or Measurements | Detective | |
| Include the overall ssj_ops/watt of servers in the disclosure report. CC ID 16162 | Actionable Reports or Measurements | Detective | |
| Include the percentage of products sold that contain declarable substances in the disclosure report. CC ID 16159 | Actionable Reports or Measurements | Detective | |
| Include the SPECspeed2017_int_base score/watt of desktop computers in the disclosure report. CC ID 16160 | Actionable Reports or Measurements | Detective | |
| Include the SPECspeed2017_fp_basescore/watt of desktop computers in the disclosure report. CC ID 16157 | Actionable Reports or Measurements | Detective | |
| Include the average actual sustained download speed in the disclosure report. CC ID 15568 | Actionable Reports or Measurements | Detective | |
| Include the number of products and services provided by the organization in the disclosure report. CC ID 15833 | Establish/Maintain Documentation | Preventive | |
| Include the average advertised download speed in the disclosure report. CC ID 15567 | Actionable Reports or Measurements | Detective | |
| Include the percentage of product or service categories assessed for compliance in the disclosure report. CC ID 15811 | Establish/Maintain Documentation | Preventive | |
| Include water management metrics in the disclosure report. CC ID 15924 | Establish/Maintain Documentation | Preventive | |
| Include the total water withdrawal in the disclosure report. CC ID 15593 | Establish/Maintain Documentation | Preventive | |
| Include the total water withdrawal from locations with significant baseline water stress in the disclosure report. CC ID 15596 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of water withdrawal from locations with significant baseline water stress in the disclosure report. CC ID 15794 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of water withdrawal in the disclosure report. CC ID 15795 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of water withdrawn from locations with significant baseline water stress in the disclosure report. CC ID 15949 | Actionable Reports or Measurements | Detective | |
| Include the total water discharge in the disclosure report. CC ID 15758 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of water discharge in the disclosure report. CC ID 15759 | Establish/Maintain Documentation | Preventive | |
| Include the total water discharge to locations with significant baseline water stress in the disclosure report. CC ID 15760 | Establish/Maintain Documentation | Preventive | |
| Include a breakdown of water discharge to locations with significant baseline water stress in the disclosure report. CC ID 15797 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of water consumed from locations with significant baseline water stress in the disclosure report. CC ID 15948 | Actionable Reports or Measurements | Detective | |
| Include the total water consumption in the disclosure report. CC ID 15642 | Establish/Maintain Documentation | Preventive | |
| Include the total water consumption in locations with significant baseline water stress in the disclosure report. CC ID 15598 | Establish/Maintain Documentation | Preventive | |
| Include the total number of complaints received in the disclosure report. CC ID 15728 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of individuals involved in the study or survey in the disclosure report. CC ID 15643 | Establish/Maintain Documentation | Preventive | |
| Include employment practices metrics in the disclosure report. CC ID 15921 | Establish/Maintain Documentation | Preventive | |
| Include the near miss frequency rate for work-related near misses in the disclosure report. CC ID 16228 | Actionable Reports or Measurements | Detective | |
| Include the number of days idle as a result of work stoppages in the disclosure report. CC ID 16217 | Actionable Reports or Measurements | Detective | |
| Include the total monetary value of benefit plan liabilities in the disclosure report. CC ID 16108 | Actionable Reports or Measurements | Detective | |
| Include the percentage of an employee's salary contributed to benefit plans by employee or employer in the disclosure report. CC ID 16103 | Actionable Reports or Measurements | Detective | |
| Include the ratio of entry level wages to the minimum wage in the disclosure report. CC ID 16002 | Actionable Reports or Measurements | Detective | |
| Include the percentage of senior management hired from the local community in the disclosure report. CC ID 16001 | Actionable Reports or Measurements | Detective | |
| Include the percentage of employees that are foreign nationals in the disclosure report. CC ID 15622 | Actionable Reports or Measurements | Preventive | |
| Include the percentage of offshore employees in the disclosure report. CC ID 15623 | Actionable Reports or Measurements | Preventive | |
| Include the percentage of employee engagement in the disclosure report. CC ID 15634 | Actionable Reports or Measurements | Preventive | |
| Include the percentage of employees covered by collective bargaining agreements in the disclosure report. CC ID 15931 | Actionable Reports or Measurements | Detective | |
| Include the rate of new employee hires in the disclosure report. CC ID 15928 | Actionable Reports or Measurements | Detective | |
| Include the rate of employee turnover in the disclosure report. CC ID 15898 | Establish/Maintain Documentation | Preventive | |
| Include the total number of employees who left the organization in the disclosure report. CC ID 16127 | Actionable Reports or Measurements | Detective | |
| Include the total number of new employee hires in the disclosure report. CC ID 15896 | Establish/Maintain Documentation | Preventive | |
| Include the total number of employees in the disclosure report. CC ID 15834 | Establish/Maintain Documentation | Preventive | |
| Include the number of work stoppages involving one thousand or more workers in the disclosure report. CC ID 16214 | Actionable Reports or Measurements | Detective | |
| Include metrics on parental leave in the disclosure report. CC ID 15936 | Establish/Maintain Documentation | Preventive | |
| Include the total number of employees that returned to work after parental leave ended that were still employed twelve months after their return to work in the disclosure report. CC ID 15906 | Establish/Maintain Documentation | Preventive | |
| Include the total number of employees that were entitled to parental leave in the disclosure report. CC ID 15960 | Actionable Reports or Measurements | Detective | |
| Include the total number of employees that took parental leave in the disclosure report. CC ID 15955 | Actionable Reports or Measurements | Detective | |
| Include the total number of employees that returned to work in the reporting period after parental leave ended in the disclosure report. CC ID 15946 | Actionable Reports or Measurements | Detective | |
| Include the return to work rate of employees that took parental leave in the disclosure report. CC ID 15958 | Actionable Reports or Measurements | Detective | |
| Include the retention rate of employees that took parental leave in the disclosure report. CC ID 15962 | Actionable Reports or Measurements | Detective | |
| Include the number of hours worked in the disclosure report. CC ID 15910 | Establish/Maintain Documentation | Preventive | |
| Include metrics on public policy advocacy in the disclosure report. CC ID 15947 | Establish/Maintain Documentation | Preventive | |
| Include the total monetary value of political contributions in the disclosure report. CC ID 15803 | Establish/Maintain Documentation | Preventive | |
| Include metrics on training and education in the disclosure report. CC ID 15940 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of total employees who received a performance review in the disclosure report. CC ID 15877 | Establish/Maintain Documentation | Preventive | |
| Include the average hours of training undertaken by employees in the disclosure report. CC ID 15881 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of security personnel who have received training on human rights policies and their application to security in the disclosure report. CC ID 15726 | Actionable Reports or Measurements | Preventive | |
| Include operational metrics in the disclosure report. CC ID 15939 | Establish/Maintain Documentation | Preventive | |
| Include incident management metrics in the disclosure report. CC ID 15926 | Establish/Maintain Documentation | Preventive | |
| Include the user average interruption duration in the disclosure report. CC ID 15558 | Actionable Reports or Measurements | Detective | |
| Include the number of service disruptions in services provided to users in the disclosure report. CC ID 15618 | Establish/Maintain Documentation | Preventive | |
| Include the system average interruption frequency in the disclosure report. CC ID 15565 | Actionable Reports or Measurements | Detective | |
| Include the total user downtime in the disclosure report. CC ID 15635 | Actionable Reports or Measurements | Preventive | |
| Include the number of performance issues in services provided to users in the disclosure report. CC ID 15606 | Establish/Maintain Documentation | Preventive | |
| Include the total number of operations performed by the organization in the disclosure report. CC ID 15831 | Establish/Maintain Documentation | Preventive | |
| Include metrics on information privacy and freedom of expression in the disclosure report. CC ID 15933 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of content removal requests with which the organization complied in the disclosure report. CC ID 15649 | Actionable Reports or Measurements | Preventive | |
| Include the total number of unique individuals whose information was requested by a third party in the disclosure report. CC ID 15500 | Actionable Reports or Measurements | Detective | |
| Include the number of individuals whose personal data is maintained in the disclosure report. CC ID 16792 | Actionable Reports or Measurements | Preventive | |
| Include the number of individuals whose information is used for secondary purposes in the disclosure report. CC ID 15557 | Establish/Maintain Documentation | Preventive | |
| Include the total number of leaks, thefts, or losses of restricted data in the disclosure report. CC ID 15729 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of information requests that resulted in disclosure in the disclosure report. CC ID 15560 | Actionable Reports or Measurements | Detective | |
| Include the number of content removal requests in the disclosure report. CC ID 15647 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of individuals affected by monitoring, blocking, or filtering in the disclosure report. CC ID 15640 | Establish/Maintain Documentation | Preventive | |
| Include the total number of unique requests for an individual's information in the disclosure report. CC ID 15542 | Establish/Maintain Documentation | Preventive | |
| Include the total number of unique individuals affected by data breaches in the disclosure report. CC ID 15951 | Actionable Reports or Measurements | Detective | |
| Include the percentage of data breaches which involved personal data in the disclosure report. CC ID 15543 | Establish/Maintain Documentation | Preventive | |
| Include third party management metrics in the disclosure report. CC ID 15923 | Establish/Maintain Documentation | Preventive | |
| Include the total number of contractors and outsource partners in the disclosure report. CC ID 15837 | Establish/Maintain Documentation | Preventive | |
| Include metrics on supplier environmental assessments in the disclosure report. CC ID 15937 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of suppliers identified as having significant negative environmental impacts with which improvements were agreed upon as a result of assessment in the disclosure report. CC ID 15884 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of suppliers identified as having significant negative environmental impacts with which relationships were terminated as a result of assessment in the disclosure report. CC ID 15883 | Establish/Maintain Documentation | Preventive | |
| Include the number of suppliers assessed for environmental impacts in the disclosure report. CC ID 15886 | Establish/Maintain Documentation | Preventive | |
| Include the number of suppliers identified as having significant negative environmental impacts in the disclosure report. CC ID 15885 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of new suppliers that were screened using environmental criteria in the disclosure report. CC ID 15887 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of Tier 1 suppliers' manufacturing facilities audited in compliance with the Responsible Business Alliance Validated Audit Process protocol in the disclosure report. CC ID 16216 | Actionable Reports or Measurements | Detective | |
| Include metrics on supplier social assessments in the disclosure report. CC ID 15938 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of new suppliers that were screened using social criteria in the disclosure report. CC ID 15808 | Establish/Maintain Documentation | Preventive | |
| Include the number of suppliers with significant negative social impacts in the disclosure report. CC ID 15807 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of suppliers with significant negative social impacts with which improvements were agreed upon in the disclosure report. CC ID 15806 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of suppliers having significant negative social impacts with which relationships were terminated in the disclosure report. CC ID 15805 | Establish/Maintain Documentation | Preventive | |
| Include the number of suppliers assessed for social impacts in the disclosure report. CC ID 15810 | Establish/Maintain Documentation | Preventive | |
| Include customer health and safety management metrics in the disclosure report. CC ID 15922 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of product or service categories for which health and safety impacts are assessed for improvement in the disclosure report. CC ID 15814 | Establish/Maintain Documentation | Preventive | |
| Include energy management metrics in the disclosure report. CC ID 15920 | Establish/Maintain Documentation | Preventive | |
| Include the total energy reduction in the disclosure report. CC ID 15749 | Establish/Maintain Documentation | Preventive | |
| Include the total amount of reductions in the energy requirements of products and services in the disclosure report. CC ID 15751 | Establish/Maintain Documentation | Preventive | |
| Exclude energy reduction resulting from reduced production capacity or outsourcing in the disclosure report. CC ID 15750 | Establish/Maintain Documentation | Preventive | |
| Include the power usage effectiveness in the disclosure report. CC ID 15552 | Actionable Reports or Measurements | Detective | |
| Include the total heating sold in the disclosure report. CC ID 15739 | Establish/Maintain Documentation | Preventive | |
| Include the energy intensity ratio in the disclosure report. CC ID 15735 | Actionable Reports or Measurements | Preventive | |
| Include the total fuel consumption from non-renewable energy sources in the disclosure report. CC ID 15746 | Establish/Maintain Documentation | Preventive | |
| Include the total electricity sold in the disclosure report. CC ID 15740 | Establish/Maintain Documentation | Preventive | |
| Include the total energy consumption in the disclosure report. CC ID 15506 | Establish/Maintain Documentation | Preventive | |
| Include the total fuel consumption from renewable energy sources in the disclosure report. CC ID 15744 | Establish/Maintain Documentation | Preventive | |
| Include the total heating consumption in the disclosure report. CC ID 15743 | Establish/Maintain Documentation | Preventive | |
| Include the total cooling sold in the disclosure report. CC ID 15738 | Establish/Maintain Documentation | Preventive | |
| Include the total cooling consumption in the disclosure report. CC ID 15742 | Establish/Maintain Documentation | Preventive | |
| Include the total steam sold in the disclosure report. CC ID 15737 | Establish/Maintain Documentation | Preventive | |
| Include the total steam consumption in the disclosure report. CC ID 15741 | Establish/Maintain Documentation | Preventive | |
| Include the fuel types used in the disclosure report. CC ID 15745 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of energy consumed that is renewable energy in the disclosure report. CC ID 15549 | Actionable Reports or Measurements | Detective | |
| Include the percentage of energy consumed that was supplied by grid electricity in the disclosure report. CC ID 15541 | Actionable Reports or Measurements | Detective | |
| Include materials management metrics in the disclosure report. CC ID 15919 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of recovered materials that were reused in the disclosure report. CC ID 15563 | Actionable Reports or Measurements | Detective | |
| Include the total weight or volume of renewable materials used by the organization in the disclosure report. CC ID 15791 | Establish/Maintain Documentation | Preventive | |
| Include the weight of recovered materials through product take-back programs and recycling services in the disclosure report. CC ID 15562 | Establish/Maintain Documentation | Preventive | |
| Include the percentage of recovered materials that were recycled or remanufactured in the disclosure report. CC ID 15574 | Actionable Reports or Measurements | Detective | |
| Include the weight of recovered materials in the disclosure report. CC ID 16203 | Actionable Reports or Measurements | Detective | |
| Include the percentage of recovered materials that were landfilled in the disclosure report. CC ID 15578 | Actionable Reports or Measurements | Detective | |
| Include the total weight or volume of non-renewable materials used by the organization in the disclosure report. CC ID 15792 | Establish/Maintain Documentation | Preventive | |
| Include occupational health and safety management metrics in the disclosure report. CC ID 15918 | Establish/Maintain Documentation | Preventive | |
| Include the total number of employees and non-employees covered by the occupational health and safety management system in the disclosure report. CC ID 15891 | Establish/Maintain Documentation | Preventive | |
| Include the total number of work-related injuries in the disclosure report. CC ID 15899 | Establish/Maintain Documentation | Preventive | |
| Include the number of cases of work-related ill health in the disclosure report. CC ID 15914 | Establish/Maintain Documentation | Preventive | |
| Include the rate of work-related injuries in the disclosure report. CC ID 15944 | Actionable Reports or Measurements | Detective | |
| Include the percentage of employees and non-employees covered by the occupational health and safety management system in the disclosure report. CC ID 15943 | Actionable Reports or Measurements | Detective | |
| Include the percentage of manufacturing facilities audited in compliance with the Responsible Business Alliance Validated Audit Process protocol in the disclosure report. CC ID 16207 | Actionable Reports or Measurements | Detective | |
| Include the rate of fatalities as a result of work-related injuries in the disclosure report. CC ID 15954 | Actionable Reports or Measurements | Detective | |
| Include the number of fatalities as a result of work-related ill health in the disclosure report. CC ID 15942 | Actionable Reports or Measurements | Detective | |
| Include the total number of fatalities as a result of work-related injuries in the disclosure report. CC ID 15953 | Actionable Reports or Measurements | Detective | |
| Include outsourcing arrangements in the disclosure report. CC ID 15621 | Establish/Maintain Documentation | Preventive | |
| Include business operations outsourced to third parties in the disclosure report. CC ID 15616 | Establish/Maintain Documentation | Preventive | |
| Include how material topics are managed in the disclosure report. CC ID 15657 [{approved standard} The organization shall: report how it manages each material topic using Disclosure 3-3. Requirement 4 ¶ 1(c) {approved standard} When the organization's material topic is not covered by the disclosures in the GRI Topic Standards, the organization is required to report how it manages the material topic, using Disclosure 3-3 in GRI 3: Material Topics 2021. See Requirement4-c in this Standard for more information Requirement 5 Reporting on material topics not covered in the GRI Topic Standards ¶ 1] | Establish/Maintain Documentation | Preventive | |
| Include disclosures for each material topic in the disclosure report. CC ID 15658 [The organization shall: report disclosures from the GRI Topic Standards for each material topic; Requirement 5 ¶ 1(a)] | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages privacy in the disclosure report. CC ID 15785 | Establish/Maintain Documentation | Preventive | |
| Include the content removal policy in the disclosure report. CC ID 15650 | Establish/Maintain Documentation | Preventive | |
| Include the level of management approval required for content removal requests in the disclosure report. CC ID 15653 | Establish/Maintain Documentation | Preventive | |
| Include requirements for content removal requests in the disclosure report. CC ID 15652 | Establish/Maintain Documentation | Preventive | |
| Include the conditions for denying content removal requests in the disclosure report. CC ID 15651 | Establish/Maintain Documentation | Preventive | |
| Include the scope of content removal requests in the disclosure report. CC ID 15648 | Establish/Maintain Documentation | Preventive | |
| Include a description of data subjects in the disclosure report. CC ID 16791 | Establish/Maintain Documentation | Preventive | |
| Include the categories of personal data maintained by the organization in the disclosure report. CC ID 16790 | Establish/Maintain Documentation | Preventive | |
| Include a business need justification for personal data processing in the disclosure report. CC ID 16788 | Establish/Maintain Documentation | Preventive | |
| Include the personal data use purpose specification in the disclosure report. CC ID 16786 | Establish/Maintain Documentation | Preventive | |
| Include a description of the information systems that process personal data in the disclosure report. CC ID 16784 | Establish/Maintain Documentation | Preventive | |
| Include the policies and procedures related to freedom of expression in the disclosure report. CC ID 15604 | Establish/Maintain Documentation | Preventive | |
| Include dispute resolution quality measures in the disclosure report. CC ID 16312 | Establish/Maintain Documentation | Preventive | |
| Include all data requests that resulted in compliance with the disclosure request in the disclosure report. CC ID 15547 | Establish/Maintain Documentation | Preventive | |
| Include individuals whose information is provided to third parties for secondary purposes in the disclosure report. CC ID 15559 | Establish/Maintain Documentation | Preventive | |
| Include the disclosure of aggregated, de-identified, and anonymized data to the requesting party in the disclosure report. CC ID 15570 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages records in the disclosure report. CC ID 16787 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages anti-corruption in the disclosure report. CC ID 16055 | Establish/Maintain Documentation | Preventive | |
| Include a description of incidents of corruption in the disclosure report. CC ID 16067 | Establish/Maintain Documentation | Preventive | |
| Include significant risks related to corruption in the disclosure report. CC ID 16065 | Establish/Maintain Documentation | Preventive | |
| Include the interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16064 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages economic performance in the disclosure report. CC ID 16054 | Establish/Maintain Documentation | Preventive | |
| Include risks and opportunities posed by climate change in the disclosure report. CC ID 16060 | Establish/Maintain Documentation | Preventive | |
| Include a justification for reporting financial data on a cash basis in the disclosure report. CC ID 16059 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages biodiversity in the disclosure report. CC ID 15986 | Establish/Maintain Documentation | Preventive | |
| Include whether habitat restoration measures have been approved by independent external professionals in the disclosure report. CC ID 16075 | Establish/Maintain Documentation | Preventive | |
| Include the condition of habitat areas protected or restored by the organization in the disclosure report. CC ID 16040 | Establish/Maintain Documentation | Preventive | |
| Include whether third party relationships exist to protect or restore habitat areas in the disclosure report. CC ID 16039 | Establish/Maintain Documentation | Preventive | |
| Include the biodiversity value of operational sites in the disclosure report. CC ID 16034 | Establish/Maintain Documentation | Preventive | |
| Include the type of operations near areas of high biodiversity value in the disclosure report. CC ID 16025 | Establish/Maintain Documentation | Preventive | |
| Include the location of operational sites near areas of high biodiversity value in the disclosure report. CC ID 16020 | Establish/Maintain Documentation | Preventive | |
| Include the location of habitat areas protected or restored by the organization in the disclosure report. CC ID 16018 | Establish/Maintain Documentation | Preventive | |
| Include the species impacted by organizational activities, products, and services in the disclosure report. CC ID 16015 | Establish/Maintain Documentation | Preventive | |
| Include underground land owned by the organization near areas of high biodiversity value in the disclosure report. CC ID 16014 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages taxes in the disclosure report. CC ID 15985 | Establish/Maintain Documentation | Preventive | |
| Include the frequency of tax strategy reviews in the disclosure report. CC ID 16074 | Establish/Maintain Documentation | Preventive | |
| Include a justification for differences between corporate income tax accrued and tax due in the disclosure report. CC ID 16051 | Establish/Maintain Documentation | Preventive | |
| Include the tax jurisdictions in the disclosure report. CC ID 16047 | Establish/Maintain Documentation | Preventive | |
| Include the roles and responsibilities assigned to tax governance and control in the disclosure report. CC ID 16030 | Establish/Maintain Documentation | Preventive | |
| Include the tax strategy in the disclosure report. CC ID 16029 | Establish/Maintain Documentation | Preventive | |
| Include the tax governance and control framework in the disclosure report. CC ID 16028 | Establish/Maintain Documentation | Preventive | |
| Include the management of tax risks in the disclosure report. CC ID 16026 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages market presence in the disclosure report. CC ID 15983 | Establish/Maintain Documentation | Preventive | |
| Include the actions taken to determine whether workers are paid above minimum wage in the disclosure report. CC ID 16056 | Establish/Maintain Documentation | Preventive | |
| Include the local minimum wage in the disclosure report. CC ID 15992 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages anti-competitive behavior in the disclosure report. CC ID 15981 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages procurement practices in the disclosure report. CC ID 15980 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages indirect economic impacts in the disclosure report. CC ID 15979 | Establish/Maintain Documentation | Preventive | |
| Include service and infrastructure investments that benefit the public in the disclosure report. CC ID 15984 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages emissions in the disclosure report. CC ID 15970 | Establish/Maintain Documentation | Preventive | |
| Include the risks related to greenhouse gas emissions in the disclosure report. CC ID 16338 | Establish/Maintain Documentation | Preventive | |
| Include the emissions management plan in the disclosure report. CC ID 16177 | Establish/Maintain Documentation | Preventive | |
| Include the scope of the emissions management plan in the disclosure report. CC ID 16168 | Establish/Maintain Documentation | Preventive | |
| Include emission reduction targets in the disclosure report. CC ID 16148 | Establish/Maintain Documentation | Preventive | |
| Include the scope of emission reduction targets in the disclosure report. CC ID 16149 | Establish/Maintain Documentation | Preventive | |
| Include the scope of greenhouse gas emissions in the disclosure report. CC ID 16147 | Establish/Maintain Documentation | Preventive | |
| Include a description of carbon offsets in the disclosure report. CC ID 15988 | Establish/Maintain Documentation | Preventive | |
| Include the design and development of data centers in the disclosure report. CC ID 15620 | Establish/Maintain Documentation | Preventive | |
| Include a list of countries or geographical regions where the organization's products and services are monitored, blocked, or filtered in the disclosure report. CC ID 15601 | Establish/Maintain Documentation | Preventive | |
| Include a list of products affected by monitoring, blocking, or filtering in the disclosure report. CC ID 15641 | Establish/Maintain Documentation | Preventive | |
| Include the implications of blocking or censorship on an organization's products and services in the disclosure report. CC ID 15639 | Establish/Maintain Documentation | Preventive | |
| Identify products and services affected by monitoring or blocking in the disclosure report. CC ID 15638 | Establish/Maintain Documentation | Preventive | |
| Include the reasons modifications were made to existing products and services in the disclosure report. CC ID 15637 | Establish/Maintain Documentation | Preventive | |
| Include the differences between products and services being offered in different markets in the disclosure report. CC ID 15636 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages customer health and safety in the disclosure report. CC ID 15801 | Establish/Maintain Documentation | Preventive | |
| Include the nature of complaints received in the disclosure report. CC ID 15844 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages child labor in the disclosure report. CC ID 15851 | Establish/Maintain Documentation | Preventive | |
| Include operations with a risk for incidents of child labor in the disclosure report. CC ID 15864 | Establish/Maintain Documentation | Preventive | |
| Include third parties with a risk for incidents of child labor in the disclosure report. CC ID 15863 | Establish/Maintain Documentation | Preventive | |
| Include operations with a risk for exposing young workers to hazardous work in the disclosure report. CC ID 15862 | Establish/Maintain Documentation | Preventive | |
| Include third parties with a risk for exposing young workers to hazardous work in the disclosure report. CC ID 15861 | Establish/Maintain Documentation | Preventive | |
| Include the locations that are at risk for incidents of child labor in the disclosure report. CC ID 15860 | Establish/Maintain Documentation | Preventive | |
| Include the measures taken to abolish child labor in the disclosure report. CC ID 15859 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages diversity and equal opportunity in the disclosure report. CC ID 15853 | Establish/Maintain Documentation | Preventive | |
| Include the employee representation program in the disclosure report. CC ID 15628 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages marketing and labeling in the disclosure report. CC ID 15802 | Establish/Maintain Documentation | Preventive | |
| Include the information required by the product and service information and labeling procedures in the disclosure report. CC ID 15812 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages occupational health and safety in the disclosure report. CC ID 15888 | Establish/Maintain Documentation | Preventive | |
| Include the workers covered by the occupational health and safety management system in the disclosure report. CC ID 16151 | Establish/Maintain Documentation | Preventive | |
| Include a description of voluntary health promotion programs in the disclosure report. CC ID 16119 | Establish/Maintain Documentation | Preventive | |
| Include the main types of work-related ill health in the disclosure report. CC ID 15961 | Establish/Maintain Documentation | Preventive | |
| Include a description of formal joint management-worker health and safety committees in the disclosure report. CC ID 15913 | Establish/Maintain Documentation | Preventive | |
| Include the reasons workers are not represented by formal joint management-worker health and safety committees in the disclosure report. CC ID 15912 | Establish/Maintain Documentation | Preventive | |
| Include work-related hazards in the disclosure report. CC ID 15911 | Establish/Maintain Documentation | Preventive | |
| Include a description of the occupational health and safety risk assessment process in the disclosure report. CC ID 15909 | Establish/Maintain Documentation | Preventive | |
| Include a description of occupational health and safety training in the disclosure report. CC ID 15908 | Establish/Maintain Documentation | Preventive | |
| Include how occupational health and safety information is disseminated and communicated in the disclosure report. CC ID 15907 | Establish/Maintain Documentation | Preventive | |
| Include the occupational health and safety risk reporting process in the disclosure report. CC ID 15904 | Establish/Maintain Documentation | Preventive | |
| Include the occupational health and safety policy in the disclosure report. CC ID 15905 | Establish/Maintain Documentation | Preventive | |
| Include the processes used to investigate work-related incidents in the disclosure report. CC ID 15903 | Establish/Maintain Documentation | Preventive | |
| Include a description of the occupational health and safety management system in the disclosure report. CC ID 15901 | Establish/Maintain Documentation | Preventive | |
| Include the main types of work-related injury in the disclosure report. CC ID 15959 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages forced or compulsory labor in the disclosure report. CC ID 15850 | Establish/Maintain Documentation | Preventive | |
| Include operations with a risk for forced or compulsory labor in the disclosure report. CC ID 15858 | Establish/Maintain Documentation | Preventive | |
| Include third parties with a risk for forced or compulsory labor in the disclosure report. CC ID 15857 | Establish/Maintain Documentation | Preventive | |
| Include the locations with a risk for forced or compulsory labor in the disclosure report. CC ID 15856 | Establish/Maintain Documentation | Preventive | |
| Include the measures taken to eliminate forced or compulsory labor in the disclosure report. CC ID 15855 | Establish/Maintain Documentation | Preventive | |
| Include the measures taken to protect whistleblowers against retaliation in the disclosure report. CC ID 15902 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages employment in the disclosure report. CC ID 15890 | Establish/Maintain Documentation | Preventive | |
| Include the risks of recruiting foreign nationals and offshore employees in the disclosure report. CC ID 15624 | Establish/Maintain Documentation | Preventive | |
| Include the process for reporting near misses in the disclosure report. CC ID 16211 | Establish/Maintain Documentation | Preventive | |
| Include the extent to which benefit plan liabilities are covered in the disclosure report. CC ID 16109 | Establish/Maintain Documentation | Preventive | |
| Include the level of participation in benefit plans in the disclosure report. CC ID 16057 | Establish/Maintain Documentation | Preventive | |
| Include the Code of Conduct in the disclosure report. CC ID 16205 | Establish/Maintain Documentation | Preventive | |
| Include the standard benefits for full-time employees in the disclosure report. CC ID 15897 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages labor-management relations in the disclosure report. CC ID 15889 | Establish/Maintain Documentation | Preventive | |
| Include the scope of work stoppages in the disclosure report. CC ID 16215 | Establish/Maintain Documentation | Preventive | |
| Include the reason for each work stoppage in the disclosure report. CC ID 16213 | Establish/Maintain Documentation | Preventive | |
| Include the impact of work stoppages in the disclosure report. CC ID 16212 | Establish/Maintain Documentation | Preventive | |
| Include a description of collective bargaining agreements in the disclosure report. CC ID 15894 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages supplier environmental assessment in the disclosure report. CC ID 15876 | Establish/Maintain Documentation | Preventive | |
| Include the reasons why relationships were terminated with suppliers having significant negative environmental impacts in the disclosure report. CC ID 15882 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages training and education in the disclosure report. CC ID 15875 | Establish/Maintain Documentation | Preventive | |
| Include a description of professional development programs in the disclosure report. CC ID 15880 | Establish/Maintain Documentation | Preventive | |
| Include a description of professional development assistance in the disclosure report. CC ID 15879 | Establish/Maintain Documentation | Preventive | |
| Include a description of transition assistance programs in the disclosure report. CC ID 15878 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages freedom of association and collective bargaining in the disclosure report. CC ID 15852 | Establish/Maintain Documentation | Preventive | |
| Include the types of operations in which workers' rights to exercise freedom of association and collective bargaining may be violated in the disclosure report. CC ID 15868 | Establish/Maintain Documentation | Preventive | |
| Include the types of third parties for which workers' rights to exercise freedom of association and collective bargaining may be violated in the disclosure report. CC ID 15867 | Establish/Maintain Documentation | Preventive | |
| Include the locations at risk of violating workers' rights to exercise freedom of association and collective bargaining in the disclosure report. CC ID 15866 | Establish/Maintain Documentation | Preventive | |
| Include the measures taken to support workers' rights to exercise freedom of association and collective bargaining in the disclosure report. CC ID 15865 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages waste in the disclosure report. CC ID 15765 | Establish/Maintain Documentation | Preventive | |
| Include the material of spills in the disclosure report. CC ID 15968 | Establish/Maintain Documentation | Preventive | |
| Include the location of spills in the disclosure report. CC ID 15964 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages the rights of indigenous peoples in the disclosure report. CC ID 15849 | Establish/Maintain Documentation | Preventive | |
| Include products that contain declarable substances in the disclosure report. CC ID 16161 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages supplier social assessment in the disclosure report. CC ID 15799 | Establish/Maintain Documentation | Preventive | |
| Include the reason why relationships were terminated with suppliers having significant negative social impacts in the disclosure report. CC ID 15804 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages energy in the disclosure report. CC ID 15783 | Establish/Maintain Documentation | Preventive | |
| Include the types of energy affected by energy reduction in the disclosure report. CC ID 15731 | Establish/Maintain Documentation | Preventive | |
| Include the scope of renewable energy in the disclosure report. CC ID 15509 | Establish/Maintain Documentation | Preventive | |
| Include the scope of energy consumption in the disclosure report. CC ID 15508 | Establish/Maintain Documentation | Preventive | |
| Include the types of energy used in the disclosure report. CC ID 15748 | Establish/Maintain Documentation | Preventive | |
| Refrain from double-counting fuel consumption, as necessary. CC ID 15736 | Process or Activity | Preventive | |
| Include energy efficiency considerations in product design and development in the disclosure report. CC ID 16155 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages public policy in the disclosure report. CC ID 15800 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages materials in the disclosure report. CC ID 15782 | Establish/Maintain Documentation | Preventive | |
| Include the scope of recovered material in the disclosure report. CC ID 16204 | Establish/Maintain Documentation | Preventive | |
| Include materials that present a risk to operations in the disclosure report. CC ID 16173 | Establish/Maintain Documentation | Preventive | |
| Include the risks represented by materials in the disclosure report. CC ID 16171 | Establish/Maintain Documentation | Preventive | |
| Include the risk management approach to the use of materials in the disclosure report. CC ID 16169 | Establish/Maintain Documentation | Preventive | |
| Include management of the availability of materials in the disclosure report. CC ID 16167 | Establish/Maintain Documentation | Preventive | |
| Include management of the price of materials in the disclosure report. CC ID 16165 | Establish/Maintain Documentation | Preventive | |
| Include the business activities that use declarable substances in the disclosure report. CC ID 16158 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages declarable substances in the disclosure report. CC ID 16156 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages non-discrimination in the disclosure report. CC ID 15764 | Establish/Maintain Documentation | Preventive | |
| Include the status of incidents of discrimination in the disclosure report. CC ID 15790 | Establish/Maintain Documentation | Preventive | |
| Include corrective actions taken for incidents of discrimination in the disclosure report. CC ID 15789 | Establish/Maintain Documentation | Preventive | |
| Include a description of incidents of discrimination in the disclosure report. CC ID 15787 | Establish/Maintain Documentation | Preventive | |
| Include incidents of discrimination no longer subject to action in the disclosure report. CC ID 15786 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages local communities in the disclosure report. CC ID 15798 | Establish/Maintain Documentation | Preventive | |
| Include a description of local community consultation committees in the disclosure report. CC ID 15821 | Establish/Maintain Documentation | Preventive | |
| Include the results of impact assessments in the disclosure report. CC ID 15820 | Establish/Maintain Documentation | Preventive | |
| Include a description of community development programs in the disclosure report. CC ID 15818 | Establish/Maintain Documentation | Preventive | |
| Include a description of the impact assessments in the disclosure report. CC ID 15817 | Establish/Maintain Documentation | Preventive | |
| Include a description of worker representation bodies in the disclosure report. CC ID 15816 | Establish/Maintain Documentation | Preventive | |
| Include a description of local community grievance processes in the disclosure report. CC ID 15815 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization manages security practices in the disclosure report. CC ID 15784 | Establish/Maintain Documentation | Preventive | |
| Include trends in the frequency of incidents in the disclosure report. CC ID 15511 | Establish/Maintain Documentation | Preventive | |
| Include trends in the origination of incidents in the disclosure report. CC ID 15512 | Establish/Maintain Documentation | Preventive | |
| Include trends in incident type in the disclosure report. CC ID 15510 | Establish/Maintain Documentation | Preventive | |
| Include a description of how the organization interacts with water in the disclosure report. CC ID 15752 | Establish/Maintain Documentation | Preventive | |
| Include a description of water consumption in the disclosure report. CC ID 15754 | Establish/Maintain Documentation | Preventive | |
| Include changes in water storage in the disclosure report. CC ID 15762 | Establish/Maintain Documentation | Preventive | |
| Include a description of water discharge in the disclosure report. CC ID 15755 | Establish/Maintain Documentation | Preventive | |
| Include a description of water withdrawal in the disclosure report. CC ID 15753 | Establish/Maintain Documentation | Preventive | |
| Include the priority substances of concern for which water discharge is treated in the disclosure report. CC ID 15761 | Establish/Maintain Documentation | Preventive | |
| Include the effluent discharge standards in the disclosure report. CC ID 15757 | Establish/Maintain Documentation | Preventive | |
| Include water quality standards in the disclosure report. CC ID 15756 | Establish/Maintain Documentation | Preventive | |
| Include business continuity risks in the disclosure report. CC ID 15608 | Establish/Maintain Documentation | Preventive | |
| Include incidents in which encrypted data were acquired with a valid encryption key in the disclosure report. CC ID 15546 | Establish/Maintain Documentation | Preventive | |
| Include recycling in the disclosure report. CC ID 15579 | Establish/Maintain Documentation | Preventive | |
| Include the scope of recycled material in the disclosure report. CC ID 16153 | Establish/Maintain Documentation | Preventive | |
| Include donated materials or refurbished materials in the disclosure report. CC ID 15561 | Establish/Maintain Documentation | Preventive | |
| Include materials being physically handled by third parties for reuse, recycling, or refurbishment in the disclosure report. CC ID 15577 | Establish/Maintain Documentation | Preventive | |
| Include materials being physically handled by the organization for reuse, recycling, or refurbishment in the disclosure report. CC ID 15575 | Establish/Maintain Documentation | Preventive | |
| Include the reuse of materials recovered in the disclosure report. CC ID 15566 | Establish/Maintain Documentation | Preventive | |
| Include products, materials, and parts at the end of their useful life in the disclosure report. CC ID 15553 | Establish/Maintain Documentation | Preventive | |
| Exclude products and parts waiting for repair and under warranty in the disclosure report. CC ID 15551 | Establish/Maintain Documentation | Preventive | |
| Include all monetary liabilities to third parties in the disclosure report. CC ID 15572 | Establish/Maintain Documentation | Preventive | |
| Include both first-party advertising and third-party advertising in the disclosure report. CC ID 15554 | Establish/Maintain Documentation | Preventive | |
| Include the corrective action plan in the disclosure report. CC ID 15900 | Establish/Maintain Documentation | Preventive | |
| Include the costs of corrective actions in the disclosure report. CC ID 16098 | Establish/Maintain Documentation | Preventive | |
| Include exclusions from the scope of disclosure for each material topic in the disclosure report. CC ID 15893 | Establish/Maintain Documentation | Preventive | |
| Include a justification for each exclusion from the scope of disclosure for each material topic in the disclosure report. CC ID 15892 | Establish/Maintain Documentation | Preventive | |
| Include incidents with indications that encrypted data could be readily converted to plain text in the disclosure report. CC ID 15544 | Establish/Maintain Documentation | Preventive | |
| Limit disclosures to data breaches that resulted in a deviation from expected outcomes for confidentiality or integrity in the disclosure report. CC ID 15545 | Establish/Maintain Documentation | Preventive | |
| Limit the disclosure of breaches to those in which the individuals were notified in the disclosure report. CC ID 15550 | Establish/Maintain Documentation | Preventive | |
| Restrict disclosures to wireless communications services in the disclosure report. CC ID 15555 | Establish/Maintain Documentation | Preventive | |
| Restrict disclosures to wireline communications services in the disclosure report. CC ID 15556 | Establish/Maintain Documentation | Preventive | |
| Restrict disclosure to Internet Service Provider services in the disclosure report. CC ID 15569 | Establish/Maintain Documentation | Preventive | |
| Exclude legal fees and expenses used for defense in the disclosure report. CC ID 15571 | Establish/Maintain Documentation | Preventive | |
| Include the external requirements to which third parties are compliant in the disclosure report. CC ID 15573 | Establish/Maintain Documentation | Preventive | |
| Include the impact of monitoring, blocking, or filtering products and services in the disclosure report. CC ID 15602 | Establish/Maintain Documentation | Preventive | |
| Include the reclassification of Internet Service Providers in the disclosure report. CC ID 15576 | Establish/Maintain Documentation | Preventive | |
| Include non-monetary sanctions in the disclosure report. CC ID 15872 | Establish/Maintain Documentation | Preventive | |
| Include business activities that negatively impact the target environment in the disclosure report. CC ID 15683 | Establish/Maintain Documentation | Preventive | |
| Include the organization's name in the disclosure report. CC ID 15668 [{start date}{compliance disclosure statement} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Provide a statement of use Guidance ¶ 2] | Establish/Maintain Documentation | Preventive | |
| Include the time period in which privacy breaches occurred in the disclosure report. CC ID 15730 | Establish/Maintain Documentation | Preventive | |
| Include the metrics used to track how material topics and related impacts are managed in the disclosure report. CC ID 15686 | Establish/Maintain Documentation | Preventive | |
| Include the process used to track the effectiveness of corrective actions taken to manage material topics and related impacts in the disclosure report. CC ID 15687 | Establish/Maintain Documentation | Preventive | |
| Include a list of material topics in the disclosure report. CC ID 15656 [{approved standard} The organization shall: report a list of its material topics using Disclosure 3-2; Requirement 4 ¶ 1(b)] | Establish/Maintain Documentation | Preventive | |
| Include changes to the list of material topics in the disclosure report. CC ID 15681 | Establish/Maintain Documentation | Preventive | |
| Include the processes used to monitor material topics and related impacts in the disclosure report. CC ID 15819 | Establish/Maintain Documentation | Preventive | |
| Include policies and commitments regarding each material topic in the disclosure report. CC ID 15684 | Establish/Maintain Documentation | Preventive | |
| Include a commitment to preserve human rights in the disclosure report. CC ID 15854 | Establish/Maintain Documentation | Preventive | |
| Include the reasons that policies and commitments are not publicly available in the disclosure report. CC ID 15873 | Establish/Maintain Documentation | Preventive | |
| Include how the impacts related to material topics are managed in the disclosure report. CC ID 15685 | Establish/Maintain Documentation | Preventive | |
| Include the individuals who helped determine the material topics in the disclosure report. CC ID 15680 | Establish/Maintain Documentation | Preventive | |
| Include the impacts related to each material topic in the disclosure report. CC ID 15682 | Establish/Maintain Documentation | Preventive | |
| Include the reversibility or irreversibility of impacts in the disclosure report. CC ID 16037 | Establish/Maintain Documentation | Preventive | |
| Include the impact duration in the disclosure report. CC ID 16036 | Establish/Maintain Documentation | Preventive | |
| Include the extent of impacts in the disclosure report. CC ID 16016 | Establish/Maintain Documentation | Preventive | |
| Include the process for determining material topics in the disclosure report. CC ID 15655 [{approved standard}The organization shall: report its process of determining material topics using Disclosure 3-1; Requirement 4 ¶ 1(a)] | Establish/Maintain Documentation | Preventive | |
| Refrain from including the same data in other required disclosures, as necessary. CC ID 15732 | Establish/Maintain Documentation | Preventive | |
| Include the process for setting goals and targets in the disclosure report. CC ID 15763 | Establish/Maintain Documentation | Preventive | |
| Include risks to the achievement of goals and targets in the disclosure report. CC ID 16166 | Establish/Maintain Documentation | Preventive | |
| Include the timelines for achieving goals and targets in the disclosure report. CC ID 16164 | Establish/Maintain Documentation | Preventive | |
| Include the mechanisms for achieving goals and targets in the disclosure report. CC ID 16144 | Establish/Maintain Documentation | Preventive | |
| Include the progress towards goals and targets in the disclosure report. CC ID 15688 | Establish/Maintain Documentation | Preventive | |
| Include a justification for disclosures that do not reconcile with data reported in other required disclosures in the disclosure report. CC ID 16053 | Establish/Maintain Documentation | Preventive | |
| Include historical information and future-oriented information in the disclosure report. CC ID 16336 | Establish/Maintain Documentation | Preventive | |
| Include preventive actions in the disclosure report. CC ID 15796 | Establish/Maintain Documentation | Preventive | |
| Include the methodology for reporting future-oriented information in the disclosure report. CC ID 16335 | Establish/Maintain Documentation | Preventive | |
| Include the reporting period in the disclosure report. CC ID 15661 [{compliance disclosure statement}{start date} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Requirement 8 Guidance ¶ 2 To apply the Timeliness principle, the organization should: indicate the time period covered by the reported information. Timeliness Guidance ¶ 2 Bullet 3 To apply the Completeness principle, the organization should: present activities, events, and impacts for the reporting period in which they occur. This includes reporting information about activities that have a minimal impact in the short-term, but a reasonably foreseeable cumulative impact that can become unavoidable or irreversible in the long-term (e.g., activities that generate bio-accumulative or persistent pollutants); Completeness Guidance ¶ 1 Bullet 1 {start date}{compliance disclosure statement} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Provide a statement of use Guidance ¶ 2] | Establish/Maintain Documentation | Preventive | |
| Include restatements of information from previous reporting periods and an explanation for their use in the disclosure report. CC ID 15827 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the disclosure report. CC ID 15846 | Establish/Maintain Documentation | Preventive | |
| Include the organization's location in the disclosure report. CC ID 16311 | Establish/Maintain Documentation | Preventive | |
| Include how conflicts of interest in roles are handled in the disclosure report. CC ID 15848 | Establish/Maintain Documentation | Preventive | |
| Include the reporting structure in the disclosure report. CC ID 15845 | Establish/Maintain Documentation | Preventive | |
| Include a description of whistleblowing mechanisms in the disclosure report. CC ID 16027 | Establish/Maintain Documentation | Preventive | |
| Include the differences between the list of entities in financial reporting and in sustainability reporting in the disclosure report. CC ID 15874 | Establish/Maintain Documentation | Preventive | |
| Include the governance structure in the disclosure report. CC ID 15840 | Establish/Maintain Documentation | Preventive | |
| Include stakeholder representation in the disclosure report. CC ID 15847 | Establish/Maintain Documentation | Preventive | |
| Include a description of the composition of governance bodies and committees in the disclosure report. CC ID 15843 | Establish/Maintain Documentation | Preventive | |
| Include a description of significant fluctuations in the total number of contractors and outsource partners in the disclosure report. CC ID 15839 | Establish/Maintain Documentation | Preventive | |
| Include a description of contractual relationships in the disclosure report. CC ID 15838 | Establish/Maintain Documentation | Preventive | |
| Include a description of significant fluctuations in the total number of employees in the disclosure report. CC ID 15836 | Establish/Maintain Documentation | Preventive | |
| Include research findings based on previous and current research methodologies in the disclosure report. CC ID 15630 [{negative trend}{positive trend}To apply the Balance principle, the organization should: present information in a way that allows information users to see negative and positive year-on-year trends in impacts; Balance Guidance ¶ 1 Bullet 1 To apply the Comparability principle, the organization should: present the current disclosures alongside restatements of historical data to enable comparisons if there have been changes from the information reported previously. This can include changes in the length of the reporting period, in the measurement methodologies, in the definitions used, or in other elements of reporting. The organization is required to report restatements of information under Disclosure 2-4 in GRI 2: General Disclosures 2021; Comparability Guidance ¶ 2 Bullet 7] | Establish/Maintain Documentation | Preventive | |
| Include the methodology used to report numbers in the disclosure report. CC ID 15841 | Establish/Maintain Documentation | Preventive | |
| Include definitions of terms in the disclosure report. CC ID 15832 | Establish/Maintain Documentation | Preventive | |
| Include a description of third party relationships in the disclosure report. CC ID 15830 | Establish/Maintain Documentation | Preventive | |
| Include the type of work performed by contractors and outsource partners in the disclosure report. CC ID 15842 | Establish/Maintain Documentation | Preventive | |
| Include any changes made to information in restatements in the disclosure report. CC ID 15829 | Establish/Maintain Documentation | Preventive | |
| Include the criteria for determining when to use restatements in the disclosure report. CC ID 15828 | Establish/Maintain Documentation | Preventive | |
| Include points of contact in the disclosure report. CC ID 15826 | Establish/Maintain Documentation | Preventive | |
| Include the reason that reporting periods for different reports do not align in the disclosure report. CC ID 15825 | Establish/Maintain Documentation | Preventive | |
| Include a description of how information is consolidated in the disclosure report. CC ID 15824 | Establish/Maintain Documentation | Preventive | |
| Include the legal form of organization in the disclosure report. CC ID 15823 | Establish/Maintain Documentation | Preventive | |
| Include the ownership structure in the disclosure report. CC ID 15822 | Establish/Maintain Documentation | Preventive | |
| Include the shareholding structure in the disclosure report. CC ID 16093 | Establish/Maintain Documentation | Preventive | |
| Include the processes used to collect and monitor in scope information in the disclosure report. CC ID 15779 | Establish/Maintain Documentation | Preventive | |
| Refrain from including out of scope information in the disclosure report. CC ID 15793 | Establish/Maintain Documentation | Preventive | |
| Include the processes used to assess third party compliance in the disclosure report. CC ID 15773 | Establish/Maintain Documentation | Preventive | |
| Include the calculation methodology in the disclosure report. CC ID 15733 [To apply the Accuracy principle, the organization should: indicate which data has been estimated, and explain the underlying assumptions and techniques used for the estimation as well as any limitations of the estimates. Accuracy Guidance ¶ 2 Bullet 5 To apply the Accuracy principle, the organization should: indicate which data has been measured; Accuracy Guidance ¶ 2 Bullet 2] | Establish/Maintain Documentation | Preventive | |
| Include the rationale for choosing the calculation methodology in the disclosure report. CC ID 15734 | Establish/Maintain Documentation | Preventive | |
| Include the effects of changes to calculation methodologies in the disclosure report. CC ID 16344 | Establish/Maintain Documentation | Preventive | |
| Include the source of conversion factors in the disclosure report. CC ID 15747 | Establish/Maintain Documentation | Preventive | |
| Include known limitations in the disclosure report. CC ID 15669 [To apply the Verifiability principle, the organization should: provide clear explanations of any uncertainties associated with the reported information. Verifiability Guidance ¶ 2 Bullet 7] | Establish/Maintain Documentation | Preventive | |
| Include the lessons learned in the disclosure report. CC ID 15689 | Establish/Maintain Documentation | Preventive | |
| Include how lessons learned are incorporated into policies and procedures in the disclosure report. CC ID 15690 | Establish/Maintain Documentation | Preventive | |
| Include whether training requirements apply to third parties in the disclosure report. CC ID 15727 | Establish/Maintain Documentation | Preventive | |
| Include a link to the content index in the disclosure report. CC ID 15666 [if it publishes a standalone sustainability report and the GRI content index is not included in the report itself, provide a link or reference to the GRI content index in the report. Requirement 7 ¶ 1(b) if it publishes a standalone sustainability report and the GRI content index is not included in the report itself, provide a link or reference to the GRI content index in the report. Publish a GRI content index ¶ 1(b)] | Establish/Maintain Documentation | Preventive | |
| Include stakeholder engagement activities in the disclosure report. CC ID 15691 | Establish/Maintain Documentation | Preventive | |
| Include supplemental disclosures in the disclosure report. CC ID 15629 [{be different}{material topic} In addition to reporting Disclosure 3-3, the organization should report other disclosures for that topic. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Reporting on material topics not covered in the GRI Topic Standards ¶ 2] | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the disclosure report to interested personnel and affected parties. CC ID 15667 [{appropriate authority}{compliance disclosure statement}The organization should include the following information in the email: The statement of use. Requirement 9 Guidance ¶ 1 Bullet 4 {compliance disclosure statement}{appropriate authority} The organization should include the following information in the email: The statement of use. Notify GRI Guidance ¶ 1 Bullet 4 {appropriate authority} The organization should include the following information in the email: The link to the report, if publishing a standalone sustainability report. Notify GRI Guidance ¶ 1 Bullet 3] | Communicate | Preventive | |
Harmonization Methods and Manual of Style | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Harmonization Methods and Manual of Style CC ID 06095 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain organizational documents. CC ID 16202 | Establish/Maintain Documentation | Preventive | |
| Organize all compliance documents. CC ID 06096 | Establish/Maintain Documentation | Preventive | |
| Organize all compliance documents to fit the message. CC ID 06097 | Establish/Maintain Documentation | Preventive | |
| Define the structure for compliance documents and governance documents. CC ID 06111 [{international or national standard} publish a GRI content index that includes: the title of GRI 1 used; Requirement 7 ¶ 1(a)(iii)] | Establish/Maintain Documentation | Preventive | |
| Subordinate the structure of the compliance document to fit the topic. CC ID 06109 | Establish/Maintain Documentation | Preventive | |
| Define visual and formatting styles for all structured headings. CC ID 06110 | Establish/Maintain Documentation | Preventive | |
| Define the section heading style, if section headings are being used. CC ID 06112 | Establish/Maintain Documentation | Preventive | |
| Use a table of contents to show sections and headings, if section headings are being used. CC ID 06113 | Establish/Maintain Documentation | Preventive | |
| Place the table of contents at the document's beginning. CC ID 06114 | Establish/Maintain Documentation | Preventive | |
| Add term definitions to the document's end. CC ID 06115 | Establish/Maintain Documentation | Preventive | |
Human Resources management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Human Resources management CC ID 00763 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain high level operational roles and responsibilities. CC ID 00806 | Establish Roles | Preventive | |
| Define and assign the Board of Directors roles and responsibilities and senior management roles and responsibilities, including signing off on key policies and procedures. CC ID 00807 [The organization is required to report whether the highest governance body is responsible for reviewing and approving the reported information, including the organization's material topics, under Disclosure 2-14 in GRI 2: General Disclosures 2021. Requirement 8 Guidance ¶ 4] | Establish Roles | Preventive | |
| Establish and maintain board committees, as necessary. CC ID 14789 | Human Resources Management | Preventive | |
| Define and assign the roles and responsibilities of the chairman of the board. CC ID 14786 | Establish/Maintain Documentation | Preventive | |
| Assign oversight of C-level executives to the Board of Directors. CC ID 14784 | Human Resources Management | Preventive | |
| Establish, implement, and maintain candidate selection procedures to the board of directors. CC ID 14782 | Establish/Maintain Documentation | Preventive | |
| Include the criteria of mixed experiences and skills in the candidate selection procedures. CC ID 14791 | Establish/Maintain Documentation | Preventive | |
| Assign oversight of the financial management program to the board of directors. CC ID 14781 | Human Resources Management | Preventive | |
| Assign senior management to the role of supporting Quality Management. CC ID 13692 | Human Resources Management | Preventive | |
| Assign senior management to the role of authorizing official. CC ID 14238 | Establish Roles | Preventive | |
| Assign members who are independent from management to the Board of Directors. CC ID 12395 | Human Resources Management | Preventive | |
| Assign ownership of risks to the Board of Directors or senior management. CC ID 13662 | Human Resources Management | Preventive | |
| Assign the organization's board and senior management to oversee the continuity planning process. CC ID 12991 | Human Resources Management | Preventive | |
| Rotate members of the board of directors, as necessary. CC ID 14803 | Human Resources Management | Corrective | |
Leadership and high level objectives | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Leadership and high level objectives CC ID 00597 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a reporting methodology program. CC ID 02072 [{not require} To apply the Clarity principle, the organization should: present information in a way that users can find the information they want without unreasonable effort, for example, through a table of contents, maps, or links; Clarity Guidance ¶ 1 Bullet 2 To apply the Clarity principle, the organization should: present information in a way that it can be understood by users who have reasonable knowledge of the organization and its activities; Clarity Guidance ¶ 1 Bullet 3 {not be familiar} To apply the Clarity principle, the organization should: avoid abbreviations, technical terms, or other jargon likely to be unfamiliar to users or, if these are used, include relevant explanations in the appropriate sections or in a glossary; Clarity Guidance ¶ 1 Bullet 4 {not be familiar} To apply the Clarity principle, the organization should: avoid abbreviations, technical terms, or other jargon likely to be unfamiliar to users or, if these are used, include relevant explanations in the appropriate sections or in a glossary; Clarity Guidance ¶ 1 Bullet 4 To apply the Clarity principle, the organization should: consider specific accessibility needs of information users, associated with abilities, language, and technology; Clarity Guidance ¶ 1 Bullet 1 {make accessible}{be understandable} To apply the Clarity principle, the organization should: use graphics and consolidated data tables to make information accessible and understandable. Clarity Guidance ¶ 1 Bullet 6 {be concise}{refrain from omitting} To apply the Clarity principle, the organization should: report information in a concise way and aggregate information where useful without omitting necessary details; Clarity Guidance ¶ 1 Bullet 5 {be concise}{refrain from omitting} To apply the Clarity principle, the organization should: report information in a concise way and aggregate information where useful without omitting necessary details; Clarity Guidance ¶ 1 Bullet 5 {socially responsible behavior}{professional behavior}{international or national standard} To apply the Sustainability context principle, the organization should: report information about its impacts in relation to societal expectations and expectations of responsible business conduct set out in authoritative intergovernmental instruments with which the organization is expected to comply (e.g., Organisation for Economic Co-operation and Development [OECD] Guidelines for Multinational Enterprises[3], UN Guiding Principles on Business and Human Rights [5]) and in other recognized sector-specific, local, regional, or global instruments; Sustainability context Guidance ¶ 2 Bullet 3 {current time period}{prior time period} To apply the Comparability principle, the organization should: present information for the current reporting period and at least two previous periods, as well as any goals and targets that have been set Comparability Guidance ¶ 2 Bullet 1 To apply the Comparability principle, the organization should: maintain consistency in the methods used to measure and calculate data and in explaining the methods and assumptions used; Comparability Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: maintain consistency in the methods used to measure and calculate data and in explaining the methods and assumptions used; Comparability Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: maintain consistency in the manner of presenting the information; Comparability Guidance ¶ 2 Bullet 4 To apply the Comparability principle, the organization should: report total numbers or absolute data (e.g., metric tons of CO2 equivalent) as well as ratios or normalized data (e.g., CO2 emissions per unit produced) to enable comparisons, and provide explanatory notes when using ratios; Comparability Guidance ¶ 2 Bullet 5 To apply the Comparability principle, the organization should: provide contextual information (e.g., the organization's size, geographic location) to help information users understand the factors that contribute to differences between the organization's impacts and the impacts of other organizations; Comparability Guidance ¶ 2 Bullet 6 To apply the Completeness principle, the organization should: not omit information that is necessary for understanding the organization's impacts. Completeness Guidance ¶ 1 Bullet 2 If the organization consists of multiple entities (i.e., a parent entity and its subordinate entities), the organization is required to explain the approach used for consolidating the information under 2-2-c in GRI 2: General Disclosures 2021. Completeness Guidance ¶ 2 {make available} The organization shall report information on a regular schedule and make it available in time for information users to make decisions. Timeliness ¶ 1(a) {make available} To apply the Timeliness principle, the organization should: find a balance between the need to make information available in a timely manner and ensuring that the information is of high quality and meets the requirements under the other reporting principles; Timeliness Guidance ¶ 2 Bullet 1 To apply the Timeliness principle, the organization should: ensure consistency in the length of reporting periods; Timeliness Guidance ¶ 2 Bullet 2 {other individuals} To apply the Verifiability principle, the organization should: set up internal controls and organize documentation in such a way that individuals other than those preparing the reported information (e.g., internal auditors, external assurance providers) can review them; Verifiability Guidance ¶ 2 Bullet 1 {refrain from including} To apply the Verifiability principle, the organization should: avoid including information that is not substantiated by evidence unless it is relevant for understanding the organization's impacts; Verifiability Guidance ¶ 2 Bullet 6 To apply the Verifiability principle, the organization should: be able to identify the original sources of the reported information and provide reliable evidence to support assumptions or calculations; Verifiability Guidance ¶ 2 Bullet 4] | Business Processes | Preventive | |
| Establish, implement, and maintain communication protocols. CC ID 12245 | Establish/Maintain Documentation | Preventive | |
| Use secure communication protocols for telecommunications. CC ID 16458 | Business Processes | Preventive | |
| Align the information being disseminated and communicated with the communication requirements according to the organization's communication protocol. CC ID 12419 | Establish/Maintain Documentation | Preventive | |
| Assess the effectiveness of the communication methods used in the communication protocol. CC ID 12691 | Process or Activity | Detective | |
| Include external requirements in the organization's communication protocol. CC ID 12418 | Establish/Maintain Documentation | Preventive | |
| Include disseminating and communicating events surrounding instances of desirable conduct and undesirable conduct in the communication protocols. CC ID 12824 | Communicate | Preventive | |
| Include input from interested personnel and affected parties as a part of the organization’s communication protocol. CC ID 12417 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a corrective action plan to address barriers to stakeholder engagement. CC ID 15677 | Process or Activity | Preventive | |
| Identify barriers to stakeholder engagement. CC ID 15676 | Process or Activity | Preventive | |
| Identify alternative measures for collecting stakeholder input, as necessary. CC ID 15672 | Communicate | Preventive | |
| Include disseminating and communicating conditions surrounding instances of desirable conduct and undesirable conduct in the communication protocols. CC ID 12804 | Communicate | Preventive | |
| Include methods to obtain information from interested personnel and affected parties about performance variances in the communication protocol. CC ID 12856 | Process or Activity | Preventive | |
| Include disseminating and communicating desirable conduct in the communication protocols. CC ID 12803 | Communicate | Preventive | |
| Include disseminating and communicating undesirable conduct in communication protocols. CC ID 12802 | Communicate | Preventive | |
| Route notifications, as necessary. CC ID 12832 | Process or Activity | Preventive | |
| Substantiate notifications, as necessary. CC ID 12831 | Process or Activity | Preventive | |
| Analyze the flow of information to ensure it is being received by the correct processes. CC ID 12860 | Business Processes | Preventive | |
| Prioritize notifications, as necessary. CC ID 12830 | Process or Activity | Preventive | |
| Report to management and stakeholders on the findings and information gathered from all types of inquiries. CC ID 12797 | Actionable Reports or Measurements | Preventive | |
| Disseminate and communicate internal controls with supply chain members. CC ID 12416 | Communicate | Preventive | |
| Establish and maintain the organization's survey method. CC ID 12869 | Process or Activity | Preventive | |
| Document the findings from surveys. CC ID 16309 | Establish/Maintain Documentation | Preventive | |
| Provide a consolidated view of information in the organization's survey method. CC ID 12894 | Process or Activity | Preventive | |
| Establish, implement, and maintain warning procedures that follow the organization's communication protocol. CC ID 12407 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain alert procedures that follow the organization's communication protocol. CC ID 12406 | Establish/Maintain Documentation | Preventive | |
| Include the capturing and alerting of compliance violations in the notification system. CC ID 12962 | Monitor and Evaluate Occurrences | Preventive | |
| Include the capturing and alerting of unethical conduct in the notification system. CC ID 12932 | Monitor and Evaluate Occurrences | Preventive | |
| Include the capturing and alerting of performance variances in the notification system. CC ID 12929 | Monitor and Evaluate Occurrences | Preventive | |
| Include the capturing and alerting of weaknesses in the notification system. CC ID 12928 | Monitor and Evaluate Occurrences | Preventive | |
| Include the capturing and alerting of account activity in the notification system. CC ID 15314 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain an internal reporting program. CC ID 12409 | Business Processes | Preventive | |
| Include transactions and events as a part of internal reporting. CC ID 12413 | Business Processes | Preventive | |
| Disseminate and communicate management's choices for managing the organization as a part of internal reporting. CC ID 12412 | Communicate | Preventive | |
| Enforce a precision level for non-financial reporting based on user need and appropriate supply chain criteria. CC ID 12399 | Establish/Maintain Documentation | Preventive | |
| Define the thresholds for escalation in the internal reporting program. CC ID 14332 | Establish/Maintain Documentation | Preventive | |
| Define the thresholds for reporting in the internal reporting program. CC ID 14331 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an external reporting program. CC ID 12876 [The organization shall apply all the reporting principles specified in section 4 of GRI 1: Foundation 2021. Requirement 1(a) {be understandable} The organization shall present information in a way that is accessible and understandable. Clarity ¶ 1(a) {refrain from reporting} To apply the Balance principle, the organization should: not present information in a way that is likely to inappropriately influence the conclusions or assessments of information users. Balance Guidance ¶ 1 Bullet 5 {be fair}{negative impact} The organization shall report information in an unbiased way and provide a fair representation of the organization's negative and positive impacts. Balance ¶ 1(a) {should not}{positive impact} To apply the Balance principle, the organization should: not overemphasize positive news or impacts; Balance Guidance ¶ 1 Bullet 4 The organization shall report information that is correct and sufficiently detailed to allow an assessment of the organization's impacts. Accuracy ¶ 1(a)] | Communicate | Preventive | |
| Provide identifying information about the organization to the responsible party. CC ID 16715 | Communicate | Preventive | |
| Identify the material topics required to be reported on. CC ID 15654 [The organization shall: determine its material topics; Requirement 3 ¶ 1(a) The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. Requirement 5 Guidance to 5-b ¶ 2 The organization is required to use the applicable Sector Standards when determining its material topics. Requirement 3 Guidance ¶ 4 The organization is required to determine its material topics based on its specific circumstances. Requirement 3 Guidance ¶ 2 The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: determine whether each topic in the applicable Sector Standard(s) is a material topic for the organization; Requirement 3 ¶ 1(b)(i) {be immaterial}{reason} The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. If the organization has determined any of the topics included in the applicable Sector Standards as not material, then the organization is required to list them in the GRI content index and explain why they are not material. See Requirement 7 in this Standard for more information on the content index. Requirement 3 Guidance to 3-b ¶ 2] | Business Processes | Preventive | |
| Check the list of material topics for completeness. CC ID 15692 | Investigate | Preventive | |
| Prioritize material topics used in reporting. CC ID 15678 | Communicate | Preventive | |
| Review and approve the material topics, as necessary. CC ID 15670 | Process or Activity | Preventive | |
| Define the thresholds for reporting in the external reporting program. CC ID 15679 | Establish/Maintain Documentation | Preventive | |
| Include time requirements in the external reporting program. CC ID 16566 | Communicate | Preventive | |
| Include information about the organizational culture in the external reporting program. CC ID 15610 | Establish/Maintain Documentation | Preventive | |
| Include reporting to governing bodies in the external reporting plan. CC ID 12923 [{appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Requirement 9(a) {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Requirement 9(a) {appropriate authority}The organization should include the following information in the email: The link to the GRI content index. Requirement 9 Guidance ¶ 1 Bullet 2 {appropriate authority}The organization should include the following information in the email: The legal name of the organization. Requirement 9 Guidance ¶ 1 Bullet 1 {appropriate authority}The organization should include the following information in the email: The link to the report, if publishing a standalone sustainability report. Requirement 9 Guidance ¶ 1 Bullet 3 {appropriate authority}The organization should include the following information in the email: A contact person in the organization and their contact details. Requirement 9 Guidance ¶ 1 Bullet 5 {appropriate authority} The organization should include the following information in the email: The legal name of the organization. Notify GRI Guidance ¶ 1 Bullet 1 {appropriate authority} The organization should include the following information in the email: The link to the GRI content index. Notify GRI Guidance ¶ 1 Bullet 2 {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Notify GRI (a) {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Notify GRI (a) {appropriate authority} The organization should include the following information in the email: A contact person in the organization and their contact details. Notify GRI Guidance ¶ 1 Bullet 5] | Communicate | Preventive | |
| Submit confidential treatment applications to interested personnel and affected parties. CC ID 16592 | Communicate | Preventive | |
| Include the reasons for objections to public disclosure in confidential treatment applications. CC ID 16594 | Establish/Maintain Documentation | Preventive | |
| Include contact information for the interested personnel and affected parties the report was filed with in the confidential treatment application. CC ID 16595 | Establish/Maintain Documentation | Preventive | |
| Include the information that was omitted in the confidential treatment application. CC ID 16593 | Establish/Maintain Documentation | Preventive | |
| Analyze organizational objectives, functions, and activities. CC ID 00598 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain organizational objectives. CC ID 09959 | Establish/Maintain Documentation | Preventive | |
| Evaluate organizational objectives to determine impact on other organizational objectives. CC ID 12814 [The organization shall provide sufficient information to enable an assessment of the organization's impacts during the reporting period. Completeness ¶ 1(a)] | Process or Activity | Preventive | |
| Identify events that may affect organizational objectives. CC ID 12961 | Process or Activity | Preventive | |
| Identify conditions that may affect organizational objectives. CC ID 12958 | Process or Activity | Preventive | |
| Identify requirements that could affect achieving organizational objectives. CC ID 12828 | Business Processes | Preventive | |
| Identify opportunities that could affect achieving organizational objectives. CC ID 12826 | Business Processes | Preventive | |
| Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a policy and procedure management program. CC ID 06285 | Establish/Maintain Documentation | Preventive | |
| Approve all compliance documents. CC ID 06286 | Establish/Maintain Documentation | Preventive | |
| Align the Authority Document list with external requirements. CC ID 06288 [The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: Requirement 3 ¶ 1(b)] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a content index. CC ID 15660 [The organization shall: publish a GRI content index that includes: Publish a GRI content index ¶ 1(a) publish a GRI content index that includes: Requirement 7 ¶ 1(a)] | Establish/Maintain Documentation | Preventive | |
| Include the required information in the content index. CC ID 15665 [publish a GRI content index that includes: the title(s) of the GRI Sector Standard(s) that apply to the organization's sector(s); Requirement 7 ¶ 1(a)(iv) The organization shall: publish a GRI content index that includes: the location where the information reported for each disclosure can be found; Publish a GRI content index ¶ 1(a)(vi) publish a GRI content index that includes: the GRI Sector Standard reference numbers for the disclosures from the applicable Sector Standard(s); Requirement 7 ¶ 1(a)(x) {be immaterial}{reason} The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. If the organization has determined any of the topics included in the applicable Sector Standards as not material, then the organization is required to list them in the GRI content index and explain why they are not material. See Requirement 7 in this Standard for more information on the content index. Requirement 3 Guidance to 3-b ¶ 2 {approved standard} The organization shall: publish a GRI content index that includes: the title of GRI 1 used Publish a GRI content index ¶ 1(a)(iii) publish a GRI content index that includes: the title: GRI content index; Requirement 7 ¶ 1(a)(i) The organization shall: publish a GRI content index that includes: the titles of the GRI Standards that the reported disclosures come from; Publish a GRI content index ¶ 1(a)(v) The organization shall: publish a GRI content index that includes: a list of the reported disclosures from the GRI Standards, including the disclosure titles; Publish a GRI content index ¶ 1(a)(iv) {compliance disclosure statement} The organization shall: publish a GRI content index that includes: the statement of use; Publish a GRI content index ¶ 1(a)(ii) The organization shall: publish a GRI content index that includes: the title: GRI content index; Publish a GRI content index ¶ 1(a)(i) publish a GRI content index that includes: the location where the information reported for each disclosure can be found; Requirement 7 ¶ 1(a)(xi) publish a GRI content index that includes: a list of the reported disclosures, including the disclosure titles; Requirement 7 ¶ 1(a)(vii) publish a GRI content index that includes: the titles of the GRI Standards and other sources that the reported disclosures come from; Requirement 7 ¶ 1(a)(viii) {be immaterial} publish a GRI content index that includes: a list of the topics in the applicable GRI Sector Standard(s) determined as not material and an explanation for why they are not material; Requirement 7 ¶ 1(a)(vi) publish a GRI content index that includes: a list of the organization's material topics; Requirement 7 ¶ 1(a)(v) {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported the information cited in this GRI content index for the period [reporting period start and end dates] with reference to the GRI Standards. Provide a statement of use (a) {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported the information cited in this GRI content index for the period [reporting period start and end dates] with reference to the GRI Standards. Provide a statement of use (a)] | Establish/Maintain Documentation | Preventive | |
| Include the disclosures or requirements it cannot comply with in the content index. CC ID 15664 [If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 2 Guidance ¶ 2 {approved standard} If the organization cannot comply with Disclosure 3-3 or with a requirement in Disclosure 3-3, then the organization is required to specify this in the GRI content index, and to provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 4 Guidance ¶ 2 {be unavailable} When the organization cannot report part of the required information it means the information is incomplete. When the reported information does not cover the complete scope required by a disclosure (e.g., the information is missing for certain entities, sites, geographic locations), then the organization is required to provide 'information unavailable /incomplete' as the reason for omission. The organization must specify the entities, sites, geographic locations, etc., for which the required information is missing and cannot be reported. Requirement 6 Information unavailable / incomplete ¶ 2 If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, the organization shall in the GRI content index: specify the disclosure or the requirement it cannot comply with; Requirement 6(a)(i) Reasons for omission are permitted for all disclosures from the Topic Standards. If the organization cannot comply with a disclosure or with a requirement in a disclosure, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-a ¶ 5 {be incomplete}{omitted} If the information for a disclosure or a requirement in a disclosure for which reasons for omission are permitted is unavailable or incomplete, then the organization is required to provide a reason for omission. When information is incomplete, the organization is required to specify which part is missing (e.g., specify the entities for which the information is missing). See Requirement 6 in this Standard for more information. Completeness Guidance ¶ 3] | Establish/Maintain Documentation | Preventive | |
| Include explanations for why disclosures or requirements were omitted in the content index. CC ID 15663 [If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 2 Guidance ¶ 2 {confidential information} There may be cases where the law does not forbid collecting or reporting the required information, but the organization considers the information confidential and cannot report it publicly. In such cases, the organization provides 'confidentiality constraints' as the reason for omission. Requirement 6 Confidentiality constraints ¶ 1 The organization provides 'legal prohibitions' as the reason for omission when the law forbids collecting the required information or reporting it publicly. Requirement 6 Legal prohibitions ¶ 1 {not be applicable} If the organization determines a topic in an applicable Sector Standard to be material, the Sector Standard helps the organization identify disclosures to report information about its impacts in relation to that topic. For each likely material topic, the Sector Standards list disclosures from the GRI Topic Standards for organizations to report. If any of the Topic Standards disclosures listed in the Sector Standards are not relevant to the organization's impacts, the organization is not required to report these. However, the organization is required to list these disclosures in the GRI content index and provide 'not applicable' as the reason for omission for not reporting the disclosures. The organization is also required to explain in brief why the disclosures are not relevant to its impacts in relation to the material topic. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-b ¶ 3 {not be applicable}for each material topic covered in the applicable GRI Sector Standard(s), either: provide the 'not applicable' reason for omission and the required explanation in the GRI content index. Requirement 5 ¶ 1(b)(ii) {approved standard} If the organization cannot comply with Disclosure 3-3 or with a requirement in Disclosure 3-3, then the organization is required to specify this in the GRI content index, and to provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 4 Guidance ¶ 2 {be unavailable} When the organization cannot report part of the required information it means the information is incomplete. When the reported information does not cover the complete scope required by a disclosure (e.g., the information is missing for certain entities, sites, geographic locations), then the organization is required to provide 'information unavailable /incomplete' as the reason for omission. The organization must specify the entities, sites, geographic locations, etc., for which the required information is missing and cannot be reported. Requirement 6 Information unavailable / incomplete ¶ 2 {be incomplete} There may be cases where the organization has the item specified in a disclosure or in a requirement in a disclosure, but the information about the item is unavailable or incomplete. In such cases, the organization provides 'information unavailable / incomplete' as the reason for omission. For example, information is unavailable for Disclosure 305-3 in GRI 305: Emissions 2016 when the organization has other indirect (Scope 3) greenhouse gas (GHG) emissions, but it has not collected data on its other indirect (Scope 3) GHG emissions yet. Requirement 6 Information unavailable / incomplete ¶ 1 If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, the organization shall in the GRI content index: provide one of the four reasons for omission included in Table 1 and the required explanation for that reason. Requirement 6(a)(ii) Reasons for omission are permitted for all disclosures from the Topic Standards. If the organization cannot comply with a disclosure or with a requirement in a disclosure, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-a ¶ 5 publish a GRI content index that includes: when the organization does not report GRI Topic Standard disclosures for a material topic from the applicable GRI Sector Standard(s), a list of the disclosures and the required reason for omission; Requirement 7 ¶ 1(a)(ix) {be incomplete}{omitted} If the information for a disclosure or a requirement in a disclosure for which reasons for omission are permitted is unavailable or incomplete, then the organization is required to provide a reason for omission. When information is incomplete, the organization is required to specify which part is missing (e.g., specify the entities for which the information is missing). See Requirement 6 in this Standard for more information. Completeness Guidance ¶ 3 The organization is required to report reasons for omission in the GRI content index. See Requirement 7 in this Standard for more information on the content index. Requirement 6 Information unavailable / incomplete ¶ 6 publish a GRI content index that includes: any reasons for omission used; Requirement 7 ¶ 1(a)(xii)] | Establish/Maintain Documentation | Preventive | |
| Include an explanation of why disclosures or requirements do not apply in the content index. CC ID 15662 [In such cases, the organization is required to explain why the disclosure or the requirement does not apply to the organization. Requirement 6 Not applicable ¶ 1 Bullet 1 ¶ 2 {not be applicable}The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure from the GRI Topic Standards that is listed in the applicable GRI Sector Standards is not relevant to the organization's impacts in relation to a material topic. In such cases, the organization is required to explain why the disclosure is not relevant to its impacts in relation to the material topic. Requirement 6 Not applicable ¶ 1 Bullet 2 {not be applicable}The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure from the GRI Topic Standards that is listed in the applicable GRI Sector Standards is not relevant to the organization's impacts in relation to a material topic. In such cases, the organization is required to explain why the disclosure is not relevant to its impacts in relation to the material topic. Requirement 6 Not applicable ¶ 1 Bullet 2 {not be applicable} If the organization determines a topic in an applicable Sector Standard to be material, the Sector Standard helps the organization identify disclosures to report information about its impacts in relation to that topic. For each likely material topic, the Sector Standards list disclosures from the GRI Topic Standards for organizations to report. If any of the Topic Standards disclosures listed in the Sector Standards are not relevant to the organization's impacts, the organization is not required to report these. However, the organization is required to list these disclosures in the GRI content index and provide 'not applicable' as the reason for omission for not reporting the disclosures. The organization is also required to explain in brief why the disclosures are not relevant to its impacts in relation to the material topic. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-b ¶ 3 The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure or a requirement in a disclosure does not apply to the organization based on its characteristics (e.g., size, type). For example, 2-15-b-iii in GRI 2: General Disclosures 2021 requires the organization to report whether conflicts of interest relating to the existence of controlling shareholders are disclosed to stakeholders. This requirement does not apply to organizations that do not have shareholders (e.g., foundations). Requirement 6 Not applicable ¶ 1 Bullet 1 ¶ 1 {reason}{be immaterial} The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: list in the GRI content index any topics from the applicable Sector Standard(s) that the organization has determined as not material and explain why they are not material. Requirement 3 ¶ 1(b)(ii)] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a strategic plan. CC ID 12784 | Establish/Maintain Documentation | Preventive | |
| Determine progress toward the objectives of the strategic plan. CC ID 12944 [{current time period}{prior time period} To apply the Comparability principle, the organization should: present information for the current reporting period and at least two previous periods, as well as any goals and targets that have been set Comparability Guidance ¶ 2 Bullet 1] | Process or Activity | Preventive | |
| Establish, implement, and maintain a decision management strategy. CC ID 06913 | Establish/Maintain Documentation | Preventive | |
| Align the reporting methodology with the decision management strategy. CC ID 15659 [{make available} The organization shall report information on a regular schedule and make it available in time for information users to make decisions. Timeliness ¶ 1(a)] | Business Processes | Preventive | |
| Align organizational objectives with compliance objectives in the decision-making criteria. CC ID 12847 [To apply the Verifiability principle, the organization should: document the decision-making processes underlying the organization's sustainability reporting in a way that allows for the examination of the key decisions and processes, such as the process of determining material topics; Verifiability Guidance ¶ 2 Bullet 2] | Process or Activity | Preventive | |
Monitoring and measurement | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Monitoring and measurement CC ID 00636 | IT Impact Zone | IT Impact Zone | |
| Monitor the usage and capacity of critical assets. CC ID 14825 | Monitor and Evaluate Occurrences | Detective | |
| Monitor the usage and capacity of Information Technology assets. CC ID 00668 | Monitor and Evaluate Occurrences | Detective | |
| Compare system performance metrics to organizational standards and industry benchmarks. CC ID 00667 [To apply the Accuracy principle, the organization should: ensure that the margin of error for data measurements does not inappropriately influence the conclusions or assessments of information users; Accuracy Guidance ¶ 2 Bullet 4] | Monitor and Evaluate Occurrences | Detective | |
| Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a metrics policy. CC ID 01654 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an approach for compliance monitoring. CC ID 01653 | Establish/Maintain Documentation | Preventive | |
| Identify information being used to support the performance of the governance, risk, and compliance capability. CC ID 12866 [To apply the Verifiability principle, the organization should: be able to identify the original sources of the reported information and provide reliable evidence to support assumptions or calculations; Verifiability Guidance ¶ 2 Bullet 4] | Business Processes | Preventive | |
| Establish, implement, and maintain a metrics standard and template. CC ID 02157 [To apply the Accuracy principle, the organization should: adequately describe data measurements and bases for calculations, and ensure it is possible to replicate measurements and calculations with similar results; Accuracy Guidance ¶ 2 Bullet 3 To apply the Accuracy principle, the organization should: adequately describe data measurements and bases for calculations, and ensure it is possible to replicate measurements and calculations with similar results; Accuracy Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: use accepted international metrics (e.g., kilograms, liters), and standard conversion factors and protocols, where applicable, for compiling and reporting information; Comparability Guidance ¶ 2 Bullet 2] | Establish/Maintain Documentation | Preventive | |
| Convert data into standard units before reporting metrics. CC ID 15507 [To apply the Comparability principle, the organization should: report total numbers or absolute data (e.g., metric tons of CO2 equivalent) as well as ratios or normalized data (e.g., CO2 emissions per unit produced) to enable comparisons, and provide explanatory notes when using ratios; Comparability Guidance ¶ 2 Bullet 5] | Process or Activity | Corrective | |
| Protect against misusing automated audit tools. CC ID 04547 | Technical Security | Preventive | |
| Evaluate the measurement process used for metrics. CC ID 06920 [To apply the Balance principle, the organization should: distinguish clearly between facts and the organization's interpretation of the facts; Balance Guidance ¶ 1 Bullet 2 To apply the Accuracy principle, the organization should: indicate which data has been estimated, and explain the underlying assumptions and techniques used for the estimation as well as any limitations of the estimates. Accuracy Guidance ¶ 2 Bullet 5] | Testing | Detective | |
Operational management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Operational management CC ID 00805 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Establish/Maintain Documentation | Preventive | |
| Implement and comply with the Governance, Risk, and Compliance framework. CC ID 00818 | Business Processes | Preventive | |
| Comply with all implemented policies in the organization's compliance framework. CC ID 06384 [The organization is required to comply with Requirement 3-b only if GRI Sector Standards that apply to its sectors are available. Requirement 3 Guidance to 3-b ¶ 1 {applicable requirement} The organization is required to comply with Requirement 5-b only if GRI Sector Standards that apply to its sectors are available. The Sector Standards provide information for organizations about their likely material topics. Requirement 5 Guidance to 5-b ¶ 1] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an environmental management system. CC ID 14945 | Business Processes | Preventive | |
| Include environmental impacts in the environmental management system. CC ID 15175 [The organization shall report information about its impacts in the wider context of sustainable development. Sustainability context ¶ 1(a)] | Establish/Maintain Documentation | Preventive | |
| Include the scope in the environmental management system. CC ID 14950 | Establish/Maintain Documentation | Preventive | |
| Include the environmental impact of activities, products, and services in the scope of the environmental management system. CC ID 15184 [To apply the Sustainability context principle, the organization should: draw on objective information and authoritative measures on sustainable development to report information about its impacts (e.g., scientific research or consensus on the limits and demands placed on environmental resources); Sustainability context Guidance ¶ 2 Bullet 1 To apply the Sustainability context principle, the organization should: report information about its impacts in relation to sustainable development goals and conditions (e.g., reporting total greenhouse gas [GHG] emissions as well as reductions in GHG emissions in relation to the goals set out in the United Nations [UN] Framework Convention on Climate Change [FCCC]Paris Agreement [4]); Sustainability context Guidance ¶ 2 Bullet 2 {local environment} To apply the Sustainability context principle, the organization should: if operating in a range of locations, report information about its impacts in relation to appropriate local contexts( e.g., reporting total water use, as well as water use relative to the sustainable thresholds and the social context of given catchments). Sustainability context Guidance ¶ 2 Bullet 4] | Establish/Maintain Documentation | Preventive | |
Records management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Records management CC ID 00902 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain records management procedures. CC ID 11619 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain data accuracy controls. CC ID 00921 [{be acceptable}To apply the Verifiability principle, the organization should: be able to provide representation from the original sources of the reported information attesting to the accuracy of the information within acceptable margins of error; Verifiability Guidance ¶ 2 Bullet 5] | Monitor and Evaluate Occurrences | Detective | |
| Establish, implement, and maintain data processing integrity controls. CC ID 00923 [The organization shall gather, record, compile, and analyze information in such a way that the information can be examined to establish its quality. Verifiability ¶ 1(a) {other individuals} To apply the Verifiability principle, the organization should: set up internal controls and organize documentation in such a way that individuals other than those preparing the reported information (e.g., internal auditors, external assurance providers) can review them; Verifiability Guidance ¶ 2 Bullet 1] | Establish Roles | Preventive | |
| Compare each record's data input to its final form. CC ID 11813 | Records Management | Detective | |
| Sanitize user input in accordance with organizational standards. CC ID 16856 | Process or Activity | Preventive | |
| Establish, implement, and maintain Automated Data Processing validation checks and editing checks. CC ID 00924 | Data and Information Management | Preventive | |
| Establish, implement, and maintain Automated Data Processing error handling procedures. CC ID 00925 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain Automated Data Processing error handling reporting. CC ID 11659 | Establish/Maintain Documentation | Preventive | |
Systems design, build, and implementation | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Systems design, build, and implementation CC ID 00989 | IT Impact Zone | IT Impact Zone | |
| Initiate the System Development Life Cycle planning phase. CC ID 06266 | Systems Design, Build, and Implementation | Preventive | |
| Establish, implement, and maintain system design requirements. CC ID 06618 [To apply the Verifiability principle, the organization should: if the organization designs information systems for its sustainability reporting, design these systems in a way that they can be examined as part of an external assurance process; Verifiability Guidance ¶ 2 Bullet 3] | Establish/Maintain Documentation | Preventive | |
| Implement dual authorization in systems with critical business functions, as necessary. CC ID 14922 | Systems Design, Build, and Implementation | Preventive | |
| Identify all stakeholders who may influence the System Development Life Cycle. CC ID 06922 | Establish/Maintain Documentation | Detective | |
| Document stakeholder requirements and how they influence system design requirements. CC ID 06925 | Establish/Maintain Documentation | Preventive | |
| Document legal requirements and how they influence system design requirements. CC ID 11793 | Establish/Maintain Documentation | Preventive | |
| Compare system design requirements against system design requests. CC ID 06619 | Testing | Detective | |
| Resolve conflicting design and development inputs. CC ID 13703 | Process or Activity | Corrective | |
| Design and develop built-in redundancies, as necessary. CC ID 13064 | Systems Design, Build, and Implementation | Preventive | |
| Identify and document system design constraints. CC ID 06923 | Establish/Maintain Documentation | Preventive | |
| Identify and document limitations that the implementation technology and the implementation strategy puts on the system design solution. CC ID 06928 | Establish/Maintain Documentation | Preventive | |
| Design resource-isolation mechanisms into the infrastructure of Software as a Service. CC ID 12348 | Systems Design, Build, and Implementation | Preventive | |
| Design the Software as a Service infrastructure to segment cloud customer user access. CC ID 12347 | Systems Design, Build, and Implementation | Preventive | |
| Identify and document system development constraints. CC ID 11698 | Establish/Maintain Documentation | Preventive | |
| Identify and document the system boundaries of the system design project. CC ID 06924 | Establish/Maintain Documentation | Preventive | |
| Determine if commercial off the shelf products meet the system design requirements. CC ID 06926 | Testing | Detective | |
| Review the degree of human intervention and control points in the system design requirements. CC ID 13536 | Establish/Maintain Documentation | Detective | |
| Evaluate the criticality and sensitivity of information being accessed when designing systems. CC ID 07076 | Systems Design, Build, and Implementation | Preventive | |
| Include performance criteria in the system requirements specification. CC ID 11540 | Technical Security | Preventive | |
| Include accommodating increases in capacity in the system requirements specification. CC ID 11562 | Technical Security | Preventive | |
| Include product upgrade methodologies in the system requirements specification. CC ID 11563 | Technical Security | Preventive | |
| Include the ability of products to verify their own quality in the system requirements specification. CC ID 11564 | Technical Security | Preventive | |
| Include anti-counterfeit measures in the system requirements specification. CC ID 11547 | Physical and Environmental Protection | Preventive | |
| Include anti-counterfeit measures that resist reverse engineering in the system requirements specification. CC ID 11548 | Physical and Environmental Protection | Preventive | |
| Include anti-counterfeit measures that are apparent to anti-counterfeit authentication testing in the system requirements specification. CC ID 11549 | Physical and Environmental Protection | Preventive | |
| Include anti-counterfeit measures that are interdependent between material goods and the anti-counterfeit authentication test in the system requirements specification. CC ID 11550 | Physical and Environmental Protection | Preventive | |
| Include anti-counterfeit measures that allow product characteristic change detection as the result of an attack in the system requirements specification. CC ID 11551 | Physical and Environmental Protection | Preventive | |
| Include anti-counterfeit measures that make attempts to circumvent them evident during the anti-counterfeit authentication test in the system requirements specification. CC ID 11552 | Physical and Environmental Protection | Preventive | |
| Analyze anti-counterfeit measures for their longevity. CC ID 11553 | Physical and Environmental Protection | Preventive | |
| Disallow reuse of anti-counterfeit measures absent authentication. CC ID 11554 | Physical and Environmental Protection | Preventive | |
| Include anti-counterfeit measures to be compatible with material goods associated with the product in the system requirements specification. CC ID 11555 | Physical and Environmental Protection | Preventive | |
Common Controls andEach Common Control is assigned a meta-data type to help you determine the objective of the Control and associated Authority Document mandates aligned with it. These types include behavioral controls, process controls, records management, technical security, configuration management, etc. They are provided as another tool to dissect the Authority Document’s mandates and assign them effectively within your organization.
Actionable Reports or Measurements | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Report to management and stakeholders on the findings and information gathered from all types of inquiries. CC ID 12797 | Leadership and high level objectives | Preventive | |
| Assess the potential level of business impact risk associated with natural disasters. CC ID 06470 | Audits and risk management | Detective | |
| Include the percentage of individuals in each gender category in the disclosure report. CC ID 15952 | Audits and risk management | Detective | |
| Include the total amount of corporate income tax accrued on profit/loss in the disclosure report. CC ID 16107 | Audits and risk management | Detective | |
| Include the total monetary value of subsidies received from the government in the disclosure report. CC ID 16101 | Audits and risk management | Detective | |
| Include revenues in the disclosure report. CC ID 16099 | Audits and risk management | Detective | |
| Include the economic value distributed in the disclosure report. CC ID 16086 | Audits and risk management | Detective | |
| Include total monetary value of payments to capital providers in the disclosure report. CC ID 16092 | Audits and risk management | Detective | |
| Include total monetary value of payments to governments in the disclosure report. CC ID 16091 | Audits and risk management | Detective | |
| Include total monetary value of employee wages and benefits in the disclosure report. CC ID 16090 | Audits and risk management | Detective | |
| Include total monetary value of community investments in the disclosure report. CC ID 16089 | Audits and risk management | Detective | |
| Include operating costs in the disclosure report. CC ID 16088 | Audits and risk management | Detective | |
| Include economic value retained in the disclosure report. CC ID 16094 | Audits and risk management | Detective | |
| Include the direct economic value generated and distributed in the disclosure report. CC ID 16085 | Audits and risk management | Detective | |
| Include the total monetary value of financial assistance received from the government in the disclosure report. CC ID 16087 | Audits and risk management | Detective | |
| Include the total monetary value of awards received from the government in the disclosure report. CC ID 16106 | Audits and risk management | Detective | |
| Include the total monetary value of financial incentives received from the government in the disclosure report. CC ID 16105 | Audits and risk management | Detective | |
| Include the total monetary value of tax relief and tax credits received from the government in the disclosure report. CC ID 16102 | Audits and risk management | Detective | |
| Include the total monetary value of grants received from the government in the disclosure report. CC ID 16100 | Audits and risk management | Detective | |
| Include the total monetary value of royalty holidays received from the government in the disclosure report. CC ID 16097 | Audits and risk management | Detective | |
| Include the total monetary value of financial assistance received from Export Credit Agencies in the disclosure report. CC ID 16095 | Audits and risk management | Detective | |
| Include the total amount of corporate income tax paid on a cash basis in the disclosure report. CC ID 16050 | Audits and risk management | Detective | |
| Include the total monetary value of tangible assets other than cash and cash equivalents in the disclosure report. CC ID 16048 | Audits and risk management | Detective | |
| Include revenues from intragroup transactions with other tax jurisdictions in the disclosure report. CC ID 16046 | Audits and risk management | Detective | |
| Include revenues from third party sales in the disclosure report. CC ID 16045 | Audits and risk management | Detective | |
| Include the profit and loss before tax in the disclosure report. CC ID 16044 | Audits and risk management | Detective | |
| Include the percentage of interested personnel and affected parties that have received training on anti-corruption in the disclosure report. CC ID 16073 | Audits and risk management | Detective | |
| Include the percentage of interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16072 | Audits and risk management | Detective | |
| Include the total number of interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16071 | Audits and risk management | Detective | |
| Include the total number of incidents where contracts with business partners were terminated due to corruption in the disclosure report. CC ID 16070 | Audits and risk management | Detective | |
| Include the total number of interested personnel and affected parties that have received training on anti-corruption in the disclosure report. CC ID 16069 | Audits and risk management | Detective | |
| Include the total number of incidents in which employees were dismissed or disciplined for corruption in the disclosure report. CC ID 16068 | Audits and risk management | Detective | |
| Include the total number of incidents of corruption in the disclosure report. CC ID 16066 | Audits and risk management | Detective | |
| Include the percentage of operations assessed for risks related to corruption in the disclosure report. CC ID 16063 | Audits and risk management | Detective | |
| Include the total number of operations assessed for risks related to corruption in the disclosure report. CC ID 16062 | Audits and risk management | Detective | |
| Include the total number of listed species with habitats in areas affected by organizational operations in the disclosure report. CC ID 16038 | Audits and risk management | Detective | |
| Include the size of operational sites near areas of high biodiversity value in the disclosure report. CC ID 16032 | Audits and risk management | Detective | |
| Include the size of habitat areas protected or restored by the organization in the disclosure report. CC ID 16023 | Audits and risk management | Detective | |
| Include the percentage of the procurement budget spent on local suppliers in the disclosure report. CC ID 16022 | Audits and risk management | Detective | |
| Include gross energy indirect greenhouse gas emissions in the disclosure report. CC ID 16340 | Audits and risk management | Detective | |
| Include the total exports of ozone-depleting substances in the disclosure report. CC ID 16083 | Audits and risk management | Detective | |
| Include the total imports of ozone-depleting substances in the disclosure report. CC ID 16081 | Audits and risk management | Detective | |
| Include the total production of ozone-depleting substances in the disclosure report. CC ID 16079 | Audits and risk management | Detective | |
| Include gross other indirect greenhouse gas emissions in the disclosure report. CC ID 16013 | Audits and risk management | Detective | |
| Include gross direct greenhouse gas emissions in the disclosure report.. CC ID 16009 | Audits and risk management | Detective | |
| Include gross direct greenhouse gas emissions from perfluorinated compounds in the disclosure report. CC ID 16146 | Audits and risk management | Detective | |
| Include gross market-based energy indirect greenhouse gas emissions in the disclosure report. CC ID 16008 | Audits and risk management | Detective | |
| Include biogenic carbon dioxide emissions in the disclosure report. CC ID 16007 | Audits and risk management | Detective | |
| Include gross location-based energy indirect greenhouse gas emissions in the disclosure report. CC ID 16006 | Audits and risk management | Detective | |
| Include the total amount of significant air emissions in the disclosure report. CC ID 16005 | Audits and risk management | Detective | |
| Include the total emissions of nitrogen oxides in the disclosure report. CC ID 16084 | Audits and risk management | Detective | |
| Include the total emissions of sulfur oxides in the disclosure report. CC ID 16082 | Audits and risk management | Detective | |
| Include the total emissions of volatile organic compounds in the disclosure report. CC ID 16080 | Audits and risk management | Detective | |
| Include the total emissions of persistent organic pollutants in the disclosure report. CC ID 16078 | Audits and risk management | Detective | |
| Include the total emissions of particulate matter in the disclosure report. CC ID 16077 | Audits and risk management | Detective | |
| Include the total emissions of hazardous air pollutants in the disclosure report. CC ID 16076 | Audits and risk management | Detective | |
| Include the greenhouse gas emissions intensity ratio in the disclosure report. CC ID 16004 | Audits and risk management | Detective | |
| Include the total amount of reductions in greenhouse gas emissions in the disclosure report. CC ID 15999 | Audits and risk management | Detective | |
| Include the total number of legal actions against the organization in the disclosure report. CC ID 16003 | Audits and risk management | Detective | |
| Include the total number of fines for instances of non-compliance in the disclosure report. CC ID 15950 | Audits and risk management | Detective | |
| Include the total weight of hazardous waste generated from manufacturing operations in the disclosure report. CC ID 16163 | Audits and risk management | Detective | |
| Include the total volume of significant spills in the disclosure report. CC ID 16010 | Audits and risk management | Detective | |
| Include the total number of significant spills in the disclosure report. CC ID 15965 | Audits and risk management | Detective | |
| Include the performance qualification score of laptops in the disclosure report. CC ID 16176 | Audits and risk management | Detective | |
| Include the battery life score of laptops in the disclosure report. CC ID 16175 | Audits and risk management | Detective | |
| Include the energy efficiency of laptop computer processors in the disclosure report. CC ID 16174 | Audits and risk management | Detective | |
| Include the energy efficiency of desktop computer processors in the disclosure report. CC ID 16172 | Audits and risk management | Detective | |
| Include the energy efficiency of server processors in the disclosure report. CC ID 16170 | Audits and risk management | Detective | |
| Include the overall ssj_ops/watt of servers in the disclosure report. CC ID 16162 | Audits and risk management | Detective | |
| Include the percentage of products sold that contain declarable substances in the disclosure report. CC ID 16159 | Audits and risk management | Detective | |
| Include the SPECspeed2017_int_base score/watt of desktop computers in the disclosure report. CC ID 16160 | Audits and risk management | Detective | |
| Include the SPECspeed2017_fp_basescore/watt of desktop computers in the disclosure report. CC ID 16157 | Audits and risk management | Detective | |
| Include the average actual sustained download speed in the disclosure report. CC ID 15568 | Audits and risk management | Detective | |
| Include the average advertised download speed in the disclosure report. CC ID 15567 | Audits and risk management | Detective | |
| Include the percentage of water withdrawn from locations with significant baseline water stress in the disclosure report. CC ID 15949 | Audits and risk management | Detective | |
| Include the percentage of water consumed from locations with significant baseline water stress in the disclosure report. CC ID 15948 | Audits and risk management | Detective | |
| Include the near miss frequency rate for work-related near misses in the disclosure report. CC ID 16228 | Audits and risk management | Detective | |
| Include the number of days idle as a result of work stoppages in the disclosure report. CC ID 16217 | Audits and risk management | Detective | |
| Include the total monetary value of benefit plan liabilities in the disclosure report. CC ID 16108 | Audits and risk management | Detective | |
| Include the percentage of an employee's salary contributed to benefit plans by employee or employer in the disclosure report. CC ID 16103 | Audits and risk management | Detective | |
| Include the ratio of entry level wages to the minimum wage in the disclosure report. CC ID 16002 | Audits and risk management | Detective | |
| Include the percentage of senior management hired from the local community in the disclosure report. CC ID 16001 | Audits and risk management | Detective | |
| Include the percentage of employees that are foreign nationals in the disclosure report. CC ID 15622 | Audits and risk management | Preventive | |
| Include the percentage of employee engagement in the disclosure report. CC ID 15634 | Audits and risk management | Preventive | |
| Include the percentage of offshore employees in the disclosure report. CC ID 15623 | Audits and risk management | Preventive | |
| Include the percentage of employees covered by collective bargaining agreements in the disclosure report. CC ID 15931 | Audits and risk management | Detective | |
| Include the rate of new employee hires in the disclosure report. CC ID 15928 | Audits and risk management | Detective | |
| Include the total number of employees who left the organization in the disclosure report. CC ID 16127 | Audits and risk management | Detective | |
| Include the number of work stoppages involving one thousand or more workers in the disclosure report. CC ID 16214 | Audits and risk management | Detective | |
| Include the total number of employees that were entitled to parental leave in the disclosure report. CC ID 15960 | Audits and risk management | Detective | |
| Include the total number of employees that took parental leave in the disclosure report. CC ID 15955 | Audits and risk management | Detective | |
| Include the total number of employees that returned to work in the reporting period after parental leave ended in the disclosure report. CC ID 15946 | Audits and risk management | Detective | |
| Include the return to work rate of employees that took parental leave in the disclosure report. CC ID 15958 | Audits and risk management | Detective | |
| Include the retention rate of employees that took parental leave in the disclosure report. CC ID 15962 | Audits and risk management | Detective | |
| Include the percentage of security personnel who have received training on human rights policies and their application to security in the disclosure report. CC ID 15726 | Audits and risk management | Preventive | |
| Include the user average interruption duration in the disclosure report. CC ID 15558 | Audits and risk management | Detective | |
| Include the system average interruption frequency in the disclosure report. CC ID 15565 | Audits and risk management | Detective | |
| Include the total user downtime in the disclosure report. CC ID 15635 | Audits and risk management | Preventive | |
| Include the percentage of content removal requests with which the organization complied in the disclosure report. CC ID 15649 | Audits and risk management | Preventive | |
| Include the total number of unique individuals whose information was requested by a third party in the disclosure report. CC ID 15500 | Audits and risk management | Detective | |
| Include the number of individuals whose personal data is maintained in the disclosure report. CC ID 16792 | Audits and risk management | Preventive | |
| Include the percentage of information requests that resulted in disclosure in the disclosure report. CC ID 15560 | Audits and risk management | Detective | |
| Include the total number of unique individuals affected by data breaches in the disclosure report. CC ID 15951 | Audits and risk management | Detective | |
| Include the percentage of Tier 1 suppliers' manufacturing facilities audited in compliance with the Responsible Business Alliance Validated Audit Process protocol in the disclosure report. CC ID 16216 | Audits and risk management | Detective | |
| Include the power usage effectiveness in the disclosure report. CC ID 15552 | Audits and risk management | Detective | |
| Include the energy intensity ratio in the disclosure report. CC ID 15735 | Audits and risk management | Preventive | |
| Include the percentage of energy consumed that is renewable energy in the disclosure report. CC ID 15549 | Audits and risk management | Detective | |
| Include the percentage of energy consumed that was supplied by grid electricity in the disclosure report. CC ID 15541 | Audits and risk management | Detective | |
| Include the percentage of recovered materials that were reused in the disclosure report. CC ID 15563 | Audits and risk management | Detective | |
| Include the percentage of recovered materials that were recycled or remanufactured in the disclosure report. CC ID 15574 | Audits and risk management | Detective | |
| Include the weight of recovered materials in the disclosure report. CC ID 16203 | Audits and risk management | Detective | |
| Include the percentage of recovered materials that were landfilled in the disclosure report. CC ID 15578 | Audits and risk management | Detective | |
| Include the rate of work-related injuries in the disclosure report. CC ID 15944 | Audits and risk management | Detective | |
| Include the percentage of employees and non-employees covered by the occupational health and safety management system in the disclosure report. CC ID 15943 | Audits and risk management | Detective | |
| Include the percentage of manufacturing facilities audited in compliance with the Responsible Business Alliance Validated Audit Process protocol in the disclosure report. CC ID 16207 | Audits and risk management | Detective | |
| Include the rate of fatalities as a result of work-related injuries in the disclosure report. CC ID 15954 | Audits and risk management | Detective | |
| Include the number of fatalities as a result of work-related ill health in the disclosure report. CC ID 15942 | Audits and risk management | Detective | |
| Include the total number of fatalities as a result of work-related injuries in the disclosure report. CC ID 15953 | Audits and risk management | Detective | |
Audits and Risk Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Correlate the business impact of identified risks in the risk assessment report. CC ID 00686 [{be sufficient}{be insufficient} The organization should provide sufficient information about its impacts in relation to each material topic so that information users can make informed assessments and decisions about the organization. If the disclosures from the Topic Standards do not provide sufficient information about the organization's impacts, then the organization should report additional disclosures. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Guidance to 5-a ¶ 5] | Audits and risk management | Preventive | |
| Conduct a Business Impact Analysis, as necessary. CC ID 01147 | Audits and risk management | Detective | |
| Analyze and quantify the risks to in scope systems and information. CC ID 00701 | Audits and risk management | Preventive | |
| Establish and maintain a Risk Scoping and Measurement Definitions Document. CC ID 00703 | Audits and risk management | Preventive | |
| Identify the material risks in the risk assessment report. CC ID 06482 | Audits and risk management | Preventive | |
| Assess the potential level of business impact risk associated with each business process. CC ID 06463 | Audits and risk management | Detective | |
| Assess the potential level of business impact risk associated with the business environment. CC ID 06464 | Audits and risk management | Detective | |
| Assess the potential level of business impact risk associated with business information of in scope systems. CC ID 06465 | Audits and risk management | Detective | |
| Assess the potential business impact risk of in scope systems caused by deliberate threats to their confidentiality, integrity, and availability. CC ID 06466 | Audits and risk management | Detective | |
| Assess the potential level of business impact risk caused by accidental threats to the confidentiality, integrity and availability of critical systems. CC ID 06467 | Audits and risk management | Detective | |
| Assess the potential level of business impact risk associated with reputational damage. CC ID 15335 | Audits and risk management | Detective | |
| Assess the potential level of business impact risk associated with insider threats. CC ID 06468 | Audits and risk management | Detective | |
| Assess the potential level of business impact risk associated with external entities. CC ID 06469 | Audits and risk management | Detective | |
| Assess the potential level of business impact risk associated with control weaknesses. CC ID 06471 | Audits and risk management | Detective | |
Behavior | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Disseminate and communicate the risk acceptance level in the risk treatment plan to all interested personnel and affected parties. CC ID 06849 | Audits and risk management | Preventive | |
Business Processes | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish, implement, and maintain a reporting methodology program. CC ID 02072 [{not require} To apply the Clarity principle, the organization should: present information in a way that users can find the information they want without unreasonable effort, for example, through a table of contents, maps, or links; Clarity Guidance ¶ 1 Bullet 2 To apply the Clarity principle, the organization should: present information in a way that it can be understood by users who have reasonable knowledge of the organization and its activities; Clarity Guidance ¶ 1 Bullet 3 {not be familiar} To apply the Clarity principle, the organization should: avoid abbreviations, technical terms, or other jargon likely to be unfamiliar to users or, if these are used, include relevant explanations in the appropriate sections or in a glossary; Clarity Guidance ¶ 1 Bullet 4 {not be familiar} To apply the Clarity principle, the organization should: avoid abbreviations, technical terms, or other jargon likely to be unfamiliar to users or, if these are used, include relevant explanations in the appropriate sections or in a glossary; Clarity Guidance ¶ 1 Bullet 4 To apply the Clarity principle, the organization should: consider specific accessibility needs of information users, associated with abilities, language, and technology; Clarity Guidance ¶ 1 Bullet 1 {make accessible}{be understandable} To apply the Clarity principle, the organization should: use graphics and consolidated data tables to make information accessible and understandable. Clarity Guidance ¶ 1 Bullet 6 {be concise}{refrain from omitting} To apply the Clarity principle, the organization should: report information in a concise way and aggregate information where useful without omitting necessary details; Clarity Guidance ¶ 1 Bullet 5 {be concise}{refrain from omitting} To apply the Clarity principle, the organization should: report information in a concise way and aggregate information where useful without omitting necessary details; Clarity Guidance ¶ 1 Bullet 5 {socially responsible behavior}{professional behavior}{international or national standard} To apply the Sustainability context principle, the organization should: report information about its impacts in relation to societal expectations and expectations of responsible business conduct set out in authoritative intergovernmental instruments with which the organization is expected to comply (e.g., Organisation for Economic Co-operation and Development [OECD] Guidelines for Multinational Enterprises[3], UN Guiding Principles on Business and Human Rights [5]) and in other recognized sector-specific, local, regional, or global instruments; Sustainability context Guidance ¶ 2 Bullet 3 {current time period}{prior time period} To apply the Comparability principle, the organization should: present information for the current reporting period and at least two previous periods, as well as any goals and targets that have been set Comparability Guidance ¶ 2 Bullet 1 To apply the Comparability principle, the organization should: maintain consistency in the methods used to measure and calculate data and in explaining the methods and assumptions used; Comparability Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: maintain consistency in the methods used to measure and calculate data and in explaining the methods and assumptions used; Comparability Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: maintain consistency in the manner of presenting the information; Comparability Guidance ¶ 2 Bullet 4 To apply the Comparability principle, the organization should: report total numbers or absolute data (e.g., metric tons of CO2 equivalent) as well as ratios or normalized data (e.g., CO2 emissions per unit produced) to enable comparisons, and provide explanatory notes when using ratios; Comparability Guidance ¶ 2 Bullet 5 To apply the Comparability principle, the organization should: provide contextual information (e.g., the organization's size, geographic location) to help information users understand the factors that contribute to differences between the organization's impacts and the impacts of other organizations; Comparability Guidance ¶ 2 Bullet 6 To apply the Completeness principle, the organization should: not omit information that is necessary for understanding the organization's impacts. Completeness Guidance ¶ 1 Bullet 2 If the organization consists of multiple entities (i.e., a parent entity and its subordinate entities), the organization is required to explain the approach used for consolidating the information under 2-2-c in GRI 2: General Disclosures 2021. Completeness Guidance ¶ 2 {make available} The organization shall report information on a regular schedule and make it available in time for information users to make decisions. Timeliness ¶ 1(a) {make available} To apply the Timeliness principle, the organization should: find a balance between the need to make information available in a timely manner and ensuring that the information is of high quality and meets the requirements under the other reporting principles; Timeliness Guidance ¶ 2 Bullet 1 To apply the Timeliness principle, the organization should: ensure consistency in the length of reporting periods; Timeliness Guidance ¶ 2 Bullet 2 {other individuals} To apply the Verifiability principle, the organization should: set up internal controls and organize documentation in such a way that individuals other than those preparing the reported information (e.g., internal auditors, external assurance providers) can review them; Verifiability Guidance ¶ 2 Bullet 1 {refrain from including} To apply the Verifiability principle, the organization should: avoid including information that is not substantiated by evidence unless it is relevant for understanding the organization's impacts; Verifiability Guidance ¶ 2 Bullet 6 To apply the Verifiability principle, the organization should: be able to identify the original sources of the reported information and provide reliable evidence to support assumptions or calculations; Verifiability Guidance ¶ 2 Bullet 4] | Leadership and high level objectives | Preventive | |
| Use secure communication protocols for telecommunications. CC ID 16458 | Leadership and high level objectives | Preventive | |
| Analyze the flow of information to ensure it is being received by the correct processes. CC ID 12860 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain an internal reporting program. CC ID 12409 | Leadership and high level objectives | Preventive | |
| Include transactions and events as a part of internal reporting. CC ID 12413 | Leadership and high level objectives | Preventive | |
| Identify the material topics required to be reported on. CC ID 15654 [The organization shall: determine its material topics; Requirement 3 ¶ 1(a) The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. Requirement 5 Guidance to 5-b ¶ 2 The organization is required to use the applicable Sector Standards when determining its material topics. Requirement 3 Guidance ¶ 4 The organization is required to determine its material topics based on its specific circumstances. Requirement 3 Guidance ¶ 2 The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: determine whether each topic in the applicable Sector Standard(s) is a material topic for the organization; Requirement 3 ¶ 1(b)(i) {be immaterial}{reason} The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. If the organization has determined any of the topics included in the applicable Sector Standards as not material, then the organization is required to list them in the GRI content index and explain why they are not material. See Requirement 7 in this Standard for more information on the content index. Requirement 3 Guidance to 3-b ¶ 2] | Leadership and high level objectives | Preventive | |
| Identify requirements that could affect achieving organizational objectives. CC ID 12828 | Leadership and high level objectives | Preventive | |
| Identify opportunities that could affect achieving organizational objectives. CC ID 12826 | Leadership and high level objectives | Preventive | |
| Align the reporting methodology with the decision management strategy. CC ID 15659 [{make available} The organization shall report information on a regular schedule and make it available in time for information users to make decisions. Timeliness ¶ 1(a)] | Leadership and high level objectives | Preventive | |
| Identify information being used to support the performance of the governance, risk, and compliance capability. CC ID 12866 [To apply the Verifiability principle, the organization should: be able to identify the original sources of the reported information and provide reliable evidence to support assumptions or calculations; Verifiability Guidance ¶ 2 Bullet 4] | Monitoring and measurement | Preventive | |
| Align organizational risk tolerance to that of industry peers in the risk register. CC ID 09962 | Audits and risk management | Preventive | |
| Review the Business Impact Analysis, as necessary. CC ID 12774 | Audits and risk management | Preventive | |
| Implement and comply with the Governance, Risk, and Compliance framework. CC ID 00818 | Operational management | Preventive | |
| Establish, implement, and maintain an environmental management system. CC ID 14945 | Operational management | Preventive | |
Communicate | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Include disseminating and communicating events surrounding instances of desirable conduct and undesirable conduct in the communication protocols. CC ID 12824 | Leadership and high level objectives | Preventive | |
| Identify alternative measures for collecting stakeholder input, as necessary. CC ID 15672 | Leadership and high level objectives | Preventive | |
| Include disseminating and communicating conditions surrounding instances of desirable conduct and undesirable conduct in the communication protocols. CC ID 12804 | Leadership and high level objectives | Preventive | |
| Include disseminating and communicating desirable conduct in the communication protocols. CC ID 12803 | Leadership and high level objectives | Preventive | |
| Include disseminating and communicating undesirable conduct in communication protocols. CC ID 12802 | Leadership and high level objectives | Preventive | |
| Disseminate and communicate internal controls with supply chain members. CC ID 12416 | Leadership and high level objectives | Preventive | |
| Disseminate and communicate management's choices for managing the organization as a part of internal reporting. CC ID 12412 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain an external reporting program. CC ID 12876 [The organization shall apply all the reporting principles specified in section 4 of GRI 1: Foundation 2021. Requirement 1(a) {be understandable} The organization shall present information in a way that is accessible and understandable. Clarity ¶ 1(a) {refrain from reporting} To apply the Balance principle, the organization should: not present information in a way that is likely to inappropriately influence the conclusions or assessments of information users. Balance Guidance ¶ 1 Bullet 5 {be fair}{negative impact} The organization shall report information in an unbiased way and provide a fair representation of the organization's negative and positive impacts. Balance ¶ 1(a) {should not}{positive impact} To apply the Balance principle, the organization should: not overemphasize positive news or impacts; Balance Guidance ¶ 1 Bullet 4 The organization shall report information that is correct and sufficiently detailed to allow an assessment of the organization's impacts. Accuracy ¶ 1(a)] | Leadership and high level objectives | Preventive | |
| Provide identifying information about the organization to the responsible party. CC ID 16715 | Leadership and high level objectives | Preventive | |
| Prioritize material topics used in reporting. CC ID 15678 | Leadership and high level objectives | Preventive | |
| Include time requirements in the external reporting program. CC ID 16566 | Leadership and high level objectives | Preventive | |
| Include reporting to governing bodies in the external reporting plan. CC ID 12923 [{appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Requirement 9(a) {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Requirement 9(a) {appropriate authority}The organization should include the following information in the email: The link to the GRI content index. Requirement 9 Guidance ¶ 1 Bullet 2 {appropriate authority}The organization should include the following information in the email: The legal name of the organization. Requirement 9 Guidance ¶ 1 Bullet 1 {appropriate authority}The organization should include the following information in the email: The link to the report, if publishing a standalone sustainability report. Requirement 9 Guidance ¶ 1 Bullet 3 {appropriate authority}The organization should include the following information in the email: A contact person in the organization and their contact details. Requirement 9 Guidance ¶ 1 Bullet 5 {appropriate authority} The organization should include the following information in the email: The legal name of the organization. Notify GRI Guidance ¶ 1 Bullet 1 {appropriate authority} The organization should include the following information in the email: The link to the GRI content index. Notify GRI Guidance ¶ 1 Bullet 2 {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Notify GRI (a) {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Notify GRI (a) {appropriate authority} The organization should include the following information in the email: A contact person in the organization and their contact details. Notify GRI Guidance ¶ 1 Bullet 5] | Leadership and high level objectives | Preventive | |
| Submit confidential treatment applications to interested personnel and affected parties. CC ID 16592 | Leadership and high level objectives | Preventive | |
| Disseminate and communicate the Business Impact Analysis to interested personnel and affected parties. CC ID 15300 | Audits and risk management | Preventive | |
| Disseminate and communicate the disclosure report to interested personnel and affected parties. CC ID 15667 [{appropriate authority}{compliance disclosure statement}The organization should include the following information in the email: The statement of use. Requirement 9 Guidance ¶ 1 Bullet 4 {compliance disclosure statement}{appropriate authority} The organization should include the following information in the email: The statement of use. Notify GRI Guidance ¶ 1 Bullet 4 {appropriate authority} The organization should include the following information in the email: The link to the report, if publishing a standalone sustainability report. Notify GRI Guidance ¶ 1 Bullet 3] | Audits and risk management | Preventive | |
Data and Information Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish, implement, and maintain Automated Data Processing validation checks and editing checks. CC ID 00924 | Records management | Preventive | |
Establish Roles | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish, implement, and maintain high level operational roles and responsibilities. CC ID 00806 | Human Resources management | Preventive | |
| Define and assign the Board of Directors roles and responsibilities and senior management roles and responsibilities, including signing off on key policies and procedures. CC ID 00807 [The organization is required to report whether the highest governance body is responsible for reviewing and approving the reported information, including the organization's material topics, under Disclosure 2-14 in GRI 2: General Disclosures 2021. Requirement 8 Guidance ¶ 4] | Human Resources management | Preventive | |
| Assign senior management to the role of authorizing official. CC ID 14238 | Human Resources management | Preventive | |
| Establish, implement, and maintain data processing integrity controls. CC ID 00923 [The organization shall gather, record, compile, and analyze information in such a way that the information can be examined to establish its quality. Verifiability ¶ 1(a) {other individuals} To apply the Verifiability principle, the organization should: set up internal controls and organize documentation in such a way that individuals other than those preparing the reported information (e.g., internal auditors, external assurance providers) can review them; Verifiability Guidance ¶ 2 Bullet 1] | Records management | Preventive | |
Establish/Maintain Documentation | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish, implement, and maintain communication protocols. CC ID 12245 | Leadership and high level objectives | Preventive | |
| Align the information being disseminated and communicated with the communication requirements according to the organization's communication protocol. CC ID 12419 | Leadership and high level objectives | Preventive | |
| Include external requirements in the organization's communication protocol. CC ID 12418 | Leadership and high level objectives | Preventive | |
| Include input from interested personnel and affected parties as a part of the organization’s communication protocol. CC ID 12417 | Leadership and high level objectives | Preventive | |
| Document the findings from surveys. CC ID 16309 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain warning procedures that follow the organization's communication protocol. CC ID 12407 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain alert procedures that follow the organization's communication protocol. CC ID 12406 | Leadership and high level objectives | Preventive | |
| Enforce a precision level for non-financial reporting based on user need and appropriate supply chain criteria. CC ID 12399 | Leadership and high level objectives | Preventive | |
| Define the thresholds for escalation in the internal reporting program. CC ID 14332 | Leadership and high level objectives | Preventive | |
| Define the thresholds for reporting in the internal reporting program. CC ID 14331 | Leadership and high level objectives | Preventive | |
| Define the thresholds for reporting in the external reporting program. CC ID 15679 | Leadership and high level objectives | Preventive | |
| Include information about the organizational culture in the external reporting program. CC ID 15610 | Leadership and high level objectives | Preventive | |
| Include the reasons for objections to public disclosure in confidential treatment applications. CC ID 16594 | Leadership and high level objectives | Preventive | |
| Include contact information for the interested personnel and affected parties the report was filed with in the confidential treatment application. CC ID 16595 | Leadership and high level objectives | Preventive | |
| Include the information that was omitted in the confidential treatment application. CC ID 16593 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain organizational objectives. CC ID 09959 | Leadership and high level objectives | Preventive | |
| Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a policy and procedure management program. CC ID 06285 | Leadership and high level objectives | Preventive | |
| Approve all compliance documents. CC ID 06286 | Leadership and high level objectives | Preventive | |
| Align the Authority Document list with external requirements. CC ID 06288 [The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: Requirement 3 ¶ 1(b)] | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a content index. CC ID 15660 [The organization shall: publish a GRI content index that includes: Publish a GRI content index ¶ 1(a) publish a GRI content index that includes: Requirement 7 ¶ 1(a)] | Leadership and high level objectives | Preventive | |
| Include the required information in the content index. CC ID 15665 [publish a GRI content index that includes: the title(s) of the GRI Sector Standard(s) that apply to the organization's sector(s); Requirement 7 ¶ 1(a)(iv) The organization shall: publish a GRI content index that includes: the location where the information reported for each disclosure can be found; Publish a GRI content index ¶ 1(a)(vi) publish a GRI content index that includes: the GRI Sector Standard reference numbers for the disclosures from the applicable Sector Standard(s); Requirement 7 ¶ 1(a)(x) {be immaterial}{reason} The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. If the organization has determined any of the topics included in the applicable Sector Standards as not material, then the organization is required to list them in the GRI content index and explain why they are not material. See Requirement 7 in this Standard for more information on the content index. Requirement 3 Guidance to 3-b ¶ 2 {approved standard} The organization shall: publish a GRI content index that includes: the title of GRI 1 used Publish a GRI content index ¶ 1(a)(iii) publish a GRI content index that includes: the title: GRI content index; Requirement 7 ¶ 1(a)(i) The organization shall: publish a GRI content index that includes: the titles of the GRI Standards that the reported disclosures come from; Publish a GRI content index ¶ 1(a)(v) The organization shall: publish a GRI content index that includes: a list of the reported disclosures from the GRI Standards, including the disclosure titles; Publish a GRI content index ¶ 1(a)(iv) {compliance disclosure statement} The organization shall: publish a GRI content index that includes: the statement of use; Publish a GRI content index ¶ 1(a)(ii) The organization shall: publish a GRI content index that includes: the title: GRI content index; Publish a GRI content index ¶ 1(a)(i) publish a GRI content index that includes: the location where the information reported for each disclosure can be found; Requirement 7 ¶ 1(a)(xi) publish a GRI content index that includes: a list of the reported disclosures, including the disclosure titles; Requirement 7 ¶ 1(a)(vii) publish a GRI content index that includes: the titles of the GRI Standards and other sources that the reported disclosures come from; Requirement 7 ¶ 1(a)(viii) {be immaterial} publish a GRI content index that includes: a list of the topics in the applicable GRI Sector Standard(s) determined as not material and an explanation for why they are not material; Requirement 7 ¶ 1(a)(vi) publish a GRI content index that includes: a list of the organization's material topics; Requirement 7 ¶ 1(a)(v) {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported the information cited in this GRI content index for the period [reporting period start and end dates] with reference to the GRI Standards. Provide a statement of use (a) {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported the information cited in this GRI content index for the period [reporting period start and end dates] with reference to the GRI Standards. Provide a statement of use (a)] | Leadership and high level objectives | Preventive | |
| Include the disclosures or requirements it cannot comply with in the content index. CC ID 15664 [If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 2 Guidance ¶ 2 {approved standard} If the organization cannot comply with Disclosure 3-3 or with a requirement in Disclosure 3-3, then the organization is required to specify this in the GRI content index, and to provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 4 Guidance ¶ 2 {be unavailable} When the organization cannot report part of the required information it means the information is incomplete. When the reported information does not cover the complete scope required by a disclosure (e.g., the information is missing for certain entities, sites, geographic locations), then the organization is required to provide 'information unavailable /incomplete' as the reason for omission. The organization must specify the entities, sites, geographic locations, etc., for which the required information is missing and cannot be reported. Requirement 6 Information unavailable / incomplete ¶ 2 If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, the organization shall in the GRI content index: specify the disclosure or the requirement it cannot comply with; Requirement 6(a)(i) Reasons for omission are permitted for all disclosures from the Topic Standards. If the organization cannot comply with a disclosure or with a requirement in a disclosure, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-a ¶ 5 {be incomplete}{omitted} If the information for a disclosure or a requirement in a disclosure for which reasons for omission are permitted is unavailable or incomplete, then the organization is required to provide a reason for omission. When information is incomplete, the organization is required to specify which part is missing (e.g., specify the entities for which the information is missing). See Requirement 6 in this Standard for more information. Completeness Guidance ¶ 3] | Leadership and high level objectives | Preventive | |
| Include explanations for why disclosures or requirements were omitted in the content index. CC ID 15663 [If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 2 Guidance ¶ 2 {confidential information} There may be cases where the law does not forbid collecting or reporting the required information, but the organization considers the information confidential and cannot report it publicly. In such cases, the organization provides 'confidentiality constraints' as the reason for omission. Requirement 6 Confidentiality constraints ¶ 1 The organization provides 'legal prohibitions' as the reason for omission when the law forbids collecting the required information or reporting it publicly. Requirement 6 Legal prohibitions ¶ 1 {not be applicable} If the organization determines a topic in an applicable Sector Standard to be material, the Sector Standard helps the organization identify disclosures to report information about its impacts in relation to that topic. For each likely material topic, the Sector Standards list disclosures from the GRI Topic Standards for organizations to report. If any of the Topic Standards disclosures listed in the Sector Standards are not relevant to the organization's impacts, the organization is not required to report these. However, the organization is required to list these disclosures in the GRI content index and provide 'not applicable' as the reason for omission for not reporting the disclosures. The organization is also required to explain in brief why the disclosures are not relevant to its impacts in relation to the material topic. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-b ¶ 3 {not be applicable}for each material topic covered in the applicable GRI Sector Standard(s), either: provide the 'not applicable' reason for omission and the required explanation in the GRI content index. Requirement 5 ¶ 1(b)(ii) {approved standard} If the organization cannot comply with Disclosure 3-3 or with a requirement in Disclosure 3-3, then the organization is required to specify this in the GRI content index, and to provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 4 Guidance ¶ 2 {be unavailable} When the organization cannot report part of the required information it means the information is incomplete. When the reported information does not cover the complete scope required by a disclosure (e.g., the information is missing for certain entities, sites, geographic locations), then the organization is required to provide 'information unavailable /incomplete' as the reason for omission. The organization must specify the entities, sites, geographic locations, etc., for which the required information is missing and cannot be reported. Requirement 6 Information unavailable / incomplete ¶ 2 {be incomplete} There may be cases where the organization has the item specified in a disclosure or in a requirement in a disclosure, but the information about the item is unavailable or incomplete. In such cases, the organization provides 'information unavailable / incomplete' as the reason for omission. For example, information is unavailable for Disclosure 305-3 in GRI 305: Emissions 2016 when the organization has other indirect (Scope 3) greenhouse gas (GHG) emissions, but it has not collected data on its other indirect (Scope 3) GHG emissions yet. Requirement 6 Information unavailable / incomplete ¶ 1 If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, the organization shall in the GRI content index: provide one of the four reasons for omission included in Table 1 and the required explanation for that reason. Requirement 6(a)(ii) Reasons for omission are permitted for all disclosures from the Topic Standards. If the organization cannot comply with a disclosure or with a requirement in a disclosure, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-a ¶ 5 publish a GRI content index that includes: when the organization does not report GRI Topic Standard disclosures for a material topic from the applicable GRI Sector Standard(s), a list of the disclosures and the required reason for omission; Requirement 7 ¶ 1(a)(ix) {be incomplete}{omitted} If the information for a disclosure or a requirement in a disclosure for which reasons for omission are permitted is unavailable or incomplete, then the organization is required to provide a reason for omission. When information is incomplete, the organization is required to specify which part is missing (e.g., specify the entities for which the information is missing). See Requirement 6 in this Standard for more information. Completeness Guidance ¶ 3 The organization is required to report reasons for omission in the GRI content index. See Requirement 7 in this Standard for more information on the content index. Requirement 6 Information unavailable / incomplete ¶ 6 publish a GRI content index that includes: any reasons for omission used; Requirement 7 ¶ 1(a)(xii)] | Leadership and high level objectives | Preventive | |
| Include an explanation of why disclosures or requirements do not apply in the content index. CC ID 15662 [In such cases, the organization is required to explain why the disclosure or the requirement does not apply to the organization. Requirement 6 Not applicable ¶ 1 Bullet 1 ¶ 2 {not be applicable}The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure from the GRI Topic Standards that is listed in the applicable GRI Sector Standards is not relevant to the organization's impacts in relation to a material topic. In such cases, the organization is required to explain why the disclosure is not relevant to its impacts in relation to the material topic. Requirement 6 Not applicable ¶ 1 Bullet 2 {not be applicable}The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure from the GRI Topic Standards that is listed in the applicable GRI Sector Standards is not relevant to the organization's impacts in relation to a material topic. In such cases, the organization is required to explain why the disclosure is not relevant to its impacts in relation to the material topic. Requirement 6 Not applicable ¶ 1 Bullet 2 {not be applicable} If the organization determines a topic in an applicable Sector Standard to be material, the Sector Standard helps the organization identify disclosures to report information about its impacts in relation to that topic. For each likely material topic, the Sector Standards list disclosures from the GRI Topic Standards for organizations to report. If any of the Topic Standards disclosures listed in the Sector Standards are not relevant to the organization's impacts, the organization is not required to report these. However, the organization is required to list these disclosures in the GRI content index and provide 'not applicable' as the reason for omission for not reporting the disclosures. The organization is also required to explain in brief why the disclosures are not relevant to its impacts in relation to the material topic. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-b ¶ 3 The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure or a requirement in a disclosure does not apply to the organization based on its characteristics (e.g., size, type). For example, 2-15-b-iii in GRI 2: General Disclosures 2021 requires the organization to report whether conflicts of interest relating to the existence of controlling shareholders are disclosed to stakeholders. This requirement does not apply to organizations that do not have shareholders (e.g., foundations). Requirement 6 Not applicable ¶ 1 Bullet 1 ¶ 1 {reason}{be immaterial} The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: list in the GRI content index any topics from the applicable Sector Standard(s) that the organization has determined as not material and explain why they are not material. Requirement 3 ¶ 1(b)(ii)] | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a strategic plan. CC ID 12784 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a decision management strategy. CC ID 06913 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a metrics policy. CC ID 01654 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain an approach for compliance monitoring. CC ID 01653 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a metrics standard and template. CC ID 02157 [To apply the Accuracy principle, the organization should: adequately describe data measurements and bases for calculations, and ensure it is possible to replicate measurements and calculations with similar results; Accuracy Guidance ¶ 2 Bullet 3 To apply the Accuracy principle, the organization should: adequately describe data measurements and bases for calculations, and ensure it is possible to replicate measurements and calculations with similar results; Accuracy Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: use accepted international metrics (e.g., kilograms, liters), and standard conversion factors and protocols, where applicable, for compiling and reporting information; Comparability Guidance ¶ 2 Bullet 2] | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a risk management program. CC ID 12051 | Audits and risk management | Preventive | |
| Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Audits and risk management | Preventive | |
| Include recovery of the critical path in the Business Impact Analysis. CC ID 13224 | Audits and risk management | Preventive | |
| Include acceptable levels of data loss in the Business Impact Analysis. CC ID 13264 | Audits and risk management | Preventive | |
| Include Recovery Point Objectives in the Business Impact Analysis. CC ID 13223 | Audits and risk management | Preventive | |
| Include the Recovery Time Objectives in the Business Impact Analysis. CC ID 13222 | Audits and risk management | Preventive | |
| Include pandemic risks in the Business Impact Analysis. CC ID 13219 | Audits and risk management | Preventive | |
| Include tolerance to downtime in the Business Impact Analysis report. CC ID 01172 | Audits and risk management | Preventive | |
| Establish, implement, and maintain a risk register. CC ID 14828 | Audits and risk management | Preventive | |
| Document organizational risk tolerance in a risk register. CC ID 09961 | Audits and risk management | Preventive | |
| Establish a risk acceptance level that is appropriate to the organization's risk appetite. CC ID 00706 | Audits and risk management | Preventive | |
| Select the appropriate risk treatment option for each identified risk in the risk register. CC ID 06483 | Audits and risk management | Preventive | |
| Establish, implement, and maintain a disclosure report. CC ID 15521 [{be the same}{approved standard}{international or national standard} Disclosures that the organization reports from other sources or that are developed by the organization itself, should have the same rigor as disclosures from the GRI Standards, and they should align with expectations set out in authoritative intergovernmental instruments. Requirement 5 Guidance to 5-a ¶ 6 {be the same}{approved standard}{international or national standard} Disclosures that the organization reports from other sources or that are developed by the organization itself, should have the same rigor as disclosures from the GRI Standards, and they should align with expectations set out in authoritative intergovernmental instruments. Requirement 5 Guidance to 5-a ¶ 6 The organization shall report all disclosures in GRI 2: General Disclosures 2021. Requirement 2(a) {compliance disclosure statement} publish a GRI content index that includes: the statement of use; Requirement 7 ¶ 1(a)(ii) for each material topic covered in the applicable GRI Sector Standard(s), either: report the disclosures from the GRI Topic Standards listed for that topic in the Sector Standard(s), or; Requirement 5 ¶ 1(b)(i) {be relevant} For each material topic, the organization needs to identify disclosures from the GRI Topic Standards to report. The organization is required to report only those disclosures relevant to its impacts in relation to a material topic. The organization is not required to report disclosures that are not relevant. Requirement 5 Guidance to 5-a ¶ 1 {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported in accordance with the GRI Standards for the period [reporting period start and end dates]. Requirement 8(a) {be sufficient}{be insufficient} The organization should provide sufficient information about its impacts in relation to each material topic so that information users can make informed assessments and decisions about the organization. If the disclosures from the Topic Standards do not provide sufficient information about the organization's impacts, then the organization should report additional disclosures. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Guidance to 5-a ¶ 5 To apply the Comparability principle, the organization should: if restatements of historical data are not provided, explain the changes to provide contextual information for interpreting the current disclosures. Comparability Guidance ¶ 2 Bullet 8 To apply the Accuracy principle, the organization should: report qualitative information that is consistent with available evidence and other reported information; Accuracy Guidance ¶ 2 Bullet 1 To apply the Balance principle, the organization should: not omit relevant information concerning its negative impacts; Balance Guidance ¶ 1 Bullet 3 {emerging trend}{related} The organization shall select, compile, and report information consistently to enable an analysis of changes in the organization's impacts over time and an analysis of these impacts relative to those of other organizations. Comparability ¶ 1(a) {emerging trend}{related} The organization shall select, compile, and report information consistently to enable an analysis of changes in the organization's impacts over time and an analysis of these impacts relative to those of other organizations. Comparability ¶ 1(a)] | Audits and risk management | Preventive | |
| Include a summary of the questions and statements from surveys or studies in the disclosure report. CC ID 15631 | Audits and risk management | Preventive | |
| Include a statement that confidential information has been omitted in the disclosure report. CC ID 16598 | Audits and risk management | Preventive | |
| Include legal proceedings in the disclosure report. CC ID 15564 | Audits and risk management | Preventive | |
| Include the context of monetary losses from legal proceedings in the disclosure report. CC ID 15533 | Audits and risk management | Preventive | |
| Include the nature of monetary losses from legal proceedings in the disclosure report. CC ID 15532 | Audits and risk management | Preventive | |
| Include goals and targets in the disclosure report. CC ID 16339 | Audits and risk management | Preventive | |
| Include the governance, risk, and compliance approach in the disclosure report. CC ID 16024 | Audits and risk management | Preventive | |
| Include the relationship between organizational requirements and external requirements in the disclosure report. CC ID 16154 | Audits and risk management | Preventive | |
| Include external requirements in the disclosure report. CC ID 16150 | Audits and risk management | Preventive | |
| Include the classification of risks and opportunities posed by climate change in the disclosure report. CC ID 16096 | Audits and risk management | Preventive | |
| Include board oversight of risks and opportunities in the disclosure report. CC ID 16337 | Audits and risk management | Preventive | |
| Include risk management procedures in the disclosure report. CC ID 16058 | Audits and risk management | Preventive | |
| Include the risk management strategy in the disclosure report. CC ID 16348 | Audits and risk management | Preventive | |
| Include risk assessment procedures in the disclosure report. CC ID 16343 | Audits and risk management | Preventive | |
| Include the organization's primary activities in the disclosure report. CC ID 16043 | Audits and risk management | Preventive | |
| Include business operations owned by the organization in the disclosure report. CC ID 15614 | Audits and risk management | Preventive | |
| Include critical business operations that support cloud services in the disclosure report. CC ID 15612 | Audits and risk management | Preventive | |
| Include the relationship between the tax strategy and the organizational strategy in the disclosure report. CC ID 16035 | Audits and risk management | Preventive | |
| Include reference to assurance statements in the disclosure report. CC ID 16033 | Audits and risk management | Preventive | |
| Include a description of assurance processes in the disclosure report. CC ID 16031 | Audits and risk management | Preventive | |
| Include metrics in the disclosure report. CC ID 15916 | Audits and risk management | Preventive | |
| Include metrics on diversity and equal opportunity in the disclosure report. CC ID 15934 | Audits and risk management | Preventive | |
| Include the percentage of individuals in each racial group or ethnic group in the disclosure report. CC ID 15632 | Audits and risk management | Preventive | |
| Include the percentage of individuals in specified age groups in the disclosure report. CC ID 15871 | Audits and risk management | Preventive | |
| Include the number of individuals in each region in the disclosure report. CC ID 15835 | Audits and risk management | Preventive | |
| Include the number of individuals in each gender category in the disclosure report. CC ID 15633 | Audits and risk management | Preventive | |
| Include the total number of incidents of discrimination in the disclosure report. CC ID 15788 | Audits and risk management | Preventive | |
| Include the ratio of the basic salary and remuneration of women and men in the disclosure report. CC ID 15869 | Audits and risk management | Preventive | |
| Include the percentage of individuals in specified diversity categories in the disclosure report. CC ID 15870 | Audits and risk management | Preventive | |
| Include metrics criteria in the disclosure report. CC ID 16143 | Audits and risk management | Preventive | |
| Include risk management metrics in the disclosure report. CC ID 16345 | Audits and risk management | Preventive | |
| Include financial management metrics in the disclosure report. CC ID 16042 | Audits and risk management | Preventive | |
| Include a breakdown of financial assistance received from the government in the disclosure report. CC ID 16104 | Audits and risk management | Preventive | |
| Include metrics on anti-corruption in the disclosure report. CC ID 16052 | Audits and risk management | Preventive | |
| Include environmental management metrics in the disclosure report. CC ID 16012 | Audits and risk management | Preventive | |
| Include a breakdown, by extinction risk, of the listed species with habitats in areas affected by organizational operations in the disclosure report. CC ID 16041 | Audits and risk management | Preventive | |
| Include metrics on procurement practices in the disclosure report. CC ID 16011 | Audits and risk management | Preventive | |
| Include emissions management metrics in the disclosure report. CC ID 15987 | Audits and risk management | Preventive | |
| Include compliance metrics in the disclosure report. CC ID 15932 | Audits and risk management | Preventive | |
| Include the total amount of monetary losses from legal proceedings in the disclosure report. CC ID 15548 | Audits and risk management | Preventive | |
| Include the total number of incidents of non-compliance in the disclosure report. CC ID 15813 | Audits and risk management | Preventive | |
| Include metrics on labor-management relations in the disclosure report. CC ID 15935 | Audits and risk management | Preventive | |
| Include the minimum number of weeks' notice provided to employees and their representatives prior to the implementation of significant operational changes that could substantially affect them in the disclosure report. CC ID 15895 | Audits and risk management | Preventive | |
| Include waste management metrics in the disclosure report. CC ID 15925 | Audits and risk management | Preventive | |
| Include the total weight of waste generated in the disclosure report. CC ID 15778 | Audits and risk management | Preventive | |
| Include the total weight of hazardous waste directed to disposal in the disclosure report. CC ID 15774 | Audits and risk management | Preventive | |
| Include a breakdown of waste generated in the disclosure report. CC ID 15775 | Audits and risk management | Preventive | |
| Include a breakdown of hazardous waste directed to disposal in the disclosure report. CC ID 15781 | Audits and risk management | Preventive | |
| Include the total weight of non-hazardous waste directed to disposal in the disclosure report. CC ID 15772 | Audits and risk management | Preventive | |
| Include a breakdown of non-hazardous waste directed to disposal in the disclosure report. CC ID 15780 | Audits and risk management | Preventive | |
| Include the total weight of non-hazardous waste diverted from disposal in the disclosure report. CC ID 15770 | Audits and risk management | Preventive | |
| Include a breakdown of non-hazardous waste diverted from disposal in the disclosure report. CC ID 15771 | Audits and risk management | Preventive | |
| Include the total weight of waste diverted from disposal in the disclosure report. CC ID 15766 | Audits and risk management | Preventive | |
| Include a breakdown of waste diverted from disposal the disclosure report. CC ID 15767 | Audits and risk management | Preventive | |
| Include the total weight of hazardous waste diverted from disposal in the disclosure report. CC ID 15768 | Audits and risk management | Preventive | |
| Include a breakdown of hazardous waste diverted from disposal in the disclosure report. CC ID 15769 | Audits and risk management | Preventive | |
| Include the total weight of waste directed to disposal in the disclosure report. CC ID 15777 | Audits and risk management | Preventive | |
| Include a breakdown of waste directed to disposal in the disclosure report. CC ID 15776 | Audits and risk management | Preventive | |
| Include product and service management metrics in the disclosure report. CC ID 15917 | Audits and risk management | Preventive | |
| Include the number of products and services provided by the organization in the disclosure report. CC ID 15833 | Audits and risk management | Preventive | |
| Include the percentage of product or service categories assessed for compliance in the disclosure report. CC ID 15811 | Audits and risk management | Preventive | |
| Include water management metrics in the disclosure report. CC ID 15924 | Audits and risk management | Preventive | |
| Include the total water withdrawal in the disclosure report. CC ID 15593 | Audits and risk management | Preventive | |
| Include the total water withdrawal from locations with significant baseline water stress in the disclosure report. CC ID 15596 | Audits and risk management | Preventive | |
| Include a breakdown of water withdrawal from locations with significant baseline water stress in the disclosure report. CC ID 15794 | Audits and risk management | Preventive | |
| Include a breakdown of water withdrawal in the disclosure report. CC ID 15795 | Audits and risk management | Preventive | |
| Include the total water discharge in the disclosure report. CC ID 15758 | Audits and risk management | Preventive | |
| Include a breakdown of water discharge in the disclosure report. CC ID 15759 | Audits and risk management | Preventive | |
| Include the total water discharge to locations with significant baseline water stress in the disclosure report. CC ID 15760 | Audits and risk management | Preventive | |
| Include a breakdown of water discharge to locations with significant baseline water stress in the disclosure report. CC ID 15797 | Audits and risk management | Preventive | |
| Include the total water consumption in the disclosure report. CC ID 15642 | Audits and risk management | Preventive | |
| Include the total water consumption in locations with significant baseline water stress in the disclosure report. CC ID 15598 | Audits and risk management | Preventive | |
| Include the total number of complaints received in the disclosure report. CC ID 15728 | Audits and risk management | Preventive | |
| Include the percentage of individuals involved in the study or survey in the disclosure report. CC ID 15643 | Audits and risk management | Preventive | |
| Include employment practices metrics in the disclosure report. CC ID 15921 | Audits and risk management | Preventive | |
| Include the rate of employee turnover in the disclosure report. CC ID 15898 | Audits and risk management | Preventive | |
| Include the total number of new employee hires in the disclosure report. CC ID 15896 | Audits and risk management | Preventive | |
| Include the total number of employees in the disclosure report. CC ID 15834 | Audits and risk management | Preventive | |
| Include metrics on parental leave in the disclosure report. CC ID 15936 | Audits and risk management | Preventive | |
| Include the total number of employees that returned to work after parental leave ended that were still employed twelve months after their return to work in the disclosure report. CC ID 15906 | Audits and risk management | Preventive | |
| Include the number of hours worked in the disclosure report. CC ID 15910 | Audits and risk management | Preventive | |
| Include metrics on public policy advocacy in the disclosure report. CC ID 15947 | Audits and risk management | Preventive | |
| Include the total monetary value of political contributions in the disclosure report. CC ID 15803 | Audits and risk management | Preventive | |
| Include metrics on training and education in the disclosure report. CC ID 15940 | Audits and risk management | Preventive | |
| Include the percentage of total employees who received a performance review in the disclosure report. CC ID 15877 | Audits and risk management | Preventive | |
| Include the average hours of training undertaken by employees in the disclosure report. CC ID 15881 | Audits and risk management | Preventive | |
| Include operational metrics in the disclosure report. CC ID 15939 | Audits and risk management | Preventive | |
| Include incident management metrics in the disclosure report. CC ID 15926 | Audits and risk management | Preventive | |
| Include the number of service disruptions in services provided to users in the disclosure report. CC ID 15618 | Audits and risk management | Preventive | |
| Include the number of performance issues in services provided to users in the disclosure report. CC ID 15606 | Audits and risk management | Preventive | |
| Include the total number of operations performed by the organization in the disclosure report. CC ID 15831 | Audits and risk management | Preventive | |
| Include metrics on information privacy and freedom of expression in the disclosure report. CC ID 15933 | Audits and risk management | Preventive | |
| Include the number of individuals whose information is used for secondary purposes in the disclosure report. CC ID 15557 | Audits and risk management | Preventive | |
| Include the total number of leaks, thefts, or losses of restricted data in the disclosure report. CC ID 15729 | Audits and risk management | Preventive | |
| Include the number of content removal requests in the disclosure report. CC ID 15647 | Audits and risk management | Preventive | |
| Include the percentage of individuals affected by monitoring, blocking, or filtering in the disclosure report. CC ID 15640 | Audits and risk management | Preventive | |
| Include the total number of unique requests for an individual's information in the disclosure report. CC ID 15542 | Audits and risk management | Preventive | |
| Include the percentage of data breaches which involved personal data in the disclosure report. CC ID 15543 | Audits and risk management | Preventive | |
| Include third party management metrics in the disclosure report. CC ID 15923 | Audits and risk management | Preventive | |
| Include the total number of contractors and outsource partners in the disclosure report. CC ID 15837 | Audits and risk management | Preventive | |
| Include metrics on supplier environmental assessments in the disclosure report. CC ID 15937 | Audits and risk management | Preventive | |
| Include the percentage of suppliers identified as having significant negative environmental impacts with which improvements were agreed upon as a result of assessment in the disclosure report. CC ID 15884 | Audits and risk management | Preventive | |
| Include the percentage of suppliers identified as having significant negative environmental impacts with which relationships were terminated as a result of assessment in the disclosure report. CC ID 15883 | Audits and risk management | Preventive | |
| Include the number of suppliers assessed for environmental impacts in the disclosure report. CC ID 15886 | Audits and risk management | Preventive | |
| Include the number of suppliers identified as having significant negative environmental impacts in the disclosure report. CC ID 15885 | Audits and risk management | Preventive | |
| Include the percentage of new suppliers that were screened using environmental criteria in the disclosure report. CC ID 15887 | Audits and risk management | Preventive | |
| Include metrics on supplier social assessments in the disclosure report. CC ID 15938 | Audits and risk management | Preventive | |
| Include the percentage of new suppliers that were screened using social criteria in the disclosure report. CC ID 15808 | Audits and risk management | Preventive | |
| Include the number of suppliers with significant negative social impacts in the disclosure report. CC ID 15807 | Audits and risk management | Preventive | |
| Include the percentage of suppliers with significant negative social impacts with which improvements were agreed upon in the disclosure report. CC ID 15806 | Audits and risk management | Preventive | |
| Include the percentage of suppliers having significant negative social impacts with which relationships were terminated in the disclosure report. CC ID 15805 | Audits and risk management | Preventive | |
| Include the number of suppliers assessed for social impacts in the disclosure report. CC ID 15810 | Audits and risk management | Preventive | |
| Include customer health and safety management metrics in the disclosure report. CC ID 15922 | Audits and risk management | Preventive | |
| Include the percentage of product or service categories for which health and safety impacts are assessed for improvement in the disclosure report. CC ID 15814 | Audits and risk management | Preventive | |
| Include energy management metrics in the disclosure report. CC ID 15920 | Audits and risk management | Preventive | |
| Include the total energy reduction in the disclosure report. CC ID 15749 | Audits and risk management | Preventive | |
| Include the total amount of reductions in the energy requirements of products and services in the disclosure report. CC ID 15751 | Audits and risk management | Preventive | |
| Exclude energy reduction resulting from reduced production capacity or outsourcing in the disclosure report. CC ID 15750 | Audits and risk management | Preventive | |
| Include the total heating sold in the disclosure report. CC ID 15739 | Audits and risk management | Preventive | |
| Include the total fuel consumption from non-renewable energy sources in the disclosure report. CC ID 15746 | Audits and risk management | Preventive | |
| Include the total electricity sold in the disclosure report. CC ID 15740 | Audits and risk management | Preventive | |
| Include the total energy consumption in the disclosure report. CC ID 15506 | Audits and risk management | Preventive | |
| Include the total fuel consumption from renewable energy sources in the disclosure report. CC ID 15744 | Audits and risk management | Preventive | |
| Include the total heating consumption in the disclosure report. CC ID 15743 | Audits and risk management | Preventive | |
| Include the total cooling sold in the disclosure report. CC ID 15738 | Audits and risk management | Preventive | |
| Include the total cooling consumption in the disclosure report. CC ID 15742 | Audits and risk management | Preventive | |
| Include the total steam sold in the disclosure report. CC ID 15737 | Audits and risk management | Preventive | |
| Include the total steam consumption in the disclosure report. CC ID 15741 | Audits and risk management | Preventive | |
| Include the fuel types used in the disclosure report. CC ID 15745 | Audits and risk management | Preventive | |
| Include materials management metrics in the disclosure report. CC ID 15919 | Audits and risk management | Preventive | |
| Include the total weight or volume of renewable materials used by the organization in the disclosure report. CC ID 15791 | Audits and risk management | Preventive | |
| Include the weight of recovered materials through product take-back programs and recycling services in the disclosure report. CC ID 15562 | Audits and risk management | Preventive | |
| Include the total weight or volume of non-renewable materials used by the organization in the disclosure report. CC ID 15792 | Audits and risk management | Preventive | |
| Include occupational health and safety management metrics in the disclosure report. CC ID 15918 | Audits and risk management | Preventive | |
| Include the total number of employees and non-employees covered by the occupational health and safety management system in the disclosure report. CC ID 15891 | Audits and risk management | Preventive | |
| Include the total number of work-related injuries in the disclosure report. CC ID 15899 | Audits and risk management | Preventive | |
| Include the number of cases of work-related ill health in the disclosure report. CC ID 15914 | Audits and risk management | Preventive | |
| Include outsourcing arrangements in the disclosure report. CC ID 15621 | Audits and risk management | Preventive | |
| Include business operations outsourced to third parties in the disclosure report. CC ID 15616 | Audits and risk management | Preventive | |
| Include how material topics are managed in the disclosure report. CC ID 15657 [{approved standard} The organization shall: report how it manages each material topic using Disclosure 3-3. Requirement 4 ¶ 1(c) {approved standard} When the organization's material topic is not covered by the disclosures in the GRI Topic Standards, the organization is required to report how it manages the material topic, using Disclosure 3-3 in GRI 3: Material Topics 2021. See Requirement4-c in this Standard for more information Requirement 5 Reporting on material topics not covered in the GRI Topic Standards ¶ 1] | Audits and risk management | Preventive | |
| Include disclosures for each material topic in the disclosure report. CC ID 15658 [The organization shall: report disclosures from the GRI Topic Standards for each material topic; Requirement 5 ¶ 1(a)] | Audits and risk management | Preventive | |
| Include a description of how the organization manages privacy in the disclosure report. CC ID 15785 | Audits and risk management | Preventive | |
| Include the content removal policy in the disclosure report. CC ID 15650 | Audits and risk management | Preventive | |
| Include the level of management approval required for content removal requests in the disclosure report. CC ID 15653 | Audits and risk management | Preventive | |
| Include requirements for content removal requests in the disclosure report. CC ID 15652 | Audits and risk management | Preventive | |
| Include the conditions for denying content removal requests in the disclosure report. CC ID 15651 | Audits and risk management | Preventive | |
| Include the scope of content removal requests in the disclosure report. CC ID 15648 | Audits and risk management | Preventive | |
| Include a description of data subjects in the disclosure report. CC ID 16791 | Audits and risk management | Preventive | |
| Include the categories of personal data maintained by the organization in the disclosure report. CC ID 16790 | Audits and risk management | Preventive | |
| Include a business need justification for personal data processing in the disclosure report. CC ID 16788 | Audits and risk management | Preventive | |
| Include the personal data use purpose specification in the disclosure report. CC ID 16786 | Audits and risk management | Preventive | |
| Include a description of the information systems that process personal data in the disclosure report. CC ID 16784 | Audits and risk management | Preventive | |
| Include the policies and procedures related to freedom of expression in the disclosure report. CC ID 15604 | Audits and risk management | Preventive | |
| Include dispute resolution quality measures in the disclosure report. CC ID 16312 | Audits and risk management | Preventive | |
| Include all data requests that resulted in compliance with the disclosure request in the disclosure report. CC ID 15547 | Audits and risk management | Preventive | |
| Include individuals whose information is provided to third parties for secondary purposes in the disclosure report. CC ID 15559 | Audits and risk management | Preventive | |
| Include the disclosure of aggregated, de-identified, and anonymized data to the requesting party in the disclosure report. CC ID 15570 | Audits and risk management | Preventive | |
| Include a description of how the organization manages records in the disclosure report. CC ID 16787 | Audits and risk management | Preventive | |
| Include a description of how the organization manages anti-corruption in the disclosure report. CC ID 16055 | Audits and risk management | Preventive | |
| Include a description of incidents of corruption in the disclosure report. CC ID 16067 | Audits and risk management | Preventive | |
| Include significant risks related to corruption in the disclosure report. CC ID 16065 | Audits and risk management | Preventive | |
| Include the interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16064 | Audits and risk management | Preventive | |
| Include a description of how the organization manages economic performance in the disclosure report. CC ID 16054 | Audits and risk management | Preventive | |
| Include risks and opportunities posed by climate change in the disclosure report. CC ID 16060 | Audits and risk management | Preventive | |
| Include a justification for reporting financial data on a cash basis in the disclosure report. CC ID 16059 | Audits and risk management | Preventive | |
| Include a description of how the organization manages biodiversity in the disclosure report. CC ID 15986 | Audits and risk management | Preventive | |
| Include whether habitat restoration measures have been approved by independent external professionals in the disclosure report. CC ID 16075 | Audits and risk management | Preventive | |
| Include the condition of habitat areas protected or restored by the organization in the disclosure report. CC ID 16040 | Audits and risk management | Preventive | |
| Include whether third party relationships exist to protect or restore habitat areas in the disclosure report. CC ID 16039 | Audits and risk management | Preventive | |
| Include the biodiversity value of operational sites in the disclosure report. CC ID 16034 | Audits and risk management | Preventive | |
| Include the type of operations near areas of high biodiversity value in the disclosure report. CC ID 16025 | Audits and risk management | Preventive | |
| Include the location of operational sites near areas of high biodiversity value in the disclosure report. CC ID 16020 | Audits and risk management | Preventive | |
| Include the location of habitat areas protected or restored by the organization in the disclosure report. CC ID 16018 | Audits and risk management | Preventive | |
| Include the species impacted by organizational activities, products, and services in the disclosure report. CC ID 16015 | Audits and risk management | Preventive | |
| Include underground land owned by the organization near areas of high biodiversity value in the disclosure report. CC ID 16014 | Audits and risk management | Preventive | |
| Include a description of how the organization manages taxes in the disclosure report. CC ID 15985 | Audits and risk management | Preventive | |
| Include the frequency of tax strategy reviews in the disclosure report. CC ID 16074 | Audits and risk management | Preventive | |
| Include a justification for differences between corporate income tax accrued and tax due in the disclosure report. CC ID 16051 | Audits and risk management | Preventive | |
| Include the tax jurisdictions in the disclosure report. CC ID 16047 | Audits and risk management | Preventive | |
| Include the roles and responsibilities assigned to tax governance and control in the disclosure report. CC ID 16030 | Audits and risk management | Preventive | |
| Include the tax strategy in the disclosure report. CC ID 16029 | Audits and risk management | Preventive | |
| Include the tax governance and control framework in the disclosure report. CC ID 16028 | Audits and risk management | Preventive | |
| Include the management of tax risks in the disclosure report. CC ID 16026 | Audits and risk management | Preventive | |
| Include a description of how the organization manages market presence in the disclosure report. CC ID 15983 | Audits and risk management | Preventive | |
| Include the actions taken to determine whether workers are paid above minimum wage in the disclosure report. CC ID 16056 | Audits and risk management | Preventive | |
| Include the local minimum wage in the disclosure report. CC ID 15992 | Audits and risk management | Preventive | |
| Include a description of how the organization manages anti-competitive behavior in the disclosure report. CC ID 15981 | Audits and risk management | Preventive | |
| Include a description of how the organization manages procurement practices in the disclosure report. CC ID 15980 | Audits and risk management | Preventive | |
| Include a description of how the organization manages indirect economic impacts in the disclosure report. CC ID 15979 | Audits and risk management | Preventive | |
| Include service and infrastructure investments that benefit the public in the disclosure report. CC ID 15984 | Audits and risk management | Preventive | |
| Include a description of how the organization manages emissions in the disclosure report. CC ID 15970 | Audits and risk management | Preventive | |
| Include the risks related to greenhouse gas emissions in the disclosure report. CC ID 16338 | Audits and risk management | Preventive | |
| Include the emissions management plan in the disclosure report. CC ID 16177 | Audits and risk management | Preventive | |
| Include the scope of the emissions management plan in the disclosure report. CC ID 16168 | Audits and risk management | Preventive | |
| Include emission reduction targets in the disclosure report. CC ID 16148 | Audits and risk management | Preventive | |
| Include the scope of emission reduction targets in the disclosure report. CC ID 16149 | Audits and risk management | Preventive | |
| Include the scope of greenhouse gas emissions in the disclosure report. CC ID 16147 | Audits and risk management | Preventive | |
| Include a description of carbon offsets in the disclosure report. CC ID 15988 | Audits and risk management | Preventive | |
| Include the design and development of data centers in the disclosure report. CC ID 15620 | Audits and risk management | Preventive | |
| Include a list of countries or geographical regions where the organization's products and services are monitored, blocked, or filtered in the disclosure report. CC ID 15601 | Audits and risk management | Preventive | |
| Include a list of products affected by monitoring, blocking, or filtering in the disclosure report. CC ID 15641 | Audits and risk management | Preventive | |
| Include the implications of blocking or censorship on an organization's products and services in the disclosure report. CC ID 15639 | Audits and risk management | Preventive | |
| Identify products and services affected by monitoring or blocking in the disclosure report. CC ID 15638 | Audits and risk management | Preventive | |
| Include the reasons modifications were made to existing products and services in the disclosure report. CC ID 15637 | Audits and risk management | Preventive | |
| Include the differences between products and services being offered in different markets in the disclosure report. CC ID 15636 | Audits and risk management | Preventive | |
| Include a description of how the organization manages customer health and safety in the disclosure report. CC ID 15801 | Audits and risk management | Preventive | |
| Include the nature of complaints received in the disclosure report. CC ID 15844 | Audits and risk management | Preventive | |
| Include a description of how the organization manages child labor in the disclosure report. CC ID 15851 | Audits and risk management | Preventive | |
| Include operations with a risk for incidents of child labor in the disclosure report. CC ID 15864 | Audits and risk management | Preventive | |
| Include third parties with a risk for incidents of child labor in the disclosure report. CC ID 15863 | Audits and risk management | Preventive | |
| Include operations with a risk for exposing young workers to hazardous work in the disclosure report. CC ID 15862 | Audits and risk management | Preventive | |
| Include third parties with a risk for exposing young workers to hazardous work in the disclosure report. CC ID 15861 | Audits and risk management | Preventive | |
| Include the locations that are at risk for incidents of child labor in the disclosure report. CC ID 15860 | Audits and risk management | Preventive | |
| Include the measures taken to abolish child labor in the disclosure report. CC ID 15859 | Audits and risk management | Preventive | |
| Include a description of how the organization manages diversity and equal opportunity in the disclosure report. CC ID 15853 | Audits and risk management | Preventive | |
| Include the employee representation program in the disclosure report. CC ID 15628 | Audits and risk management | Preventive | |
| Include a description of how the organization manages marketing and labeling in the disclosure report. CC ID 15802 | Audits and risk management | Preventive | |
| Include the information required by the product and service information and labeling procedures in the disclosure report. CC ID 15812 | Audits and risk management | Preventive | |
| Include a description of how the organization manages occupational health and safety in the disclosure report. CC ID 15888 | Audits and risk management | Preventive | |
| Include the workers covered by the occupational health and safety management system in the disclosure report. CC ID 16151 | Audits and risk management | Preventive | |
| Include a description of voluntary health promotion programs in the disclosure report. CC ID 16119 | Audits and risk management | Preventive | |
| Include the main types of work-related ill health in the disclosure report. CC ID 15961 | Audits and risk management | Preventive | |
| Include a description of formal joint management-worker health and safety committees in the disclosure report. CC ID 15913 | Audits and risk management | Preventive | |
| Include the reasons workers are not represented by formal joint management-worker health and safety committees in the disclosure report. CC ID 15912 | Audits and risk management | Preventive | |
| Include work-related hazards in the disclosure report. CC ID 15911 | Audits and risk management | Preventive | |
| Include a description of the occupational health and safety risk assessment process in the disclosure report. CC ID 15909 | Audits and risk management | Preventive | |
| Include a description of occupational health and safety training in the disclosure report. CC ID 15908 | Audits and risk management | Preventive | |
| Include how occupational health and safety information is disseminated and communicated in the disclosure report. CC ID 15907 | Audits and risk management | Preventive | |
| Include the occupational health and safety risk reporting process in the disclosure report. CC ID 15904 | Audits and risk management | Preventive | |
| Include the occupational health and safety policy in the disclosure report. CC ID 15905 | Audits and risk management | Preventive | |
| Include the processes used to investigate work-related incidents in the disclosure report. CC ID 15903 | Audits and risk management | Preventive | |
| Include a description of the occupational health and safety management system in the disclosure report. CC ID 15901 | Audits and risk management | Preventive | |
| Include the main types of work-related injury in the disclosure report. CC ID 15959 | Audits and risk management | Preventive | |
| Include a description of how the organization manages forced or compulsory labor in the disclosure report. CC ID 15850 | Audits and risk management | Preventive | |
| Include operations with a risk for forced or compulsory labor in the disclosure report. CC ID 15858 | Audits and risk management | Preventive | |
| Include third parties with a risk for forced or compulsory labor in the disclosure report. CC ID 15857 | Audits and risk management | Preventive | |
| Include the locations with a risk for forced or compulsory labor in the disclosure report. CC ID 15856 | Audits and risk management | Preventive | |
| Include the measures taken to eliminate forced or compulsory labor in the disclosure report. CC ID 15855 | Audits and risk management | Preventive | |
| Include the measures taken to protect whistleblowers against retaliation in the disclosure report. CC ID 15902 | Audits and risk management | Preventive | |
| Include a description of how the organization manages employment in the disclosure report. CC ID 15890 | Audits and risk management | Preventive | |
| Include the risks of recruiting foreign nationals and offshore employees in the disclosure report. CC ID 15624 | Audits and risk management | Preventive | |
| Include the process for reporting near misses in the disclosure report. CC ID 16211 | Audits and risk management | Preventive | |
| Include the extent to which benefit plan liabilities are covered in the disclosure report. CC ID 16109 | Audits and risk management | Preventive | |
| Include the level of participation in benefit plans in the disclosure report. CC ID 16057 | Audits and risk management | Preventive | |
| Include the Code of Conduct in the disclosure report. CC ID 16205 | Audits and risk management | Preventive | |
| Include the standard benefits for full-time employees in the disclosure report. CC ID 15897 | Audits and risk management | Preventive | |
| Include a description of how the organization manages labor-management relations in the disclosure report. CC ID 15889 | Audits and risk management | Preventive | |
| Include the scope of work stoppages in the disclosure report. CC ID 16215 | Audits and risk management | Preventive | |
| Include the reason for each work stoppage in the disclosure report. CC ID 16213 | Audits and risk management | Preventive | |
| Include the impact of work stoppages in the disclosure report. CC ID 16212 | Audits and risk management | Preventive | |
| Include a description of collective bargaining agreements in the disclosure report. CC ID 15894 | Audits and risk management | Preventive | |
| Include a description of how the organization manages supplier environmental assessment in the disclosure report. CC ID 15876 | Audits and risk management | Preventive | |
| Include the reasons why relationships were terminated with suppliers having significant negative environmental impacts in the disclosure report. CC ID 15882 | Audits and risk management | Preventive | |
| Include a description of how the organization manages training and education in the disclosure report. CC ID 15875 | Audits and risk management | Preventive | |
| Include a description of professional development programs in the disclosure report. CC ID 15880 | Audits and risk management | Preventive | |
| Include a description of professional development assistance in the disclosure report. CC ID 15879 | Audits and risk management | Preventive | |
| Include a description of transition assistance programs in the disclosure report. CC ID 15878 | Audits and risk management | Preventive | |
| Include a description of how the organization manages freedom of association and collective bargaining in the disclosure report. CC ID 15852 | Audits and risk management | Preventive | |
| Include the types of operations in which workers' rights to exercise freedom of association and collective bargaining may be violated in the disclosure report. CC ID 15868 | Audits and risk management | Preventive | |
| Include the types of third parties for which workers' rights to exercise freedom of association and collective bargaining may be violated in the disclosure report. CC ID 15867 | Audits and risk management | Preventive | |
| Include the locations at risk of violating workers' rights to exercise freedom of association and collective bargaining in the disclosure report. CC ID 15866 | Audits and risk management | Preventive | |
| Include the measures taken to support workers' rights to exercise freedom of association and collective bargaining in the disclosure report. CC ID 15865 | Audits and risk management | Preventive | |
| Include a description of how the organization manages waste in the disclosure report. CC ID 15765 | Audits and risk management | Preventive | |
| Include the material of spills in the disclosure report. CC ID 15968 | Audits and risk management | Preventive | |
| Include the location of spills in the disclosure report. CC ID 15964 | Audits and risk management | Preventive | |
| Include a description of how the organization manages the rights of indigenous peoples in the disclosure report. CC ID 15849 | Audits and risk management | Preventive | |
| Include products that contain declarable substances in the disclosure report. CC ID 16161 | Audits and risk management | Preventive | |
| Include a description of how the organization manages supplier social assessment in the disclosure report. CC ID 15799 | Audits and risk management | Preventive | |
| Include the reason why relationships were terminated with suppliers having significant negative social impacts in the disclosure report. CC ID 15804 | Audits and risk management | Preventive | |
| Include a description of how the organization manages energy in the disclosure report. CC ID 15783 | Audits and risk management | Preventive | |
| Include the types of energy affected by energy reduction in the disclosure report. CC ID 15731 | Audits and risk management | Preventive | |
| Include the scope of renewable energy in the disclosure report. CC ID 15509 | Audits and risk management | Preventive | |
| Include the scope of energy consumption in the disclosure report. CC ID 15508 | Audits and risk management | Preventive | |
| Include the types of energy used in the disclosure report. CC ID 15748 | Audits and risk management | Preventive | |
| Include energy efficiency considerations in product design and development in the disclosure report. CC ID 16155 | Audits and risk management | Preventive | |
| Include a description of how the organization manages public policy in the disclosure report. CC ID 15800 | Audits and risk management | Preventive | |
| Include a description of how the organization manages materials in the disclosure report. CC ID 15782 | Audits and risk management | Preventive | |
| Include the scope of recovered material in the disclosure report. CC ID 16204 | Audits and risk management | Preventive | |
| Include materials that present a risk to operations in the disclosure report. CC ID 16173 | Audits and risk management | Preventive | |
| Include the risks represented by materials in the disclosure report. CC ID 16171 | Audits and risk management | Preventive | |
| Include the risk management approach to the use of materials in the disclosure report. CC ID 16169 | Audits and risk management | Preventive | |
| Include management of the availability of materials in the disclosure report. CC ID 16167 | Audits and risk management | Preventive | |
| Include management of the price of materials in the disclosure report. CC ID 16165 | Audits and risk management | Preventive | |
| Include the business activities that use declarable substances in the disclosure report. CC ID 16158 | Audits and risk management | Preventive | |
| Include a description of how the organization manages declarable substances in the disclosure report. CC ID 16156 | Audits and risk management | Preventive | |
| Include a description of how the organization manages non-discrimination in the disclosure report. CC ID 15764 | Audits and risk management | Preventive | |
| Include the status of incidents of discrimination in the disclosure report. CC ID 15790 | Audits and risk management | Preventive | |
| Include corrective actions taken for incidents of discrimination in the disclosure report. CC ID 15789 | Audits and risk management | Preventive | |
| Include a description of incidents of discrimination in the disclosure report. CC ID 15787 | Audits and risk management | Preventive | |
| Include incidents of discrimination no longer subject to action in the disclosure report. CC ID 15786 | Audits and risk management | Preventive | |
| Include a description of how the organization manages local communities in the disclosure report. CC ID 15798 | Audits and risk management | Preventive | |
| Include a description of local community consultation committees in the disclosure report. CC ID 15821 | Audits and risk management | Preventive | |
| Include the results of impact assessments in the disclosure report. CC ID 15820 | Audits and risk management | Preventive | |
| Include a description of community development programs in the disclosure report. CC ID 15818 | Audits and risk management | Preventive | |
| Include a description of the impact assessments in the disclosure report. CC ID 15817 | Audits and risk management | Preventive | |
| Include a description of worker representation bodies in the disclosure report. CC ID 15816 | Audits and risk management | Preventive | |
| Include a description of local community grievance processes in the disclosure report. CC ID 15815 | Audits and risk management | Preventive | |
| Include a description of how the organization manages security practices in the disclosure report. CC ID 15784 | Audits and risk management | Preventive | |
| Include trends in the frequency of incidents in the disclosure report. CC ID 15511 | Audits and risk management | Preventive | |
| Include trends in the origination of incidents in the disclosure report. CC ID 15512 | Audits and risk management | Preventive | |
| Include trends in incident type in the disclosure report. CC ID 15510 | Audits and risk management | Preventive | |
| Include a description of how the organization interacts with water in the disclosure report. CC ID 15752 | Audits and risk management | Preventive | |
| Include a description of water consumption in the disclosure report. CC ID 15754 | Audits and risk management | Preventive | |
| Include changes in water storage in the disclosure report. CC ID 15762 | Audits and risk management | Preventive | |
| Include a description of water discharge in the disclosure report. CC ID 15755 | Audits and risk management | Preventive | |
| Include a description of water withdrawal in the disclosure report. CC ID 15753 | Audits and risk management | Preventive | |
| Include the priority substances of concern for which water discharge is treated in the disclosure report. CC ID 15761 | Audits and risk management | Preventive | |
| Include the effluent discharge standards in the disclosure report. CC ID 15757 | Audits and risk management | Preventive | |
| Include water quality standards in the disclosure report. CC ID 15756 | Audits and risk management | Preventive | |
| Include business continuity risks in the disclosure report. CC ID 15608 | Audits and risk management | Preventive | |
| Include incidents in which encrypted data were acquired with a valid encryption key in the disclosure report. CC ID 15546 | Audits and risk management | Preventive | |
| Include recycling in the disclosure report. CC ID 15579 | Audits and risk management | Preventive | |
| Include the scope of recycled material in the disclosure report. CC ID 16153 | Audits and risk management | Preventive | |
| Include donated materials or refurbished materials in the disclosure report. CC ID 15561 | Audits and risk management | Preventive | |
| Include materials being physically handled by third parties for reuse, recycling, or refurbishment in the disclosure report. CC ID 15577 | Audits and risk management | Preventive | |
| Include materials being physically handled by the organization for reuse, recycling, or refurbishment in the disclosure report. CC ID 15575 | Audits and risk management | Preventive | |
| Include the reuse of materials recovered in the disclosure report. CC ID 15566 | Audits and risk management | Preventive | |
| Include products, materials, and parts at the end of their useful life in the disclosure report. CC ID 15553 | Audits and risk management | Preventive | |
| Exclude products and parts waiting for repair and under warranty in the disclosure report. CC ID 15551 | Audits and risk management | Preventive | |
| Include all monetary liabilities to third parties in the disclosure report. CC ID 15572 | Audits and risk management | Preventive | |
| Include both first-party advertising and third-party advertising in the disclosure report. CC ID 15554 | Audits and risk management | Preventive | |
| Include the corrective action plan in the disclosure report. CC ID 15900 | Audits and risk management | Preventive | |
| Include the costs of corrective actions in the disclosure report. CC ID 16098 | Audits and risk management | Preventive | |
| Include exclusions from the scope of disclosure for each material topic in the disclosure report. CC ID 15893 | Audits and risk management | Preventive | |
| Include a justification for each exclusion from the scope of disclosure for each material topic in the disclosure report. CC ID 15892 | Audits and risk management | Preventive | |
| Include incidents with indications that encrypted data could be readily converted to plain text in the disclosure report. CC ID 15544 | Audits and risk management | Preventive | |
| Limit disclosures to data breaches that resulted in a deviation from expected outcomes for confidentiality or integrity in the disclosure report. CC ID 15545 | Audits and risk management | Preventive | |
| Limit the disclosure of breaches to those in which the individuals were notified in the disclosure report. CC ID 15550 | Audits and risk management | Preventive | |
| Restrict disclosures to wireless communications services in the disclosure report. CC ID 15555 | Audits and risk management | Preventive | |
| Restrict disclosures to wireline communications services in the disclosure report. CC ID 15556 | Audits and risk management | Preventive | |
| Restrict disclosure to Internet Service Provider services in the disclosure report. CC ID 15569 | Audits and risk management | Preventive | |
| Exclude legal fees and expenses used for defense in the disclosure report. CC ID 15571 | Audits and risk management | Preventive | |
| Include the external requirements to which third parties are compliant in the disclosure report. CC ID 15573 | Audits and risk management | Preventive | |
| Include the impact of monitoring, blocking, or filtering products and services in the disclosure report. CC ID 15602 | Audits and risk management | Preventive | |
| Include the reclassification of Internet Service Providers in the disclosure report. CC ID 15576 | Audits and risk management | Preventive | |
| Include non-monetary sanctions in the disclosure report. CC ID 15872 | Audits and risk management | Preventive | |
| Include business activities that negatively impact the target environment in the disclosure report. CC ID 15683 | Audits and risk management | Preventive | |
| Include the organization's name in the disclosure report. CC ID 15668 [{start date}{compliance disclosure statement} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Provide a statement of use Guidance ¶ 2] | Audits and risk management | Preventive | |
| Include the time period in which privacy breaches occurred in the disclosure report. CC ID 15730 | Audits and risk management | Preventive | |
| Include the metrics used to track how material topics and related impacts are managed in the disclosure report. CC ID 15686 | Audits and risk management | Preventive | |
| Include the process used to track the effectiveness of corrective actions taken to manage material topics and related impacts in the disclosure report. CC ID 15687 | Audits and risk management | Preventive | |
| Include a list of material topics in the disclosure report. CC ID 15656 [{approved standard} The organization shall: report a list of its material topics using Disclosure 3-2; Requirement 4 ¶ 1(b)] | Audits and risk management | Preventive | |
| Include changes to the list of material topics in the disclosure report. CC ID 15681 | Audits and risk management | Preventive | |
| Include the processes used to monitor material topics and related impacts in the disclosure report. CC ID 15819 | Audits and risk management | Preventive | |
| Include policies and commitments regarding each material topic in the disclosure report. CC ID 15684 | Audits and risk management | Preventive | |
| Include a commitment to preserve human rights in the disclosure report. CC ID 15854 | Audits and risk management | Preventive | |
| Include the reasons that policies and commitments are not publicly available in the disclosure report. CC ID 15873 | Audits and risk management | Preventive | |
| Include how the impacts related to material topics are managed in the disclosure report. CC ID 15685 | Audits and risk management | Preventive | |
| Include the individuals who helped determine the material topics in the disclosure report. CC ID 15680 | Audits and risk management | Preventive | |
| Include the impacts related to each material topic in the disclosure report. CC ID 15682 | Audits and risk management | Preventive | |
| Include the reversibility or irreversibility of impacts in the disclosure report. CC ID 16037 | Audits and risk management | Preventive | |
| Include the impact duration in the disclosure report. CC ID 16036 | Audits and risk management | Preventive | |
| Include the extent of impacts in the disclosure report. CC ID 16016 | Audits and risk management | Preventive | |
| Include the process for determining material topics in the disclosure report. CC ID 15655 [{approved standard}The organization shall: report its process of determining material topics using Disclosure 3-1; Requirement 4 ¶ 1(a)] | Audits and risk management | Preventive | |
| Refrain from including the same data in other required disclosures, as necessary. CC ID 15732 | Audits and risk management | Preventive | |
| Include the process for setting goals and targets in the disclosure report. CC ID 15763 | Audits and risk management | Preventive | |
| Include risks to the achievement of goals and targets in the disclosure report. CC ID 16166 | Audits and risk management | Preventive | |
| Include the timelines for achieving goals and targets in the disclosure report. CC ID 16164 | Audits and risk management | Preventive | |
| Include the mechanisms for achieving goals and targets in the disclosure report. CC ID 16144 | Audits and risk management | Preventive | |
| Include the progress towards goals and targets in the disclosure report. CC ID 15688 | Audits and risk management | Preventive | |
| Include a justification for disclosures that do not reconcile with data reported in other required disclosures in the disclosure report. CC ID 16053 | Audits and risk management | Preventive | |
| Include historical information and future-oriented information in the disclosure report. CC ID 16336 | Audits and risk management | Preventive | |
| Include preventive actions in the disclosure report. CC ID 15796 | Audits and risk management | Preventive | |
| Include the methodology for reporting future-oriented information in the disclosure report. CC ID 16335 | Audits and risk management | Preventive | |
| Include the reporting period in the disclosure report. CC ID 15661 [{compliance disclosure statement}{start date} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Requirement 8 Guidance ¶ 2 To apply the Timeliness principle, the organization should: indicate the time period covered by the reported information. Timeliness Guidance ¶ 2 Bullet 3 To apply the Completeness principle, the organization should: present activities, events, and impacts for the reporting period in which they occur. This includes reporting information about activities that have a minimal impact in the short-term, but a reasonably foreseeable cumulative impact that can become unavoidable or irreversible in the long-term (e.g., activities that generate bio-accumulative or persistent pollutants); Completeness Guidance ¶ 1 Bullet 1 {start date}{compliance disclosure statement} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Provide a statement of use Guidance ¶ 2] | Audits and risk management | Preventive | |
| Include restatements of information from previous reporting periods and an explanation for their use in the disclosure report. CC ID 15827 | Audits and risk management | Preventive | |
| Include roles and responsibilities in the disclosure report. CC ID 15846 | Audits and risk management | Preventive | |
| Include the organization's location in the disclosure report. CC ID 16311 | Audits and risk management | Preventive | |
| Include how conflicts of interest in roles are handled in the disclosure report. CC ID 15848 | Audits and risk management | Preventive | |
| Include the reporting structure in the disclosure report. CC ID 15845 | Audits and risk management | Preventive | |
| Include a description of whistleblowing mechanisms in the disclosure report. CC ID 16027 | Audits and risk management | Preventive | |
| Include the differences between the list of entities in financial reporting and in sustainability reporting in the disclosure report. CC ID 15874 | Audits and risk management | Preventive | |
| Include the governance structure in the disclosure report. CC ID 15840 | Audits and risk management | Preventive | |
| Include stakeholder representation in the disclosure report. CC ID 15847 | Audits and risk management | Preventive | |
| Include a description of the composition of governance bodies and committees in the disclosure report. CC ID 15843 | Audits and risk management | Preventive | |
| Include a description of significant fluctuations in the total number of contractors and outsource partners in the disclosure report. CC ID 15839 | Audits and risk management | Preventive | |
| Include a description of contractual relationships in the disclosure report. CC ID 15838 | Audits and risk management | Preventive | |
| Include a description of significant fluctuations in the total number of employees in the disclosure report. CC ID 15836 | Audits and risk management | Preventive | |
| Include research findings based on previous and current research methodologies in the disclosure report. CC ID 15630 [{negative trend}{positive trend}To apply the Balance principle, the organization should: present information in a way that allows information users to see negative and positive year-on-year trends in impacts; Balance Guidance ¶ 1 Bullet 1 To apply the Comparability principle, the organization should: present the current disclosures alongside restatements of historical data to enable comparisons if there have been changes from the information reported previously. This can include changes in the length of the reporting period, in the measurement methodologies, in the definitions used, or in other elements of reporting. The organization is required to report restatements of information under Disclosure 2-4 in GRI 2: General Disclosures 2021; Comparability Guidance ¶ 2 Bullet 7] | Audits and risk management | Preventive | |
| Include the methodology used to report numbers in the disclosure report. CC ID 15841 | Audits and risk management | Preventive | |
| Include definitions of terms in the disclosure report. CC ID 15832 | Audits and risk management | Preventive | |
| Include a description of third party relationships in the disclosure report. CC ID 15830 | Audits and risk management | Preventive | |
| Include the type of work performed by contractors and outsource partners in the disclosure report. CC ID 15842 | Audits and risk management | Preventive | |
| Include any changes made to information in restatements in the disclosure report. CC ID 15829 | Audits and risk management | Preventive | |
| Include the criteria for determining when to use restatements in the disclosure report. CC ID 15828 | Audits and risk management | Preventive | |
| Include points of contact in the disclosure report. CC ID 15826 | Audits and risk management | Preventive | |
| Include the reason that reporting periods for different reports do not align in the disclosure report. CC ID 15825 | Audits and risk management | Preventive | |
| Include a description of how information is consolidated in the disclosure report. CC ID 15824 | Audits and risk management | Preventive | |
| Include the legal form of organization in the disclosure report. CC ID 15823 | Audits and risk management | Preventive | |
| Include the ownership structure in the disclosure report. CC ID 15822 | Audits and risk management | Preventive | |
| Include the shareholding structure in the disclosure report. CC ID 16093 | Audits and risk management | Preventive | |
| Include the processes used to collect and monitor in scope information in the disclosure report. CC ID 15779 | Audits and risk management | Preventive | |
| Refrain from including out of scope information in the disclosure report. CC ID 15793 | Audits and risk management | Preventive | |
| Include the processes used to assess third party compliance in the disclosure report. CC ID 15773 | Audits and risk management | Preventive | |
| Include the calculation methodology in the disclosure report. CC ID 15733 [To apply the Accuracy principle, the organization should: indicate which data has been estimated, and explain the underlying assumptions and techniques used for the estimation as well as any limitations of the estimates. Accuracy Guidance ¶ 2 Bullet 5 To apply the Accuracy principle, the organization should: indicate which data has been measured; Accuracy Guidance ¶ 2 Bullet 2] | Audits and risk management | Preventive | |
| Include the rationale for choosing the calculation methodology in the disclosure report. CC ID 15734 | Audits and risk management | Preventive | |
| Include the effects of changes to calculation methodologies in the disclosure report. CC ID 16344 | Audits and risk management | Preventive | |
| Include the source of conversion factors in the disclosure report. CC ID 15747 | Audits and risk management | Preventive | |
| Include known limitations in the disclosure report. CC ID 15669 [To apply the Verifiability principle, the organization should: provide clear explanations of any uncertainties associated with the reported information. Verifiability Guidance ¶ 2 Bullet 7] | Audits and risk management | Preventive | |
| Include the lessons learned in the disclosure report. CC ID 15689 | Audits and risk management | Preventive | |
| Include how lessons learned are incorporated into policies and procedures in the disclosure report. CC ID 15690 | Audits and risk management | Preventive | |
| Include whether training requirements apply to third parties in the disclosure report. CC ID 15727 | Audits and risk management | Preventive | |
| Include a link to the content index in the disclosure report. CC ID 15666 [if it publishes a standalone sustainability report and the GRI content index is not included in the report itself, provide a link or reference to the GRI content index in the report. Requirement 7 ¶ 1(b) if it publishes a standalone sustainability report and the GRI content index is not included in the report itself, provide a link or reference to the GRI content index in the report. Publish a GRI content index ¶ 1(b)] | Audits and risk management | Preventive | |
| Include stakeholder engagement activities in the disclosure report. CC ID 15691 | Audits and risk management | Preventive | |
| Include supplemental disclosures in the disclosure report. CC ID 15629 [{be different}{material topic} In addition to reporting Disclosure 3-3, the organization should report other disclosures for that topic. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Reporting on material topics not covered in the GRI Topic Standards ¶ 2] | Audits and risk management | Preventive | |
| Define and assign the roles and responsibilities of the chairman of the board. CC ID 14786 | Human Resources management | Preventive | |
| Establish, implement, and maintain candidate selection procedures to the board of directors. CC ID 14782 | Human Resources management | Preventive | |
| Include the criteria of mixed experiences and skills in the candidate selection procedures. CC ID 14791 | Human Resources management | Preventive | |
| Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Operational management | Preventive | |
| Comply with all implemented policies in the organization's compliance framework. CC ID 06384 [The organization is required to comply with Requirement 3-b only if GRI Sector Standards that apply to its sectors are available. Requirement 3 Guidance to 3-b ¶ 1 {applicable requirement} The organization is required to comply with Requirement 5-b only if GRI Sector Standards that apply to its sectors are available. The Sector Standards provide information for organizations about their likely material topics. Requirement 5 Guidance to 5-b ¶ 1] | Operational management | Preventive | |
| Include environmental impacts in the environmental management system. CC ID 15175 [The organization shall report information about its impacts in the wider context of sustainable development. Sustainability context ¶ 1(a)] | Operational management | Preventive | |
| Include the scope in the environmental management system. CC ID 14950 | Operational management | Preventive | |
| Include the environmental impact of activities, products, and services in the scope of the environmental management system. CC ID 15184 [To apply the Sustainability context principle, the organization should: draw on objective information and authoritative measures on sustainable development to report information about its impacts (e.g., scientific research or consensus on the limits and demands placed on environmental resources); Sustainability context Guidance ¶ 2 Bullet 1 To apply the Sustainability context principle, the organization should: report information about its impacts in relation to sustainable development goals and conditions (e.g., reporting total greenhouse gas [GHG] emissions as well as reductions in GHG emissions in relation to the goals set out in the United Nations [UN] Framework Convention on Climate Change [FCCC]Paris Agreement [4]); Sustainability context Guidance ¶ 2 Bullet 2 {local environment} To apply the Sustainability context principle, the organization should: if operating in a range of locations, report information about its impacts in relation to appropriate local contexts( e.g., reporting total water use, as well as water use relative to the sustainable thresholds and the social context of given catchments). Sustainability context Guidance ¶ 2 Bullet 4] | Operational management | Preventive | |
| Establish, implement, and maintain records management procedures. CC ID 11619 | Records management | Preventive | |
| Establish, implement, and maintain Automated Data Processing error handling procedures. CC ID 00925 | Records management | Preventive | |
| Establish, implement, and maintain Automated Data Processing error handling reporting. CC ID 11659 | Records management | Preventive | |
| Establish, implement, and maintain system design requirements. CC ID 06618 [To apply the Verifiability principle, the organization should: if the organization designs information systems for its sustainability reporting, design these systems in a way that they can be examined as part of an external assurance process; Verifiability Guidance ¶ 2 Bullet 3] | Systems design, build, and implementation | Preventive | |
| Identify all stakeholders who may influence the System Development Life Cycle. CC ID 06922 | Systems design, build, and implementation | Detective | |
| Document stakeholder requirements and how they influence system design requirements. CC ID 06925 | Systems design, build, and implementation | Preventive | |
| Document legal requirements and how they influence system design requirements. CC ID 11793 | Systems design, build, and implementation | Preventive | |
| Identify and document system design constraints. CC ID 06923 | Systems design, build, and implementation | Preventive | |
| Identify and document limitations that the implementation technology and the implementation strategy puts on the system design solution. CC ID 06928 | Systems design, build, and implementation | Preventive | |
| Identify and document system development constraints. CC ID 11698 | Systems design, build, and implementation | Preventive | |
| Identify and document the system boundaries of the system design project. CC ID 06924 | Systems design, build, and implementation | Preventive | |
| Review the degree of human intervention and control points in the system design requirements. CC ID 13536 | Systems design, build, and implementation | Detective | |
| Establish, implement, and maintain organizational documents. CC ID 16202 | Harmonization Methods and Manual of Style | Preventive | |
| Organize all compliance documents. CC ID 06096 | Harmonization Methods and Manual of Style | Preventive | |
| Organize all compliance documents to fit the message. CC ID 06097 | Harmonization Methods and Manual of Style | Preventive | |
| Define the structure for compliance documents and governance documents. CC ID 06111 [{international or national standard} publish a GRI content index that includes: the title of GRI 1 used; Requirement 7 ¶ 1(a)(iii)] | Harmonization Methods and Manual of Style | Preventive | |
| Subordinate the structure of the compliance document to fit the topic. CC ID 06109 | Harmonization Methods and Manual of Style | Preventive | |
| Define visual and formatting styles for all structured headings. CC ID 06110 | Harmonization Methods and Manual of Style | Preventive | |
| Define the section heading style, if section headings are being used. CC ID 06112 | Harmonization Methods and Manual of Style | Preventive | |
| Use a table of contents to show sections and headings, if section headings are being used. CC ID 06113 | Harmonization Methods and Manual of Style | Preventive | |
| Place the table of contents at the document's beginning. CC ID 06114 | Harmonization Methods and Manual of Style | Preventive | |
| Add term definitions to the document's end. CC ID 06115 | Harmonization Methods and Manual of Style | Preventive | |
Human Resources Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish and maintain board committees, as necessary. CC ID 14789 | Human Resources management | Preventive | |
| Assign oversight of C-level executives to the Board of Directors. CC ID 14784 | Human Resources management | Preventive | |
| Assign oversight of the financial management program to the board of directors. CC ID 14781 | Human Resources management | Preventive | |
| Assign senior management to the role of supporting Quality Management. CC ID 13692 | Human Resources management | Preventive | |
| Assign members who are independent from management to the Board of Directors. CC ID 12395 | Human Resources management | Preventive | |
| Assign ownership of risks to the Board of Directors or senior management. CC ID 13662 | Human Resources management | Preventive | |
| Assign the organization's board and senior management to oversee the continuity planning process. CC ID 12991 | Human Resources management | Preventive | |
| Rotate members of the board of directors, as necessary. CC ID 14803 | Human Resources management | Corrective | |
IT Impact Zone | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Leadership and high level objectives CC ID 00597 | Leadership and high level objectives | IT Impact Zone | |
| Monitoring and measurement CC ID 00636 | Monitoring and measurement | IT Impact Zone | |
| Audits and risk management CC ID 00677 | Audits and risk management | IT Impact Zone | |
| Human Resources management CC ID 00763 | Human Resources management | IT Impact Zone | |
| Operational management CC ID 00805 | Operational management | IT Impact Zone | |
| Records management CC ID 00902 | Records management | IT Impact Zone | |
| Systems design, build, and implementation CC ID 00989 | Systems design, build, and implementation | IT Impact Zone | |
| Harmonization Methods and Manual of Style CC ID 06095 | Harmonization Methods and Manual of Style | IT Impact Zone | |
Investigate | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Check the list of material topics for completeness. CC ID 15692 | Leadership and high level objectives | Preventive | |
| Identify changes to in scope systems that could threaten communication between business units. CC ID 13173 | Audits and risk management | Detective | |
| Investigate alternative risk control strategies appropriate to the organization's risk appetite. CC ID 12887 | Audits and risk management | Preventive | |
Monitor and Evaluate Occurrences | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Include the capturing and alerting of compliance violations in the notification system. CC ID 12962 | Leadership and high level objectives | Preventive | |
| Include the capturing and alerting of unethical conduct in the notification system. CC ID 12932 | Leadership and high level objectives | Preventive | |
| Include the capturing and alerting of performance variances in the notification system. CC ID 12929 | Leadership and high level objectives | Preventive | |
| Include the capturing and alerting of weaknesses in the notification system. CC ID 12928 | Leadership and high level objectives | Preventive | |
| Include the capturing and alerting of account activity in the notification system. CC ID 15314 | Leadership and high level objectives | Preventive | |
| Analyze organizational objectives, functions, and activities. CC ID 00598 | Leadership and high level objectives | Preventive | |
| Monitor the usage and capacity of critical assets. CC ID 14825 | Monitoring and measurement | Detective | |
| Monitor the usage and capacity of Information Technology assets. CC ID 00668 | Monitoring and measurement | Detective | |
| Compare system performance metrics to organizational standards and industry benchmarks. CC ID 00667 [To apply the Accuracy principle, the organization should: ensure that the margin of error for data measurements does not inappropriately influence the conclusions or assessments of information users; Accuracy Guidance ¶ 2 Bullet 4] | Monitoring and measurement | Detective | |
| Establish, implement, and maintain data accuracy controls. CC ID 00921 [{be acceptable}To apply the Verifiability principle, the organization should: be able to provide representation from the original sources of the reported information attesting to the accuracy of the information within acceptable margins of error; Verifiability Guidance ¶ 2 Bullet 5] | Records management | Detective | |
Physical and Environmental Protection | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Include anti-counterfeit measures in the system requirements specification. CC ID 11547 | Systems design, build, and implementation | Preventive | |
| Include anti-counterfeit measures that resist reverse engineering in the system requirements specification. CC ID 11548 | Systems design, build, and implementation | Preventive | |
| Include anti-counterfeit measures that are apparent to anti-counterfeit authentication testing in the system requirements specification. CC ID 11549 | Systems design, build, and implementation | Preventive | |
| Include anti-counterfeit measures that are interdependent between material goods and the anti-counterfeit authentication test in the system requirements specification. CC ID 11550 | Systems design, build, and implementation | Preventive | |
| Include anti-counterfeit measures that allow product characteristic change detection as the result of an attack in the system requirements specification. CC ID 11551 | Systems design, build, and implementation | Preventive | |
| Include anti-counterfeit measures that make attempts to circumvent them evident during the anti-counterfeit authentication test in the system requirements specification. CC ID 11552 | Systems design, build, and implementation | Preventive | |
| Analyze anti-counterfeit measures for their longevity. CC ID 11553 | Systems design, build, and implementation | Preventive | |
| Disallow reuse of anti-counterfeit measures absent authentication. CC ID 11554 | Systems design, build, and implementation | Preventive | |
| Include anti-counterfeit measures to be compatible with material goods associated with the product in the system requirements specification. CC ID 11555 | Systems design, build, and implementation | Preventive | |
Process or Activity | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Assess the effectiveness of the communication methods used in the communication protocol. CC ID 12691 | Leadership and high level objectives | Detective | |
| Establish, implement, and maintain a corrective action plan to address barriers to stakeholder engagement. CC ID 15677 | Leadership and high level objectives | Preventive | |
| Identify barriers to stakeholder engagement. CC ID 15676 | Leadership and high level objectives | Preventive | |
| Include methods to obtain information from interested personnel and affected parties about performance variances in the communication protocol. CC ID 12856 | Leadership and high level objectives | Preventive | |
| Route notifications, as necessary. CC ID 12832 | Leadership and high level objectives | Preventive | |
| Substantiate notifications, as necessary. CC ID 12831 | Leadership and high level objectives | Preventive | |
| Prioritize notifications, as necessary. CC ID 12830 | Leadership and high level objectives | Preventive | |
| Establish and maintain the organization's survey method. CC ID 12869 | Leadership and high level objectives | Preventive | |
| Provide a consolidated view of information in the organization's survey method. CC ID 12894 | Leadership and high level objectives | Preventive | |
| Review and approve the material topics, as necessary. CC ID 15670 | Leadership and high level objectives | Preventive | |
| Evaluate organizational objectives to determine impact on other organizational objectives. CC ID 12814 [The organization shall provide sufficient information to enable an assessment of the organization's impacts during the reporting period. Completeness ¶ 1(a)] | Leadership and high level objectives | Preventive | |
| Identify events that may affect organizational objectives. CC ID 12961 | Leadership and high level objectives | Preventive | |
| Identify conditions that may affect organizational objectives. CC ID 12958 | Leadership and high level objectives | Preventive | |
| Determine progress toward the objectives of the strategic plan. CC ID 12944 [{current time period}{prior time period} To apply the Comparability principle, the organization should: present information for the current reporting period and at least two previous periods, as well as any goals and targets that have been set Comparability Guidance ¶ 2 Bullet 1] | Leadership and high level objectives | Preventive | |
| Align organizational objectives with compliance objectives in the decision-making criteria. CC ID 12847 [To apply the Verifiability principle, the organization should: document the decision-making processes underlying the organization's sustainability reporting in a way that allows for the examination of the key decisions and processes, such as the process of determining material topics; Verifiability Guidance ¶ 2 Bullet 2] | Leadership and high level objectives | Preventive | |
| Convert data into standard units before reporting metrics. CC ID 15507 [To apply the Comparability principle, the organization should: report total numbers or absolute data (e.g., metric tons of CO2 equivalent) as well as ratios or normalized data (e.g., CO2 emissions per unit produced) to enable comparisons, and provide explanatory notes when using ratios; Comparability Guidance ¶ 2 Bullet 5] | Monitoring and measurement | Corrective | |
| Refrain from double-counting fuel consumption, as necessary. CC ID 15736 | Audits and risk management | Preventive | |
| Sanitize user input in accordance with organizational standards. CC ID 16856 | Records management | Preventive | |
| Resolve conflicting design and development inputs. CC ID 13703 | Systems design, build, and implementation | Corrective | |
Records Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Compare each record's data input to its final form. CC ID 11813 | Records management | Detective | |
Systems Design, Build, and Implementation | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Initiate the System Development Life Cycle planning phase. CC ID 06266 | Systems design, build, and implementation | Preventive | |
| Implement dual authorization in systems with critical business functions, as necessary. CC ID 14922 | Systems design, build, and implementation | Preventive | |
| Design and develop built-in redundancies, as necessary. CC ID 13064 | Systems design, build, and implementation | Preventive | |
| Design resource-isolation mechanisms into the infrastructure of Software as a Service. CC ID 12348 | Systems design, build, and implementation | Preventive | |
| Design the Software as a Service infrastructure to segment cloud customer user access. CC ID 12347 | Systems design, build, and implementation | Preventive | |
| Evaluate the criticality and sensitivity of information being accessed when designing systems. CC ID 07076 | Systems design, build, and implementation | Preventive | |
Technical Security | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Protect against misusing automated audit tools. CC ID 04547 | Monitoring and measurement | Preventive | |
| Include performance criteria in the system requirements specification. CC ID 11540 | Systems design, build, and implementation | Preventive | |
| Include accommodating increases in capacity in the system requirements specification. CC ID 11562 | Systems design, build, and implementation | Preventive | |
| Include product upgrade methodologies in the system requirements specification. CC ID 11563 | Systems design, build, and implementation | Preventive | |
| Include the ability of products to verify their own quality in the system requirements specification. CC ID 11564 | Systems design, build, and implementation | Preventive | |
Testing | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Evaluate the measurement process used for metrics. CC ID 06920 [To apply the Balance principle, the organization should: distinguish clearly between facts and the organization's interpretation of the facts; Balance Guidance ¶ 1 Bullet 2 To apply the Accuracy principle, the organization should: indicate which data has been estimated, and explain the underlying assumptions and techniques used for the estimation as well as any limitations of the estimates. Accuracy Guidance ¶ 2 Bullet 5] | Monitoring and measurement | Detective | |
| Compare system design requirements against system design requests. CC ID 06619 | Systems design, build, and implementation | Detective | |
| Determine if commercial off the shelf products meet the system design requirements. CC ID 06926 | Systems design, build, and implementation | Detective | |
Common Controls andThere are three types of Common Control classifications; corrective, detective, and preventive. Common Controls at the top level have the default assignment of Impact Zone.
Corrective | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Convert data into standard units before reporting metrics. CC ID 15507 [To apply the Comparability principle, the organization should: report total numbers or absolute data (e.g., metric tons of CO2 equivalent) as well as ratios or normalized data (e.g., CO2 emissions per unit produced) to enable comparisons, and provide explanatory notes when using ratios; Comparability Guidance ¶ 2 Bullet 5] | Monitoring and measurement | Process or Activity | |
| Rotate members of the board of directors, as necessary. CC ID 14803 | Human Resources management | Human Resources Management | |
| Resolve conflicting design and development inputs. CC ID 13703 | Systems design, build, and implementation | Process or Activity | |
Detective | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Assess the effectiveness of the communication methods used in the communication protocol. CC ID 12691 | Leadership and high level objectives | Process or Activity | |
| Monitor the usage and capacity of critical assets. CC ID 14825 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Monitor the usage and capacity of Information Technology assets. CC ID 00668 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Compare system performance metrics to organizational standards and industry benchmarks. CC ID 00667 [To apply the Accuracy principle, the organization should: ensure that the margin of error for data measurements does not inappropriately influence the conclusions or assessments of information users; Accuracy Guidance ¶ 2 Bullet 4] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Evaluate the measurement process used for metrics. CC ID 06920 [To apply the Balance principle, the organization should: distinguish clearly between facts and the organization's interpretation of the facts; Balance Guidance ¶ 1 Bullet 2 To apply the Accuracy principle, the organization should: indicate which data has been estimated, and explain the underlying assumptions and techniques used for the estimation as well as any limitations of the estimates. Accuracy Guidance ¶ 2 Bullet 5] | Monitoring and measurement | Testing | |
| Conduct a Business Impact Analysis, as necessary. CC ID 01147 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk associated with each business process. CC ID 06463 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk associated with the business environment. CC ID 06464 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk associated with business information of in scope systems. CC ID 06465 | Audits and risk management | Audits and Risk Management | |
| Identify changes to in scope systems that could threaten communication between business units. CC ID 13173 | Audits and risk management | Investigate | |
| Assess the potential business impact risk of in scope systems caused by deliberate threats to their confidentiality, integrity, and availability. CC ID 06466 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk caused by accidental threats to the confidentiality, integrity and availability of critical systems. CC ID 06467 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk associated with reputational damage. CC ID 15335 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk associated with insider threats. CC ID 06468 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk associated with external entities. CC ID 06469 | Audits and risk management | Audits and Risk Management | |
| Assess the potential level of business impact risk associated with natural disasters. CC ID 06470 | Audits and risk management | Actionable Reports or Measurements | |
| Assess the potential level of business impact risk associated with control weaknesses. CC ID 06471 | Audits and risk management | Audits and Risk Management | |
| Include the percentage of individuals in each gender category in the disclosure report. CC ID 15952 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total amount of corporate income tax accrued on profit/loss in the disclosure report. CC ID 16107 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of subsidies received from the government in the disclosure report. CC ID 16101 | Audits and risk management | Actionable Reports or Measurements | |
| Include revenues in the disclosure report. CC ID 16099 | Audits and risk management | Actionable Reports or Measurements | |
| Include the economic value distributed in the disclosure report. CC ID 16086 | Audits and risk management | Actionable Reports or Measurements | |
| Include total monetary value of payments to capital providers in the disclosure report. CC ID 16092 | Audits and risk management | Actionable Reports or Measurements | |
| Include total monetary value of payments to governments in the disclosure report. CC ID 16091 | Audits and risk management | Actionable Reports or Measurements | |
| Include total monetary value of employee wages and benefits in the disclosure report. CC ID 16090 | Audits and risk management | Actionable Reports or Measurements | |
| Include total monetary value of community investments in the disclosure report. CC ID 16089 | Audits and risk management | Actionable Reports or Measurements | |
| Include operating costs in the disclosure report. CC ID 16088 | Audits and risk management | Actionable Reports or Measurements | |
| Include economic value retained in the disclosure report. CC ID 16094 | Audits and risk management | Actionable Reports or Measurements | |
| Include the direct economic value generated and distributed in the disclosure report. CC ID 16085 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of financial assistance received from the government in the disclosure report. CC ID 16087 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of awards received from the government in the disclosure report. CC ID 16106 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of financial incentives received from the government in the disclosure report. CC ID 16105 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of tax relief and tax credits received from the government in the disclosure report. CC ID 16102 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of grants received from the government in the disclosure report. CC ID 16100 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of royalty holidays received from the government in the disclosure report. CC ID 16097 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of financial assistance received from Export Credit Agencies in the disclosure report. CC ID 16095 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total amount of corporate income tax paid on a cash basis in the disclosure report. CC ID 16050 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of tangible assets other than cash and cash equivalents in the disclosure report. CC ID 16048 | Audits and risk management | Actionable Reports or Measurements | |
| Include revenues from intragroup transactions with other tax jurisdictions in the disclosure report. CC ID 16046 | Audits and risk management | Actionable Reports or Measurements | |
| Include revenues from third party sales in the disclosure report. CC ID 16045 | Audits and risk management | Actionable Reports or Measurements | |
| Include the profit and loss before tax in the disclosure report. CC ID 16044 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of interested personnel and affected parties that have received training on anti-corruption in the disclosure report. CC ID 16073 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16072 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16071 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of incidents where contracts with business partners were terminated due to corruption in the disclosure report. CC ID 16070 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of interested personnel and affected parties that have received training on anti-corruption in the disclosure report. CC ID 16069 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of incidents in which employees were dismissed or disciplined for corruption in the disclosure report. CC ID 16068 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of incidents of corruption in the disclosure report. CC ID 16066 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of operations assessed for risks related to corruption in the disclosure report. CC ID 16063 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of operations assessed for risks related to corruption in the disclosure report. CC ID 16062 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of listed species with habitats in areas affected by organizational operations in the disclosure report. CC ID 16038 | Audits and risk management | Actionable Reports or Measurements | |
| Include the size of operational sites near areas of high biodiversity value in the disclosure report. CC ID 16032 | Audits and risk management | Actionable Reports or Measurements | |
| Include the size of habitat areas protected or restored by the organization in the disclosure report. CC ID 16023 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of the procurement budget spent on local suppliers in the disclosure report. CC ID 16022 | Audits and risk management | Actionable Reports or Measurements | |
| Include gross energy indirect greenhouse gas emissions in the disclosure report. CC ID 16340 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total exports of ozone-depleting substances in the disclosure report. CC ID 16083 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total imports of ozone-depleting substances in the disclosure report. CC ID 16081 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total production of ozone-depleting substances in the disclosure report. CC ID 16079 | Audits and risk management | Actionable Reports or Measurements | |
| Include gross other indirect greenhouse gas emissions in the disclosure report. CC ID 16013 | Audits and risk management | Actionable Reports or Measurements | |
| Include gross direct greenhouse gas emissions in the disclosure report.. CC ID 16009 | Audits and risk management | Actionable Reports or Measurements | |
| Include gross direct greenhouse gas emissions from perfluorinated compounds in the disclosure report. CC ID 16146 | Audits and risk management | Actionable Reports or Measurements | |
| Include gross market-based energy indirect greenhouse gas emissions in the disclosure report. CC ID 16008 | Audits and risk management | Actionable Reports or Measurements | |
| Include biogenic carbon dioxide emissions in the disclosure report. CC ID 16007 | Audits and risk management | Actionable Reports or Measurements | |
| Include gross location-based energy indirect greenhouse gas emissions in the disclosure report. CC ID 16006 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total amount of significant air emissions in the disclosure report. CC ID 16005 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total emissions of nitrogen oxides in the disclosure report. CC ID 16084 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total emissions of sulfur oxides in the disclosure report. CC ID 16082 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total emissions of volatile organic compounds in the disclosure report. CC ID 16080 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total emissions of persistent organic pollutants in the disclosure report. CC ID 16078 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total emissions of particulate matter in the disclosure report. CC ID 16077 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total emissions of hazardous air pollutants in the disclosure report. CC ID 16076 | Audits and risk management | Actionable Reports or Measurements | |
| Include the greenhouse gas emissions intensity ratio in the disclosure report. CC ID 16004 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total amount of reductions in greenhouse gas emissions in the disclosure report. CC ID 15999 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of legal actions against the organization in the disclosure report. CC ID 16003 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of fines for instances of non-compliance in the disclosure report. CC ID 15950 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total weight of hazardous waste generated from manufacturing operations in the disclosure report. CC ID 16163 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total volume of significant spills in the disclosure report. CC ID 16010 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of significant spills in the disclosure report. CC ID 15965 | Audits and risk management | Actionable Reports or Measurements | |
| Include the performance qualification score of laptops in the disclosure report. CC ID 16176 | Audits and risk management | Actionable Reports or Measurements | |
| Include the battery life score of laptops in the disclosure report. CC ID 16175 | Audits and risk management | Actionable Reports or Measurements | |
| Include the energy efficiency of laptop computer processors in the disclosure report. CC ID 16174 | Audits and risk management | Actionable Reports or Measurements | |
| Include the energy efficiency of desktop computer processors in the disclosure report. CC ID 16172 | Audits and risk management | Actionable Reports or Measurements | |
| Include the energy efficiency of server processors in the disclosure report. CC ID 16170 | Audits and risk management | Actionable Reports or Measurements | |
| Include the overall ssj_ops/watt of servers in the disclosure report. CC ID 16162 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of products sold that contain declarable substances in the disclosure report. CC ID 16159 | Audits and risk management | Actionable Reports or Measurements | |
| Include the SPECspeed2017_int_base score/watt of desktop computers in the disclosure report. CC ID 16160 | Audits and risk management | Actionable Reports or Measurements | |
| Include the SPECspeed2017_fp_basescore/watt of desktop computers in the disclosure report. CC ID 16157 | Audits and risk management | Actionable Reports or Measurements | |
| Include the average actual sustained download speed in the disclosure report. CC ID 15568 | Audits and risk management | Actionable Reports or Measurements | |
| Include the average advertised download speed in the disclosure report. CC ID 15567 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of water withdrawn from locations with significant baseline water stress in the disclosure report. CC ID 15949 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of water consumed from locations with significant baseline water stress in the disclosure report. CC ID 15948 | Audits and risk management | Actionable Reports or Measurements | |
| Include the near miss frequency rate for work-related near misses in the disclosure report. CC ID 16228 | Audits and risk management | Actionable Reports or Measurements | |
| Include the number of days idle as a result of work stoppages in the disclosure report. CC ID 16217 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total monetary value of benefit plan liabilities in the disclosure report. CC ID 16108 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of an employee's salary contributed to benefit plans by employee or employer in the disclosure report. CC ID 16103 | Audits and risk management | Actionable Reports or Measurements | |
| Include the ratio of entry level wages to the minimum wage in the disclosure report. CC ID 16002 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of senior management hired from the local community in the disclosure report. CC ID 16001 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of employees covered by collective bargaining agreements in the disclosure report. CC ID 15931 | Audits and risk management | Actionable Reports or Measurements | |
| Include the rate of new employee hires in the disclosure report. CC ID 15928 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of employees who left the organization in the disclosure report. CC ID 16127 | Audits and risk management | Actionable Reports or Measurements | |
| Include the number of work stoppages involving one thousand or more workers in the disclosure report. CC ID 16214 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of employees that were entitled to parental leave in the disclosure report. CC ID 15960 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of employees that took parental leave in the disclosure report. CC ID 15955 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of employees that returned to work in the reporting period after parental leave ended in the disclosure report. CC ID 15946 | Audits and risk management | Actionable Reports or Measurements | |
| Include the return to work rate of employees that took parental leave in the disclosure report. CC ID 15958 | Audits and risk management | Actionable Reports or Measurements | |
| Include the retention rate of employees that took parental leave in the disclosure report. CC ID 15962 | Audits and risk management | Actionable Reports or Measurements | |
| Include the user average interruption duration in the disclosure report. CC ID 15558 | Audits and risk management | Actionable Reports or Measurements | |
| Include the system average interruption frequency in the disclosure report. CC ID 15565 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of unique individuals whose information was requested by a third party in the disclosure report. CC ID 15500 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of information requests that resulted in disclosure in the disclosure report. CC ID 15560 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of unique individuals affected by data breaches in the disclosure report. CC ID 15951 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of Tier 1 suppliers' manufacturing facilities audited in compliance with the Responsible Business Alliance Validated Audit Process protocol in the disclosure report. CC ID 16216 | Audits and risk management | Actionable Reports or Measurements | |
| Include the power usage effectiveness in the disclosure report. CC ID 15552 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of energy consumed that is renewable energy in the disclosure report. CC ID 15549 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of energy consumed that was supplied by grid electricity in the disclosure report. CC ID 15541 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of recovered materials that were reused in the disclosure report. CC ID 15563 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of recovered materials that were recycled or remanufactured in the disclosure report. CC ID 15574 | Audits and risk management | Actionable Reports or Measurements | |
| Include the weight of recovered materials in the disclosure report. CC ID 16203 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of recovered materials that were landfilled in the disclosure report. CC ID 15578 | Audits and risk management | Actionable Reports or Measurements | |
| Include the rate of work-related injuries in the disclosure report. CC ID 15944 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of employees and non-employees covered by the occupational health and safety management system in the disclosure report. CC ID 15943 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of manufacturing facilities audited in compliance with the Responsible Business Alliance Validated Audit Process protocol in the disclosure report. CC ID 16207 | Audits and risk management | Actionable Reports or Measurements | |
| Include the rate of fatalities as a result of work-related injuries in the disclosure report. CC ID 15954 | Audits and risk management | Actionable Reports or Measurements | |
| Include the number of fatalities as a result of work-related ill health in the disclosure report. CC ID 15942 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total number of fatalities as a result of work-related injuries in the disclosure report. CC ID 15953 | Audits and risk management | Actionable Reports or Measurements | |
| Establish, implement, and maintain data accuracy controls. CC ID 00921 [{be acceptable}To apply the Verifiability principle, the organization should: be able to provide representation from the original sources of the reported information attesting to the accuracy of the information within acceptable margins of error; Verifiability Guidance ¶ 2 Bullet 5] | Records management | Monitor and Evaluate Occurrences | |
| Compare each record's data input to its final form. CC ID 11813 | Records management | Records Management | |
| Identify all stakeholders who may influence the System Development Life Cycle. CC ID 06922 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Compare system design requirements against system design requests. CC ID 06619 | Systems design, build, and implementation | Testing | |
| Determine if commercial off the shelf products meet the system design requirements. CC ID 06926 | Systems design, build, and implementation | Testing | |
| Review the degree of human intervention and control points in the system design requirements. CC ID 13536 | Systems design, build, and implementation | Establish/Maintain Documentation | |
IT Impact Zone | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Leadership and high level objectives CC ID 00597 | Leadership and high level objectives | IT Impact Zone | |
| Monitoring and measurement CC ID 00636 | Monitoring and measurement | IT Impact Zone | |
| Audits and risk management CC ID 00677 | Audits and risk management | IT Impact Zone | |
| Human Resources management CC ID 00763 | Human Resources management | IT Impact Zone | |
| Operational management CC ID 00805 | Operational management | IT Impact Zone | |
| Records management CC ID 00902 | Records management | IT Impact Zone | |
| Systems design, build, and implementation CC ID 00989 | Systems design, build, and implementation | IT Impact Zone | |
| Harmonization Methods and Manual of Style CC ID 06095 | Harmonization Methods and Manual of Style | IT Impact Zone | |
Preventive | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Establish, implement, and maintain a reporting methodology program. CC ID 02072 [{not require} To apply the Clarity principle, the organization should: present information in a way that users can find the information they want without unreasonable effort, for example, through a table of contents, maps, or links; Clarity Guidance ¶ 1 Bullet 2 To apply the Clarity principle, the organization should: present information in a way that it can be understood by users who have reasonable knowledge of the organization and its activities; Clarity Guidance ¶ 1 Bullet 3 {not be familiar} To apply the Clarity principle, the organization should: avoid abbreviations, technical terms, or other jargon likely to be unfamiliar to users or, if these are used, include relevant explanations in the appropriate sections or in a glossary; Clarity Guidance ¶ 1 Bullet 4 {not be familiar} To apply the Clarity principle, the organization should: avoid abbreviations, technical terms, or other jargon likely to be unfamiliar to users or, if these are used, include relevant explanations in the appropriate sections or in a glossary; Clarity Guidance ¶ 1 Bullet 4 To apply the Clarity principle, the organization should: consider specific accessibility needs of information users, associated with abilities, language, and technology; Clarity Guidance ¶ 1 Bullet 1 {make accessible}{be understandable} To apply the Clarity principle, the organization should: use graphics and consolidated data tables to make information accessible and understandable. Clarity Guidance ¶ 1 Bullet 6 {be concise}{refrain from omitting} To apply the Clarity principle, the organization should: report information in a concise way and aggregate information where useful without omitting necessary details; Clarity Guidance ¶ 1 Bullet 5 {be concise}{refrain from omitting} To apply the Clarity principle, the organization should: report information in a concise way and aggregate information where useful without omitting necessary details; Clarity Guidance ¶ 1 Bullet 5 {socially responsible behavior}{professional behavior}{international or national standard} To apply the Sustainability context principle, the organization should: report information about its impacts in relation to societal expectations and expectations of responsible business conduct set out in authoritative intergovernmental instruments with which the organization is expected to comply (e.g., Organisation for Economic Co-operation and Development [OECD] Guidelines for Multinational Enterprises[3], UN Guiding Principles on Business and Human Rights [5]) and in other recognized sector-specific, local, regional, or global instruments; Sustainability context Guidance ¶ 2 Bullet 3 {current time period}{prior time period} To apply the Comparability principle, the organization should: present information for the current reporting period and at least two previous periods, as well as any goals and targets that have been set Comparability Guidance ¶ 2 Bullet 1 To apply the Comparability principle, the organization should: maintain consistency in the methods used to measure and calculate data and in explaining the methods and assumptions used; Comparability Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: maintain consistency in the methods used to measure and calculate data and in explaining the methods and assumptions used; Comparability Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: maintain consistency in the manner of presenting the information; Comparability Guidance ¶ 2 Bullet 4 To apply the Comparability principle, the organization should: report total numbers or absolute data (e.g., metric tons of CO2 equivalent) as well as ratios or normalized data (e.g., CO2 emissions per unit produced) to enable comparisons, and provide explanatory notes when using ratios; Comparability Guidance ¶ 2 Bullet 5 To apply the Comparability principle, the organization should: provide contextual information (e.g., the organization's size, geographic location) to help information users understand the factors that contribute to differences between the organization's impacts and the impacts of other organizations; Comparability Guidance ¶ 2 Bullet 6 To apply the Completeness principle, the organization should: not omit information that is necessary for understanding the organization's impacts. Completeness Guidance ¶ 1 Bullet 2 If the organization consists of multiple entities (i.e., a parent entity and its subordinate entities), the organization is required to explain the approach used for consolidating the information under 2-2-c in GRI 2: General Disclosures 2021. Completeness Guidance ¶ 2 {make available} The organization shall report information on a regular schedule and make it available in time for information users to make decisions. Timeliness ¶ 1(a) {make available} To apply the Timeliness principle, the organization should: find a balance between the need to make information available in a timely manner and ensuring that the information is of high quality and meets the requirements under the other reporting principles; Timeliness Guidance ¶ 2 Bullet 1 To apply the Timeliness principle, the organization should: ensure consistency in the length of reporting periods; Timeliness Guidance ¶ 2 Bullet 2 {other individuals} To apply the Verifiability principle, the organization should: set up internal controls and organize documentation in such a way that individuals other than those preparing the reported information (e.g., internal auditors, external assurance providers) can review them; Verifiability Guidance ¶ 2 Bullet 1 {refrain from including} To apply the Verifiability principle, the organization should: avoid including information that is not substantiated by evidence unless it is relevant for understanding the organization's impacts; Verifiability Guidance ¶ 2 Bullet 6 To apply the Verifiability principle, the organization should: be able to identify the original sources of the reported information and provide reliable evidence to support assumptions or calculations; Verifiability Guidance ¶ 2 Bullet 4] | Leadership and high level objectives | Business Processes | |
| Establish, implement, and maintain communication protocols. CC ID 12245 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Use secure communication protocols for telecommunications. CC ID 16458 | Leadership and high level objectives | Business Processes | |
| Align the information being disseminated and communicated with the communication requirements according to the organization's communication protocol. CC ID 12419 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include external requirements in the organization's communication protocol. CC ID 12418 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include disseminating and communicating events surrounding instances of desirable conduct and undesirable conduct in the communication protocols. CC ID 12824 | Leadership and high level objectives | Communicate | |
| Include input from interested personnel and affected parties as a part of the organization’s communication protocol. CC ID 12417 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a corrective action plan to address barriers to stakeholder engagement. CC ID 15677 | Leadership and high level objectives | Process or Activity | |
| Identify barriers to stakeholder engagement. CC ID 15676 | Leadership and high level objectives | Process or Activity | |
| Identify alternative measures for collecting stakeholder input, as necessary. CC ID 15672 | Leadership and high level objectives | Communicate | |
| Include disseminating and communicating conditions surrounding instances of desirable conduct and undesirable conduct in the communication protocols. CC ID 12804 | Leadership and high level objectives | Communicate | |
| Include methods to obtain information from interested personnel and affected parties about performance variances in the communication protocol. CC ID 12856 | Leadership and high level objectives | Process or Activity | |
| Include disseminating and communicating desirable conduct in the communication protocols. CC ID 12803 | Leadership and high level objectives | Communicate | |
| Include disseminating and communicating undesirable conduct in communication protocols. CC ID 12802 | Leadership and high level objectives | Communicate | |
| Route notifications, as necessary. CC ID 12832 | Leadership and high level objectives | Process or Activity | |
| Substantiate notifications, as necessary. CC ID 12831 | Leadership and high level objectives | Process or Activity | |
| Analyze the flow of information to ensure it is being received by the correct processes. CC ID 12860 | Leadership and high level objectives | Business Processes | |
| Prioritize notifications, as necessary. CC ID 12830 | Leadership and high level objectives | Process or Activity | |
| Report to management and stakeholders on the findings and information gathered from all types of inquiries. CC ID 12797 | Leadership and high level objectives | Actionable Reports or Measurements | |
| Disseminate and communicate internal controls with supply chain members. CC ID 12416 | Leadership and high level objectives | Communicate | |
| Establish and maintain the organization's survey method. CC ID 12869 | Leadership and high level objectives | Process or Activity | |
| Document the findings from surveys. CC ID 16309 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Provide a consolidated view of information in the organization's survey method. CC ID 12894 | Leadership and high level objectives | Process or Activity | |
| Establish, implement, and maintain warning procedures that follow the organization's communication protocol. CC ID 12407 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain alert procedures that follow the organization's communication protocol. CC ID 12406 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the capturing and alerting of compliance violations in the notification system. CC ID 12962 | Leadership and high level objectives | Monitor and Evaluate Occurrences | |
| Include the capturing and alerting of unethical conduct in the notification system. CC ID 12932 | Leadership and high level objectives | Monitor and Evaluate Occurrences | |
| Include the capturing and alerting of performance variances in the notification system. CC ID 12929 | Leadership and high level objectives | Monitor and Evaluate Occurrences | |
| Include the capturing and alerting of weaknesses in the notification system. CC ID 12928 | Leadership and high level objectives | Monitor and Evaluate Occurrences | |
| Include the capturing and alerting of account activity in the notification system. CC ID 15314 | Leadership and high level objectives | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain an internal reporting program. CC ID 12409 | Leadership and high level objectives | Business Processes | |
| Include transactions and events as a part of internal reporting. CC ID 12413 | Leadership and high level objectives | Business Processes | |
| Disseminate and communicate management's choices for managing the organization as a part of internal reporting. CC ID 12412 | Leadership and high level objectives | Communicate | |
| Enforce a precision level for non-financial reporting based on user need and appropriate supply chain criteria. CC ID 12399 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Define the thresholds for escalation in the internal reporting program. CC ID 14332 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Define the thresholds for reporting in the internal reporting program. CC ID 14331 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain an external reporting program. CC ID 12876 [The organization shall apply all the reporting principles specified in section 4 of GRI 1: Foundation 2021. Requirement 1(a) {be understandable} The organization shall present information in a way that is accessible and understandable. Clarity ¶ 1(a) {refrain from reporting} To apply the Balance principle, the organization should: not present information in a way that is likely to inappropriately influence the conclusions or assessments of information users. Balance Guidance ¶ 1 Bullet 5 {be fair}{negative impact} The organization shall report information in an unbiased way and provide a fair representation of the organization's negative and positive impacts. Balance ¶ 1(a) {should not}{positive impact} To apply the Balance principle, the organization should: not overemphasize positive news or impacts; Balance Guidance ¶ 1 Bullet 4 The organization shall report information that is correct and sufficiently detailed to allow an assessment of the organization's impacts. Accuracy ¶ 1(a)] | Leadership and high level objectives | Communicate | |
| Provide identifying information about the organization to the responsible party. CC ID 16715 | Leadership and high level objectives | Communicate | |
| Identify the material topics required to be reported on. CC ID 15654 [The organization shall: determine its material topics; Requirement 3 ¶ 1(a) The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. Requirement 5 Guidance to 5-b ¶ 2 The organization is required to use the applicable Sector Standards when determining its material topics. Requirement 3 Guidance ¶ 4 The organization is required to determine its material topics based on its specific circumstances. Requirement 3 Guidance ¶ 2 The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: determine whether each topic in the applicable Sector Standard(s) is a material topic for the organization; Requirement 3 ¶ 1(b)(i) {be immaterial}{reason} The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. If the organization has determined any of the topics included in the applicable Sector Standards as not material, then the organization is required to list them in the GRI content index and explain why they are not material. See Requirement 7 in this Standard for more information on the content index. Requirement 3 Guidance to 3-b ¶ 2] | Leadership and high level objectives | Business Processes | |
| Check the list of material topics for completeness. CC ID 15692 | Leadership and high level objectives | Investigate | |
| Prioritize material topics used in reporting. CC ID 15678 | Leadership and high level objectives | Communicate | |
| Review and approve the material topics, as necessary. CC ID 15670 | Leadership and high level objectives | Process or Activity | |
| Define the thresholds for reporting in the external reporting program. CC ID 15679 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include time requirements in the external reporting program. CC ID 16566 | Leadership and high level objectives | Communicate | |
| Include information about the organizational culture in the external reporting program. CC ID 15610 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include reporting to governing bodies in the external reporting plan. CC ID 12923 [{appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Requirement 9(a) {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Requirement 9(a) {appropriate authority}The organization should include the following information in the email: The link to the GRI content index. Requirement 9 Guidance ¶ 1 Bullet 2 {appropriate authority}The organization should include the following information in the email: The legal name of the organization. Requirement 9 Guidance ¶ 1 Bullet 1 {appropriate authority}The organization should include the following information in the email: The link to the report, if publishing a standalone sustainability report. Requirement 9 Guidance ¶ 1 Bullet 3 {appropriate authority}The organization should include the following information in the email: A contact person in the organization and their contact details. Requirement 9 Guidance ¶ 1 Bullet 5 {appropriate authority} The organization should include the following information in the email: The legal name of the organization. Notify GRI Guidance ¶ 1 Bullet 1 {appropriate authority} The organization should include the following information in the email: The link to the GRI content index. Notify GRI Guidance ¶ 1 Bullet 2 {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Notify GRI (a) {appropriate authority}{compliance disclosure statement} The organization shall notify GRI of the use of the GRI Standards and the statement of use by sending an email to reportregistration@globalreporting.org. Notify GRI (a) {appropriate authority} The organization should include the following information in the email: A contact person in the organization and their contact details. Notify GRI Guidance ¶ 1 Bullet 5] | Leadership and high level objectives | Communicate | |
| Submit confidential treatment applications to interested personnel and affected parties. CC ID 16592 | Leadership and high level objectives | Communicate | |
| Include the reasons for objections to public disclosure in confidential treatment applications. CC ID 16594 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include contact information for the interested personnel and affected parties the report was filed with in the confidential treatment application. CC ID 16595 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the information that was omitted in the confidential treatment application. CC ID 16593 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Analyze organizational objectives, functions, and activities. CC ID 00598 | Leadership and high level objectives | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain organizational objectives. CC ID 09959 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Evaluate organizational objectives to determine impact on other organizational objectives. CC ID 12814 [The organization shall provide sufficient information to enable an assessment of the organization's impacts during the reporting period. Completeness ¶ 1(a)] | Leadership and high level objectives | Process or Activity | |
| Identify events that may affect organizational objectives. CC ID 12961 | Leadership and high level objectives | Process or Activity | |
| Identify conditions that may affect organizational objectives. CC ID 12958 | Leadership and high level objectives | Process or Activity | |
| Identify requirements that could affect achieving organizational objectives. CC ID 12828 | Leadership and high level objectives | Business Processes | |
| Identify opportunities that could affect achieving organizational objectives. CC ID 12826 | Leadership and high level objectives | Business Processes | |
| Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a policy and procedure management program. CC ID 06285 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Approve all compliance documents. CC ID 06286 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Align the Authority Document list with external requirements. CC ID 06288 [The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: Requirement 3 ¶ 1(b)] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a content index. CC ID 15660 [The organization shall: publish a GRI content index that includes: Publish a GRI content index ¶ 1(a) publish a GRI content index that includes: Requirement 7 ¶ 1(a)] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the required information in the content index. CC ID 15665 [publish a GRI content index that includes: the title(s) of the GRI Sector Standard(s) that apply to the organization's sector(s); Requirement 7 ¶ 1(a)(iv) The organization shall: publish a GRI content index that includes: the location where the information reported for each disclosure can be found; Publish a GRI content index ¶ 1(a)(vi) publish a GRI content index that includes: the GRI Sector Standard reference numbers for the disclosures from the applicable Sector Standard(s); Requirement 7 ¶ 1(a)(x) {be immaterial}{reason} The organization is required to review each topic described in the applicable Sector Standards and determine whether it is a material topic for the organization. If the organization has determined any of the topics included in the applicable Sector Standards as not material, then the organization is required to list them in the GRI content index and explain why they are not material. See Requirement 7 in this Standard for more information on the content index. Requirement 3 Guidance to 3-b ¶ 2 {approved standard} The organization shall: publish a GRI content index that includes: the title of GRI 1 used Publish a GRI content index ¶ 1(a)(iii) publish a GRI content index that includes: the title: GRI content index; Requirement 7 ¶ 1(a)(i) The organization shall: publish a GRI content index that includes: the titles of the GRI Standards that the reported disclosures come from; Publish a GRI content index ¶ 1(a)(v) The organization shall: publish a GRI content index that includes: a list of the reported disclosures from the GRI Standards, including the disclosure titles; Publish a GRI content index ¶ 1(a)(iv) {compliance disclosure statement} The organization shall: publish a GRI content index that includes: the statement of use; Publish a GRI content index ¶ 1(a)(ii) The organization shall: publish a GRI content index that includes: the title: GRI content index; Publish a GRI content index ¶ 1(a)(i) publish a GRI content index that includes: the location where the information reported for each disclosure can be found; Requirement 7 ¶ 1(a)(xi) publish a GRI content index that includes: a list of the reported disclosures, including the disclosure titles; Requirement 7 ¶ 1(a)(vii) publish a GRI content index that includes: the titles of the GRI Standards and other sources that the reported disclosures come from; Requirement 7 ¶ 1(a)(viii) {be immaterial} publish a GRI content index that includes: a list of the topics in the applicable GRI Sector Standard(s) determined as not material and an explanation for why they are not material; Requirement 7 ¶ 1(a)(vi) publish a GRI content index that includes: a list of the organization's material topics; Requirement 7 ¶ 1(a)(v) {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported the information cited in this GRI content index for the period [reporting period start and end dates] with reference to the GRI Standards. Provide a statement of use (a) {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported the information cited in this GRI content index for the period [reporting period start and end dates] with reference to the GRI Standards. Provide a statement of use (a)] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the disclosures or requirements it cannot comply with in the content index. CC ID 15664 [If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 2 Guidance ¶ 2 {approved standard} If the organization cannot comply with Disclosure 3-3 or with a requirement in Disclosure 3-3, then the organization is required to specify this in the GRI content index, and to provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 4 Guidance ¶ 2 {be unavailable} When the organization cannot report part of the required information it means the information is incomplete. When the reported information does not cover the complete scope required by a disclosure (e.g., the information is missing for certain entities, sites, geographic locations), then the organization is required to provide 'information unavailable /incomplete' as the reason for omission. The organization must specify the entities, sites, geographic locations, etc., for which the required information is missing and cannot be reported. Requirement 6 Information unavailable / incomplete ¶ 2 If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, the organization shall in the GRI content index: specify the disclosure or the requirement it cannot comply with; Requirement 6(a)(i) Reasons for omission are permitted for all disclosures from the Topic Standards. If the organization cannot comply with a disclosure or with a requirement in a disclosure, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-a ¶ 5 {be incomplete}{omitted} If the information for a disclosure or a requirement in a disclosure for which reasons for omission are permitted is unavailable or incomplete, then the organization is required to provide a reason for omission. When information is incomplete, the organization is required to specify which part is missing (e.g., specify the entities for which the information is missing). See Requirement 6 in this Standard for more information. Completeness Guidance ¶ 3] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include explanations for why disclosures or requirements were omitted in the content index. CC ID 15663 [If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 2 Guidance ¶ 2 {confidential information} There may be cases where the law does not forbid collecting or reporting the required information, but the organization considers the information confidential and cannot report it publicly. In such cases, the organization provides 'confidentiality constraints' as the reason for omission. Requirement 6 Confidentiality constraints ¶ 1 The organization provides 'legal prohibitions' as the reason for omission when the law forbids collecting the required information or reporting it publicly. Requirement 6 Legal prohibitions ¶ 1 {not be applicable} If the organization determines a topic in an applicable Sector Standard to be material, the Sector Standard helps the organization identify disclosures to report information about its impacts in relation to that topic. For each likely material topic, the Sector Standards list disclosures from the GRI Topic Standards for organizations to report. If any of the Topic Standards disclosures listed in the Sector Standards are not relevant to the organization's impacts, the organization is not required to report these. However, the organization is required to list these disclosures in the GRI content index and provide 'not applicable' as the reason for omission for not reporting the disclosures. The organization is also required to explain in brief why the disclosures are not relevant to its impacts in relation to the material topic. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-b ¶ 3 {not be applicable}for each material topic covered in the applicable GRI Sector Standard(s), either: provide the 'not applicable' reason for omission and the required explanation in the GRI content index. Requirement 5 ¶ 1(b)(ii) {approved standard} If the organization cannot comply with Disclosure 3-3 or with a requirement in Disclosure 3-3, then the organization is required to specify this in the GRI content index, and to provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 4 Guidance ¶ 2 {be unavailable} When the organization cannot report part of the required information it means the information is incomplete. When the reported information does not cover the complete scope required by a disclosure (e.g., the information is missing for certain entities, sites, geographic locations), then the organization is required to provide 'information unavailable /incomplete' as the reason for omission. The organization must specify the entities, sites, geographic locations, etc., for which the required information is missing and cannot be reported. Requirement 6 Information unavailable / incomplete ¶ 2 {be incomplete} There may be cases where the organization has the item specified in a disclosure or in a requirement in a disclosure, but the information about the item is unavailable or incomplete. In such cases, the organization provides 'information unavailable / incomplete' as the reason for omission. For example, information is unavailable for Disclosure 305-3 in GRI 305: Emissions 2016 when the organization has other indirect (Scope 3) greenhouse gas (GHG) emissions, but it has not collected data on its other indirect (Scope 3) GHG emissions yet. Requirement 6 Information unavailable / incomplete ¶ 1 If the organization cannot comply with a disclosure or with a requirement in a disclosure for which reasons for omission are permitted, the organization shall in the GRI content index: provide one of the four reasons for omission included in Table 1 and the required explanation for that reason. Requirement 6(a)(ii) Reasons for omission are permitted for all disclosures from the Topic Standards. If the organization cannot comply with a disclosure or with a requirement in a disclosure, then the organization is required to specify in the GRI content index the disclosure or the requirement it cannot comply with, and provide a reason for omission with an explanation. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-a ¶ 5 publish a GRI content index that includes: when the organization does not report GRI Topic Standard disclosures for a material topic from the applicable GRI Sector Standard(s), a list of the disclosures and the required reason for omission; Requirement 7 ¶ 1(a)(ix) {be incomplete}{omitted} If the information for a disclosure or a requirement in a disclosure for which reasons for omission are permitted is unavailable or incomplete, then the organization is required to provide a reason for omission. When information is incomplete, the organization is required to specify which part is missing (e.g., specify the entities for which the information is missing). See Requirement 6 in this Standard for more information. Completeness Guidance ¶ 3 The organization is required to report reasons for omission in the GRI content index. See Requirement 7 in this Standard for more information on the content index. Requirement 6 Information unavailable / incomplete ¶ 6 publish a GRI content index that includes: any reasons for omission used; Requirement 7 ¶ 1(a)(xii)] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include an explanation of why disclosures or requirements do not apply in the content index. CC ID 15662 [In such cases, the organization is required to explain why the disclosure or the requirement does not apply to the organization. Requirement 6 Not applicable ¶ 1 Bullet 1 ¶ 2 {not be applicable}The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure from the GRI Topic Standards that is listed in the applicable GRI Sector Standards is not relevant to the organization's impacts in relation to a material topic. In such cases, the organization is required to explain why the disclosure is not relevant to its impacts in relation to the material topic. Requirement 6 Not applicable ¶ 1 Bullet 2 {not be applicable}The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure from the GRI Topic Standards that is listed in the applicable GRI Sector Standards is not relevant to the organization's impacts in relation to a material topic. In such cases, the organization is required to explain why the disclosure is not relevant to its impacts in relation to the material topic. Requirement 6 Not applicable ¶ 1 Bullet 2 {not be applicable} If the organization determines a topic in an applicable Sector Standard to be material, the Sector Standard helps the organization identify disclosures to report information about its impacts in relation to that topic. For each likely material topic, the Sector Standards list disclosures from the GRI Topic Standards for organizations to report. If any of the Topic Standards disclosures listed in the Sector Standards are not relevant to the organization's impacts, the organization is not required to report these. However, the organization is required to list these disclosures in the GRI content index and provide 'not applicable' as the reason for omission for not reporting the disclosures. The organization is also required to explain in brief why the disclosures are not relevant to its impacts in relation to the material topic. See Requirement 6 in this Standard for more information on reasons for omission. Requirement 5 Guidance to 5-b ¶ 3 The organization provides 'not applicable' as the reason for omission in the following situations: When a disclosure or a requirement in a disclosure does not apply to the organization based on its characteristics (e.g., size, type). For example, 2-15-b-iii in GRI 2: General Disclosures 2021 requires the organization to report whether conflicts of interest relating to the existence of controlling shareholders are disclosed to stakeholders. This requirement does not apply to organizations that do not have shareholders (e.g., foundations). Requirement 6 Not applicable ¶ 1 Bullet 1 ¶ 1 {reason}{be immaterial} The organization shall: review the GRI Sector Standard(s) that apply to its sector(s) and: list in the GRI content index any topics from the applicable Sector Standard(s) that the organization has determined as not material and explain why they are not material. Requirement 3 ¶ 1(b)(ii)] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a strategic plan. CC ID 12784 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Determine progress toward the objectives of the strategic plan. CC ID 12944 [{current time period}{prior time period} To apply the Comparability principle, the organization should: present information for the current reporting period and at least two previous periods, as well as any goals and targets that have been set Comparability Guidance ¶ 2 Bullet 1] | Leadership and high level objectives | Process or Activity | |
| Establish, implement, and maintain a decision management strategy. CC ID 06913 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Align the reporting methodology with the decision management strategy. CC ID 15659 [{make available} The organization shall report information on a regular schedule and make it available in time for information users to make decisions. Timeliness ¶ 1(a)] | Leadership and high level objectives | Business Processes | |
| Align organizational objectives with compliance objectives in the decision-making criteria. CC ID 12847 [To apply the Verifiability principle, the organization should: document the decision-making processes underlying the organization's sustainability reporting in a way that allows for the examination of the key decisions and processes, such as the process of determining material topics; Verifiability Guidance ¶ 2 Bullet 2] | Leadership and high level objectives | Process or Activity | |
| Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain a metrics policy. CC ID 01654 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain an approach for compliance monitoring. CC ID 01653 | Monitoring and measurement | Establish/Maintain Documentation | |
| Identify information being used to support the performance of the governance, risk, and compliance capability. CC ID 12866 [To apply the Verifiability principle, the organization should: be able to identify the original sources of the reported information and provide reliable evidence to support assumptions or calculations; Verifiability Guidance ¶ 2 Bullet 4] | Monitoring and measurement | Business Processes | |
| Establish, implement, and maintain a metrics standard and template. CC ID 02157 [To apply the Accuracy principle, the organization should: adequately describe data measurements and bases for calculations, and ensure it is possible to replicate measurements and calculations with similar results; Accuracy Guidance ¶ 2 Bullet 3 To apply the Accuracy principle, the organization should: adequately describe data measurements and bases for calculations, and ensure it is possible to replicate measurements and calculations with similar results; Accuracy Guidance ¶ 2 Bullet 3 To apply the Comparability principle, the organization should: use accepted international metrics (e.g., kilograms, liters), and standard conversion factors and protocols, where applicable, for compiling and reporting information; Comparability Guidance ¶ 2 Bullet 2] | Monitoring and measurement | Establish/Maintain Documentation | |
| Protect against misusing automated audit tools. CC ID 04547 | Monitoring and measurement | Technical Security | |
| Establish, implement, and maintain a risk management program. CC ID 12051 | Audits and risk management | Establish/Maintain Documentation | |
| Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Audits and risk management | Establish/Maintain Documentation | |
| Correlate the business impact of identified risks in the risk assessment report. CC ID 00686 [{be sufficient}{be insufficient} The organization should provide sufficient information about its impacts in relation to each material topic so that information users can make informed assessments and decisions about the organization. If the disclosures from the Topic Standards do not provide sufficient information about the organization's impacts, then the organization should report additional disclosures. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Guidance to 5-a ¶ 5] | Audits and risk management | Audits and Risk Management | |
| Include recovery of the critical path in the Business Impact Analysis. CC ID 13224 | Audits and risk management | Establish/Maintain Documentation | |
| Include acceptable levels of data loss in the Business Impact Analysis. CC ID 13264 | Audits and risk management | Establish/Maintain Documentation | |
| Include Recovery Point Objectives in the Business Impact Analysis. CC ID 13223 | Audits and risk management | Establish/Maintain Documentation | |
| Include the Recovery Time Objectives in the Business Impact Analysis. CC ID 13222 | Audits and risk management | Establish/Maintain Documentation | |
| Include pandemic risks in the Business Impact Analysis. CC ID 13219 | Audits and risk management | Establish/Maintain Documentation | |
| Include tolerance to downtime in the Business Impact Analysis report. CC ID 01172 | Audits and risk management | Establish/Maintain Documentation | |
| Disseminate and communicate the Business Impact Analysis to interested personnel and affected parties. CC ID 15300 | Audits and risk management | Communicate | |
| Establish, implement, and maintain a risk register. CC ID 14828 | Audits and risk management | Establish/Maintain Documentation | |
| Document organizational risk tolerance in a risk register. CC ID 09961 | Audits and risk management | Establish/Maintain Documentation | |
| Align organizational risk tolerance to that of industry peers in the risk register. CC ID 09962 | Audits and risk management | Business Processes | |
| Review the Business Impact Analysis, as necessary. CC ID 12774 | Audits and risk management | Business Processes | |
| Analyze and quantify the risks to in scope systems and information. CC ID 00701 | Audits and risk management | Audits and Risk Management | |
| Establish and maintain a Risk Scoping and Measurement Definitions Document. CC ID 00703 | Audits and risk management | Audits and Risk Management | |
| Identify the material risks in the risk assessment report. CC ID 06482 | Audits and risk management | Audits and Risk Management | |
| Establish a risk acceptance level that is appropriate to the organization's risk appetite. CC ID 00706 | Audits and risk management | Establish/Maintain Documentation | |
| Investigate alternative risk control strategies appropriate to the organization's risk appetite. CC ID 12887 | Audits and risk management | Investigate | |
| Select the appropriate risk treatment option for each identified risk in the risk register. CC ID 06483 | Audits and risk management | Establish/Maintain Documentation | |
| Disseminate and communicate the risk acceptance level in the risk treatment plan to all interested personnel and affected parties. CC ID 06849 | Audits and risk management | Behavior | |
| Establish, implement, and maintain a disclosure report. CC ID 15521 [{be the same}{approved standard}{international or national standard} Disclosures that the organization reports from other sources or that are developed by the organization itself, should have the same rigor as disclosures from the GRI Standards, and they should align with expectations set out in authoritative intergovernmental instruments. Requirement 5 Guidance to 5-a ¶ 6 {be the same}{approved standard}{international or national standard} Disclosures that the organization reports from other sources or that are developed by the organization itself, should have the same rigor as disclosures from the GRI Standards, and they should align with expectations set out in authoritative intergovernmental instruments. Requirement 5 Guidance to 5-a ¶ 6 The organization shall report all disclosures in GRI 2: General Disclosures 2021. Requirement 2(a) {compliance disclosure statement} publish a GRI content index that includes: the statement of use; Requirement 7 ¶ 1(a)(ii) for each material topic covered in the applicable GRI Sector Standard(s), either: report the disclosures from the GRI Topic Standards listed for that topic in the Sector Standard(s), or; Requirement 5 ¶ 1(b)(i) {be relevant} For each material topic, the organization needs to identify disclosures from the GRI Topic Standards to report. The organization is required to report only those disclosures relevant to its impacts in relation to a material topic. The organization is not required to report disclosures that are not relevant. Requirement 5 Guidance to 5-a ¶ 1 {compliance disclosure statement} The organization shall include the following statement in its GRI content index:[Name of organization] has reported in accordance with the GRI Standards for the period [reporting period start and end dates]. Requirement 8(a) {be sufficient}{be insufficient} The organization should provide sufficient information about its impacts in relation to each material topic so that information users can make informed assessments and decisions about the organization. If the disclosures from the Topic Standards do not provide sufficient information about the organization's impacts, then the organization should report additional disclosures. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Guidance to 5-a ¶ 5 To apply the Comparability principle, the organization should: if restatements of historical data are not provided, explain the changes to provide contextual information for interpreting the current disclosures. Comparability Guidance ¶ 2 Bullet 8 To apply the Accuracy principle, the organization should: report qualitative information that is consistent with available evidence and other reported information; Accuracy Guidance ¶ 2 Bullet 1 To apply the Balance principle, the organization should: not omit relevant information concerning its negative impacts; Balance Guidance ¶ 1 Bullet 3 {emerging trend}{related} The organization shall select, compile, and report information consistently to enable an analysis of changes in the organization's impacts over time and an analysis of these impacts relative to those of other organizations. Comparability ¶ 1(a) {emerging trend}{related} The organization shall select, compile, and report information consistently to enable an analysis of changes in the organization's impacts over time and an analysis of these impacts relative to those of other organizations. Comparability ¶ 1(a)] | Audits and risk management | Establish/Maintain Documentation | |
| Include a summary of the questions and statements from surveys or studies in the disclosure report. CC ID 15631 | Audits and risk management | Establish/Maintain Documentation | |
| Include a statement that confidential information has been omitted in the disclosure report. CC ID 16598 | Audits and risk management | Establish/Maintain Documentation | |
| Include legal proceedings in the disclosure report. CC ID 15564 | Audits and risk management | Establish/Maintain Documentation | |
| Include the context of monetary losses from legal proceedings in the disclosure report. CC ID 15533 | Audits and risk management | Establish/Maintain Documentation | |
| Include the nature of monetary losses from legal proceedings in the disclosure report. CC ID 15532 | Audits and risk management | Establish/Maintain Documentation | |
| Include goals and targets in the disclosure report. CC ID 16339 | Audits and risk management | Establish/Maintain Documentation | |
| Include the governance, risk, and compliance approach in the disclosure report. CC ID 16024 | Audits and risk management | Establish/Maintain Documentation | |
| Include the relationship between organizational requirements and external requirements in the disclosure report. CC ID 16154 | Audits and risk management | Establish/Maintain Documentation | |
| Include external requirements in the disclosure report. CC ID 16150 | Audits and risk management | Establish/Maintain Documentation | |
| Include the classification of risks and opportunities posed by climate change in the disclosure report. CC ID 16096 | Audits and risk management | Establish/Maintain Documentation | |
| Include board oversight of risks and opportunities in the disclosure report. CC ID 16337 | Audits and risk management | Establish/Maintain Documentation | |
| Include risk management procedures in the disclosure report. CC ID 16058 | Audits and risk management | Establish/Maintain Documentation | |
| Include the risk management strategy in the disclosure report. CC ID 16348 | Audits and risk management | Establish/Maintain Documentation | |
| Include risk assessment procedures in the disclosure report. CC ID 16343 | Audits and risk management | Establish/Maintain Documentation | |
| Include the organization's primary activities in the disclosure report. CC ID 16043 | Audits and risk management | Establish/Maintain Documentation | |
| Include business operations owned by the organization in the disclosure report. CC ID 15614 | Audits and risk management | Establish/Maintain Documentation | |
| Include critical business operations that support cloud services in the disclosure report. CC ID 15612 | Audits and risk management | Establish/Maintain Documentation | |
| Include the relationship between the tax strategy and the organizational strategy in the disclosure report. CC ID 16035 | Audits and risk management | Establish/Maintain Documentation | |
| Include reference to assurance statements in the disclosure report. CC ID 16033 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of assurance processes in the disclosure report. CC ID 16031 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics in the disclosure report. CC ID 15916 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on diversity and equal opportunity in the disclosure report. CC ID 15934 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of individuals in each racial group or ethnic group in the disclosure report. CC ID 15632 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of individuals in specified age groups in the disclosure report. CC ID 15871 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of individuals in each region in the disclosure report. CC ID 15835 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of individuals in each gender category in the disclosure report. CC ID 15633 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of incidents of discrimination in the disclosure report. CC ID 15788 | Audits and risk management | Establish/Maintain Documentation | |
| Include the ratio of the basic salary and remuneration of women and men in the disclosure report. CC ID 15869 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of individuals in specified diversity categories in the disclosure report. CC ID 15870 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics criteria in the disclosure report. CC ID 16143 | Audits and risk management | Establish/Maintain Documentation | |
| Include risk management metrics in the disclosure report. CC ID 16345 | Audits and risk management | Establish/Maintain Documentation | |
| Include financial management metrics in the disclosure report. CC ID 16042 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of financial assistance received from the government in the disclosure report. CC ID 16104 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on anti-corruption in the disclosure report. CC ID 16052 | Audits and risk management | Establish/Maintain Documentation | |
| Include environmental management metrics in the disclosure report. CC ID 16012 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown, by extinction risk, of the listed species with habitats in areas affected by organizational operations in the disclosure report. CC ID 16041 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on procurement practices in the disclosure report. CC ID 16011 | Audits and risk management | Establish/Maintain Documentation | |
| Include emissions management metrics in the disclosure report. CC ID 15987 | Audits and risk management | Establish/Maintain Documentation | |
| Include compliance metrics in the disclosure report. CC ID 15932 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total amount of monetary losses from legal proceedings in the disclosure report. CC ID 15548 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of incidents of non-compliance in the disclosure report. CC ID 15813 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on labor-management relations in the disclosure report. CC ID 15935 | Audits and risk management | Establish/Maintain Documentation | |
| Include the minimum number of weeks' notice provided to employees and their representatives prior to the implementation of significant operational changes that could substantially affect them in the disclosure report. CC ID 15895 | Audits and risk management | Establish/Maintain Documentation | |
| Include waste management metrics in the disclosure report. CC ID 15925 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight of waste generated in the disclosure report. CC ID 15778 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight of hazardous waste directed to disposal in the disclosure report. CC ID 15774 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of waste generated in the disclosure report. CC ID 15775 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of hazardous waste directed to disposal in the disclosure report. CC ID 15781 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight of non-hazardous waste directed to disposal in the disclosure report. CC ID 15772 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of non-hazardous waste directed to disposal in the disclosure report. CC ID 15780 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight of non-hazardous waste diverted from disposal in the disclosure report. CC ID 15770 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of non-hazardous waste diverted from disposal in the disclosure report. CC ID 15771 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight of waste diverted from disposal in the disclosure report. CC ID 15766 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of waste diverted from disposal the disclosure report. CC ID 15767 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight of hazardous waste diverted from disposal in the disclosure report. CC ID 15768 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of hazardous waste diverted from disposal in the disclosure report. CC ID 15769 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight of waste directed to disposal in the disclosure report. CC ID 15777 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of waste directed to disposal in the disclosure report. CC ID 15776 | Audits and risk management | Establish/Maintain Documentation | |
| Include product and service management metrics in the disclosure report. CC ID 15917 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of products and services provided by the organization in the disclosure report. CC ID 15833 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of product or service categories assessed for compliance in the disclosure report. CC ID 15811 | Audits and risk management | Establish/Maintain Documentation | |
| Include water management metrics in the disclosure report. CC ID 15924 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total water withdrawal in the disclosure report. CC ID 15593 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total water withdrawal from locations with significant baseline water stress in the disclosure report. CC ID 15596 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of water withdrawal from locations with significant baseline water stress in the disclosure report. CC ID 15794 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of water withdrawal in the disclosure report. CC ID 15795 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total water discharge in the disclosure report. CC ID 15758 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of water discharge in the disclosure report. CC ID 15759 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total water discharge to locations with significant baseline water stress in the disclosure report. CC ID 15760 | Audits and risk management | Establish/Maintain Documentation | |
| Include a breakdown of water discharge to locations with significant baseline water stress in the disclosure report. CC ID 15797 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total water consumption in the disclosure report. CC ID 15642 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total water consumption in locations with significant baseline water stress in the disclosure report. CC ID 15598 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of complaints received in the disclosure report. CC ID 15728 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of individuals involved in the study or survey in the disclosure report. CC ID 15643 | Audits and risk management | Establish/Maintain Documentation | |
| Include employment practices metrics in the disclosure report. CC ID 15921 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of employees that are foreign nationals in the disclosure report. CC ID 15622 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of employee engagement in the disclosure report. CC ID 15634 | Audits and risk management | Actionable Reports or Measurements | |
| Include the percentage of offshore employees in the disclosure report. CC ID 15623 | Audits and risk management | Actionable Reports or Measurements | |
| Include the rate of employee turnover in the disclosure report. CC ID 15898 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of new employee hires in the disclosure report. CC ID 15896 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of employees in the disclosure report. CC ID 15834 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on parental leave in the disclosure report. CC ID 15936 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of employees that returned to work after parental leave ended that were still employed twelve months after their return to work in the disclosure report. CC ID 15906 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of hours worked in the disclosure report. CC ID 15910 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on public policy advocacy in the disclosure report. CC ID 15947 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total monetary value of political contributions in the disclosure report. CC ID 15803 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on training and education in the disclosure report. CC ID 15940 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of total employees who received a performance review in the disclosure report. CC ID 15877 | Audits and risk management | Establish/Maintain Documentation | |
| Include the average hours of training undertaken by employees in the disclosure report. CC ID 15881 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of security personnel who have received training on human rights policies and their application to security in the disclosure report. CC ID 15726 | Audits and risk management | Actionable Reports or Measurements | |
| Include operational metrics in the disclosure report. CC ID 15939 | Audits and risk management | Establish/Maintain Documentation | |
| Include incident management metrics in the disclosure report. CC ID 15926 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of service disruptions in services provided to users in the disclosure report. CC ID 15618 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total user downtime in the disclosure report. CC ID 15635 | Audits and risk management | Actionable Reports or Measurements | |
| Include the number of performance issues in services provided to users in the disclosure report. CC ID 15606 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of operations performed by the organization in the disclosure report. CC ID 15831 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on information privacy and freedom of expression in the disclosure report. CC ID 15933 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of content removal requests with which the organization complied in the disclosure report. CC ID 15649 | Audits and risk management | Actionable Reports or Measurements | |
| Include the number of individuals whose personal data is maintained in the disclosure report. CC ID 16792 | Audits and risk management | Actionable Reports or Measurements | |
| Include the number of individuals whose information is used for secondary purposes in the disclosure report. CC ID 15557 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of leaks, thefts, or losses of restricted data in the disclosure report. CC ID 15729 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of content removal requests in the disclosure report. CC ID 15647 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of individuals affected by monitoring, blocking, or filtering in the disclosure report. CC ID 15640 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of unique requests for an individual's information in the disclosure report. CC ID 15542 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of data breaches which involved personal data in the disclosure report. CC ID 15543 | Audits and risk management | Establish/Maintain Documentation | |
| Include third party management metrics in the disclosure report. CC ID 15923 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on supplier environmental assessments in the disclosure report. CC ID 15937 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of contractors and outsource partners in the disclosure report. CC ID 15837 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of suppliers identified as having significant negative environmental impacts with which improvements were agreed upon as a result of assessment in the disclosure report. CC ID 15884 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of suppliers identified as having significant negative environmental impacts with which relationships were terminated as a result of assessment in the disclosure report. CC ID 15883 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of suppliers assessed for environmental impacts in the disclosure report. CC ID 15886 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of suppliers identified as having significant negative environmental impacts in the disclosure report. CC ID 15885 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of new suppliers that were screened using environmental criteria in the disclosure report. CC ID 15887 | Audits and risk management | Establish/Maintain Documentation | |
| Include metrics on supplier social assessments in the disclosure report. CC ID 15938 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of new suppliers that were screened using social criteria in the disclosure report. CC ID 15808 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of suppliers with significant negative social impacts in the disclosure report. CC ID 15807 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of suppliers with significant negative social impacts with which improvements were agreed upon in the disclosure report. CC ID 15806 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of suppliers having significant negative social impacts with which relationships were terminated in the disclosure report. CC ID 15805 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of suppliers assessed for social impacts in the disclosure report. CC ID 15810 | Audits and risk management | Establish/Maintain Documentation | |
| Include customer health and safety management metrics in the disclosure report. CC ID 15922 | Audits and risk management | Establish/Maintain Documentation | |
| Include the percentage of product or service categories for which health and safety impacts are assessed for improvement in the disclosure report. CC ID 15814 | Audits and risk management | Establish/Maintain Documentation | |
| Include energy management metrics in the disclosure report. CC ID 15920 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total energy reduction in the disclosure report. CC ID 15749 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total amount of reductions in the energy requirements of products and services in the disclosure report. CC ID 15751 | Audits and risk management | Establish/Maintain Documentation | |
| Exclude energy reduction resulting from reduced production capacity or outsourcing in the disclosure report. CC ID 15750 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total heating sold in the disclosure report. CC ID 15739 | Audits and risk management | Establish/Maintain Documentation | |
| Include the energy intensity ratio in the disclosure report. CC ID 15735 | Audits and risk management | Actionable Reports or Measurements | |
| Include the total fuel consumption from non-renewable energy sources in the disclosure report. CC ID 15746 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total electricity sold in the disclosure report. CC ID 15740 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total energy consumption in the disclosure report. CC ID 15506 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total fuel consumption from renewable energy sources in the disclosure report. CC ID 15744 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total heating consumption in the disclosure report. CC ID 15743 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total cooling sold in the disclosure report. CC ID 15738 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total cooling consumption in the disclosure report. CC ID 15742 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total steam sold in the disclosure report. CC ID 15737 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total steam consumption in the disclosure report. CC ID 15741 | Audits and risk management | Establish/Maintain Documentation | |
| Include the fuel types used in the disclosure report. CC ID 15745 | Audits and risk management | Establish/Maintain Documentation | |
| Include materials management metrics in the disclosure report. CC ID 15919 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight or volume of renewable materials used by the organization in the disclosure report. CC ID 15791 | Audits and risk management | Establish/Maintain Documentation | |
| Include the weight of recovered materials through product take-back programs and recycling services in the disclosure report. CC ID 15562 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total weight or volume of non-renewable materials used by the organization in the disclosure report. CC ID 15792 | Audits and risk management | Establish/Maintain Documentation | |
| Include occupational health and safety management metrics in the disclosure report. CC ID 15918 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of employees and non-employees covered by the occupational health and safety management system in the disclosure report. CC ID 15891 | Audits and risk management | Establish/Maintain Documentation | |
| Include the total number of work-related injuries in the disclosure report. CC ID 15899 | Audits and risk management | Establish/Maintain Documentation | |
| Include the number of cases of work-related ill health in the disclosure report. CC ID 15914 | Audits and risk management | Establish/Maintain Documentation | |
| Include outsourcing arrangements in the disclosure report. CC ID 15621 | Audits and risk management | Establish/Maintain Documentation | |
| Include business operations outsourced to third parties in the disclosure report. CC ID 15616 | Audits and risk management | Establish/Maintain Documentation | |
| Include how material topics are managed in the disclosure report. CC ID 15657 [{approved standard} The organization shall: report how it manages each material topic using Disclosure 3-3. Requirement 4 ¶ 1(c) {approved standard} When the organization's material topic is not covered by the disclosures in the GRI Topic Standards, the organization is required to report how it manages the material topic, using Disclosure 3-3 in GRI 3: Material Topics 2021. See Requirement4-c in this Standard for more information Requirement 5 Reporting on material topics not covered in the GRI Topic Standards ¶ 1] | Audits and risk management | Establish/Maintain Documentation | |
| Include disclosures for each material topic in the disclosure report. CC ID 15658 [The organization shall: report disclosures from the GRI Topic Standards for each material topic; Requirement 5 ¶ 1(a)] | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages privacy in the disclosure report. CC ID 15785 | Audits and risk management | Establish/Maintain Documentation | |
| Include the content removal policy in the disclosure report. CC ID 15650 | Audits and risk management | Establish/Maintain Documentation | |
| Include the level of management approval required for content removal requests in the disclosure report. CC ID 15653 | Audits and risk management | Establish/Maintain Documentation | |
| Include requirements for content removal requests in the disclosure report. CC ID 15652 | Audits and risk management | Establish/Maintain Documentation | |
| Include the conditions for denying content removal requests in the disclosure report. CC ID 15651 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of content removal requests in the disclosure report. CC ID 15648 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of data subjects in the disclosure report. CC ID 16791 | Audits and risk management | Establish/Maintain Documentation | |
| Include the categories of personal data maintained by the organization in the disclosure report. CC ID 16790 | Audits and risk management | Establish/Maintain Documentation | |
| Include a business need justification for personal data processing in the disclosure report. CC ID 16788 | Audits and risk management | Establish/Maintain Documentation | |
| Include the personal data use purpose specification in the disclosure report. CC ID 16786 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of the information systems that process personal data in the disclosure report. CC ID 16784 | Audits and risk management | Establish/Maintain Documentation | |
| Include the policies and procedures related to freedom of expression in the disclosure report. CC ID 15604 | Audits and risk management | Establish/Maintain Documentation | |
| Include dispute resolution quality measures in the disclosure report. CC ID 16312 | Audits and risk management | Establish/Maintain Documentation | |
| Include all data requests that resulted in compliance with the disclosure request in the disclosure report. CC ID 15547 | Audits and risk management | Establish/Maintain Documentation | |
| Include individuals whose information is provided to third parties for secondary purposes in the disclosure report. CC ID 15559 | Audits and risk management | Establish/Maintain Documentation | |
| Include the disclosure of aggregated, de-identified, and anonymized data to the requesting party in the disclosure report. CC ID 15570 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages records in the disclosure report. CC ID 16787 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages anti-corruption in the disclosure report. CC ID 16055 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of incidents of corruption in the disclosure report. CC ID 16067 | Audits and risk management | Establish/Maintain Documentation | |
| Include significant risks related to corruption in the disclosure report. CC ID 16065 | Audits and risk management | Establish/Maintain Documentation | |
| Include the interested personnel and affected parties to whom the anti-corruption program has been communicated in the disclosure report. CC ID 16064 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages economic performance in the disclosure report. CC ID 16054 | Audits and risk management | Establish/Maintain Documentation | |
| Include risks and opportunities posed by climate change in the disclosure report. CC ID 16060 | Audits and risk management | Establish/Maintain Documentation | |
| Include a justification for reporting financial data on a cash basis in the disclosure report. CC ID 16059 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages biodiversity in the disclosure report. CC ID 15986 | Audits and risk management | Establish/Maintain Documentation | |
| Include whether habitat restoration measures have been approved by independent external professionals in the disclosure report. CC ID 16075 | Audits and risk management | Establish/Maintain Documentation | |
| Include the condition of habitat areas protected or restored by the organization in the disclosure report. CC ID 16040 | Audits and risk management | Establish/Maintain Documentation | |
| Include whether third party relationships exist to protect or restore habitat areas in the disclosure report. CC ID 16039 | Audits and risk management | Establish/Maintain Documentation | |
| Include the biodiversity value of operational sites in the disclosure report. CC ID 16034 | Audits and risk management | Establish/Maintain Documentation | |
| Include the type of operations near areas of high biodiversity value in the disclosure report. CC ID 16025 | Audits and risk management | Establish/Maintain Documentation | |
| Include the location of operational sites near areas of high biodiversity value in the disclosure report. CC ID 16020 | Audits and risk management | Establish/Maintain Documentation | |
| Include the location of habitat areas protected or restored by the organization in the disclosure report. CC ID 16018 | Audits and risk management | Establish/Maintain Documentation | |
| Include the species impacted by organizational activities, products, and services in the disclosure report. CC ID 16015 | Audits and risk management | Establish/Maintain Documentation | |
| Include underground land owned by the organization near areas of high biodiversity value in the disclosure report. CC ID 16014 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages taxes in the disclosure report. CC ID 15985 | Audits and risk management | Establish/Maintain Documentation | |
| Include the frequency of tax strategy reviews in the disclosure report. CC ID 16074 | Audits and risk management | Establish/Maintain Documentation | |
| Include a justification for differences between corporate income tax accrued and tax due in the disclosure report. CC ID 16051 | Audits and risk management | Establish/Maintain Documentation | |
| Include the tax jurisdictions in the disclosure report. CC ID 16047 | Audits and risk management | Establish/Maintain Documentation | |
| Include the roles and responsibilities assigned to tax governance and control in the disclosure report. CC ID 16030 | Audits and risk management | Establish/Maintain Documentation | |
| Include the tax strategy in the disclosure report. CC ID 16029 | Audits and risk management | Establish/Maintain Documentation | |
| Include the tax governance and control framework in the disclosure report. CC ID 16028 | Audits and risk management | Establish/Maintain Documentation | |
| Include the management of tax risks in the disclosure report. CC ID 16026 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages market presence in the disclosure report. CC ID 15983 | Audits and risk management | Establish/Maintain Documentation | |
| Include the actions taken to determine whether workers are paid above minimum wage in the disclosure report. CC ID 16056 | Audits and risk management | Establish/Maintain Documentation | |
| Include the local minimum wage in the disclosure report. CC ID 15992 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages anti-competitive behavior in the disclosure report. CC ID 15981 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages procurement practices in the disclosure report. CC ID 15980 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages indirect economic impacts in the disclosure report. CC ID 15979 | Audits and risk management | Establish/Maintain Documentation | |
| Include service and infrastructure investments that benefit the public in the disclosure report. CC ID 15984 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages emissions in the disclosure report. CC ID 15970 | Audits and risk management | Establish/Maintain Documentation | |
| Include the risks related to greenhouse gas emissions in the disclosure report. CC ID 16338 | Audits and risk management | Establish/Maintain Documentation | |
| Include the emissions management plan in the disclosure report. CC ID 16177 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of the emissions management plan in the disclosure report. CC ID 16168 | Audits and risk management | Establish/Maintain Documentation | |
| Include emission reduction targets in the disclosure report. CC ID 16148 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of emission reduction targets in the disclosure report. CC ID 16149 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of greenhouse gas emissions in the disclosure report. CC ID 16147 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of carbon offsets in the disclosure report. CC ID 15988 | Audits and risk management | Establish/Maintain Documentation | |
| Include the design and development of data centers in the disclosure report. CC ID 15620 | Audits and risk management | Establish/Maintain Documentation | |
| Include a list of countries or geographical regions where the organization's products and services are monitored, blocked, or filtered in the disclosure report. CC ID 15601 | Audits and risk management | Establish/Maintain Documentation | |
| Include a list of products affected by monitoring, blocking, or filtering in the disclosure report. CC ID 15641 | Audits and risk management | Establish/Maintain Documentation | |
| Include the implications of blocking or censorship on an organization's products and services in the disclosure report. CC ID 15639 | Audits and risk management | Establish/Maintain Documentation | |
| Identify products and services affected by monitoring or blocking in the disclosure report. CC ID 15638 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reasons modifications were made to existing products and services in the disclosure report. CC ID 15637 | Audits and risk management | Establish/Maintain Documentation | |
| Include the differences between products and services being offered in different markets in the disclosure report. CC ID 15636 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages customer health and safety in the disclosure report. CC ID 15801 | Audits and risk management | Establish/Maintain Documentation | |
| Include the nature of complaints received in the disclosure report. CC ID 15844 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages child labor in the disclosure report. CC ID 15851 | Audits and risk management | Establish/Maintain Documentation | |
| Include operations with a risk for incidents of child labor in the disclosure report. CC ID 15864 | Audits and risk management | Establish/Maintain Documentation | |
| Include third parties with a risk for incidents of child labor in the disclosure report. CC ID 15863 | Audits and risk management | Establish/Maintain Documentation | |
| Include operations with a risk for exposing young workers to hazardous work in the disclosure report. CC ID 15862 | Audits and risk management | Establish/Maintain Documentation | |
| Include third parties with a risk for exposing young workers to hazardous work in the disclosure report. CC ID 15861 | Audits and risk management | Establish/Maintain Documentation | |
| Include the locations that are at risk for incidents of child labor in the disclosure report. CC ID 15860 | Audits and risk management | Establish/Maintain Documentation | |
| Include the measures taken to abolish child labor in the disclosure report. CC ID 15859 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages diversity and equal opportunity in the disclosure report. CC ID 15853 | Audits and risk management | Establish/Maintain Documentation | |
| Include the employee representation program in the disclosure report. CC ID 15628 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages marketing and labeling in the disclosure report. CC ID 15802 | Audits and risk management | Establish/Maintain Documentation | |
| Include the information required by the product and service information and labeling procedures in the disclosure report. CC ID 15812 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages occupational health and safety in the disclosure report. CC ID 15888 | Audits and risk management | Establish/Maintain Documentation | |
| Include the workers covered by the occupational health and safety management system in the disclosure report. CC ID 16151 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of voluntary health promotion programs in the disclosure report. CC ID 16119 | Audits and risk management | Establish/Maintain Documentation | |
| Include the main types of work-related ill health in the disclosure report. CC ID 15961 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of formal joint management-worker health and safety committees in the disclosure report. CC ID 15913 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reasons workers are not represented by formal joint management-worker health and safety committees in the disclosure report. CC ID 15912 | Audits and risk management | Establish/Maintain Documentation | |
| Include work-related hazards in the disclosure report. CC ID 15911 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of the occupational health and safety risk assessment process in the disclosure report. CC ID 15909 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of occupational health and safety training in the disclosure report. CC ID 15908 | Audits and risk management | Establish/Maintain Documentation | |
| Include how occupational health and safety information is disseminated and communicated in the disclosure report. CC ID 15907 | Audits and risk management | Establish/Maintain Documentation | |
| Include the occupational health and safety risk reporting process in the disclosure report. CC ID 15904 | Audits and risk management | Establish/Maintain Documentation | |
| Include the occupational health and safety policy in the disclosure report. CC ID 15905 | Audits and risk management | Establish/Maintain Documentation | |
| Include the processes used to investigate work-related incidents in the disclosure report. CC ID 15903 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of the occupational health and safety management system in the disclosure report. CC ID 15901 | Audits and risk management | Establish/Maintain Documentation | |
| Include the main types of work-related injury in the disclosure report. CC ID 15959 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages forced or compulsory labor in the disclosure report. CC ID 15850 | Audits and risk management | Establish/Maintain Documentation | |
| Include operations with a risk for forced or compulsory labor in the disclosure report. CC ID 15858 | Audits and risk management | Establish/Maintain Documentation | |
| Include third parties with a risk for forced or compulsory labor in the disclosure report. CC ID 15857 | Audits and risk management | Establish/Maintain Documentation | |
| Include the locations with a risk for forced or compulsory labor in the disclosure report. CC ID 15856 | Audits and risk management | Establish/Maintain Documentation | |
| Include the measures taken to eliminate forced or compulsory labor in the disclosure report. CC ID 15855 | Audits and risk management | Establish/Maintain Documentation | |
| Include the measures taken to protect whistleblowers against retaliation in the disclosure report. CC ID 15902 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages employment in the disclosure report. CC ID 15890 | Audits and risk management | Establish/Maintain Documentation | |
| Include the risks of recruiting foreign nationals and offshore employees in the disclosure report. CC ID 15624 | Audits and risk management | Establish/Maintain Documentation | |
| Include the process for reporting near misses in the disclosure report. CC ID 16211 | Audits and risk management | Establish/Maintain Documentation | |
| Include the extent to which benefit plan liabilities are covered in the disclosure report. CC ID 16109 | Audits and risk management | Establish/Maintain Documentation | |
| Include the level of participation in benefit plans in the disclosure report. CC ID 16057 | Audits and risk management | Establish/Maintain Documentation | |
| Include the Code of Conduct in the disclosure report. CC ID 16205 | Audits and risk management | Establish/Maintain Documentation | |
| Include the standard benefits for full-time employees in the disclosure report. CC ID 15897 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages labor-management relations in the disclosure report. CC ID 15889 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of work stoppages in the disclosure report. CC ID 16215 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reason for each work stoppage in the disclosure report. CC ID 16213 | Audits and risk management | Establish/Maintain Documentation | |
| Include the impact of work stoppages in the disclosure report. CC ID 16212 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of collective bargaining agreements in the disclosure report. CC ID 15894 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages supplier environmental assessment in the disclosure report. CC ID 15876 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reasons why relationships were terminated with suppliers having significant negative environmental impacts in the disclosure report. CC ID 15882 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages training and education in the disclosure report. CC ID 15875 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of professional development programs in the disclosure report. CC ID 15880 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of professional development assistance in the disclosure report. CC ID 15879 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of transition assistance programs in the disclosure report. CC ID 15878 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages freedom of association and collective bargaining in the disclosure report. CC ID 15852 | Audits and risk management | Establish/Maintain Documentation | |
| Include the types of operations in which workers' rights to exercise freedom of association and collective bargaining may be violated in the disclosure report. CC ID 15868 | Audits and risk management | Establish/Maintain Documentation | |
| Include the types of third parties for which workers' rights to exercise freedom of association and collective bargaining may be violated in the disclosure report. CC ID 15867 | Audits and risk management | Establish/Maintain Documentation | |
| Include the locations at risk of violating workers' rights to exercise freedom of association and collective bargaining in the disclosure report. CC ID 15866 | Audits and risk management | Establish/Maintain Documentation | |
| Include the measures taken to support workers' rights to exercise freedom of association and collective bargaining in the disclosure report. CC ID 15865 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages waste in the disclosure report. CC ID 15765 | Audits and risk management | Establish/Maintain Documentation | |
| Include the material of spills in the disclosure report. CC ID 15968 | Audits and risk management | Establish/Maintain Documentation | |
| Include the location of spills in the disclosure report. CC ID 15964 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages the rights of indigenous peoples in the disclosure report. CC ID 15849 | Audits and risk management | Establish/Maintain Documentation | |
| Include products that contain declarable substances in the disclosure report. CC ID 16161 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages supplier social assessment in the disclosure report. CC ID 15799 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reason why relationships were terminated with suppliers having significant negative social impacts in the disclosure report. CC ID 15804 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages energy in the disclosure report. CC ID 15783 | Audits and risk management | Establish/Maintain Documentation | |
| Include the types of energy affected by energy reduction in the disclosure report. CC ID 15731 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of renewable energy in the disclosure report. CC ID 15509 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of energy consumption in the disclosure report. CC ID 15508 | Audits and risk management | Establish/Maintain Documentation | |
| Include the types of energy used in the disclosure report. CC ID 15748 | Audits and risk management | Establish/Maintain Documentation | |
| Refrain from double-counting fuel consumption, as necessary. CC ID 15736 | Audits and risk management | Process or Activity | |
| Include energy efficiency considerations in product design and development in the disclosure report. CC ID 16155 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages public policy in the disclosure report. CC ID 15800 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages materials in the disclosure report. CC ID 15782 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of recovered material in the disclosure report. CC ID 16204 | Audits and risk management | Establish/Maintain Documentation | |
| Include materials that present a risk to operations in the disclosure report. CC ID 16173 | Audits and risk management | Establish/Maintain Documentation | |
| Include the risks represented by materials in the disclosure report. CC ID 16171 | Audits and risk management | Establish/Maintain Documentation | |
| Include the risk management approach to the use of materials in the disclosure report. CC ID 16169 | Audits and risk management | Establish/Maintain Documentation | |
| Include management of the availability of materials in the disclosure report. CC ID 16167 | Audits and risk management | Establish/Maintain Documentation | |
| Include management of the price of materials in the disclosure report. CC ID 16165 | Audits and risk management | Establish/Maintain Documentation | |
| Include the business activities that use declarable substances in the disclosure report. CC ID 16158 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages declarable substances in the disclosure report. CC ID 16156 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages non-discrimination in the disclosure report. CC ID 15764 | Audits and risk management | Establish/Maintain Documentation | |
| Include the status of incidents of discrimination in the disclosure report. CC ID 15790 | Audits and risk management | Establish/Maintain Documentation | |
| Include corrective actions taken for incidents of discrimination in the disclosure report. CC ID 15789 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of incidents of discrimination in the disclosure report. CC ID 15787 | Audits and risk management | Establish/Maintain Documentation | |
| Include incidents of discrimination no longer subject to action in the disclosure report. CC ID 15786 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages local communities in the disclosure report. CC ID 15798 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of local community consultation committees in the disclosure report. CC ID 15821 | Audits and risk management | Establish/Maintain Documentation | |
| Include the results of impact assessments in the disclosure report. CC ID 15820 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of community development programs in the disclosure report. CC ID 15818 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of the impact assessments in the disclosure report. CC ID 15817 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of worker representation bodies in the disclosure report. CC ID 15816 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of local community grievance processes in the disclosure report. CC ID 15815 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization manages security practices in the disclosure report. CC ID 15784 | Audits and risk management | Establish/Maintain Documentation | |
| Include trends in the frequency of incidents in the disclosure report. CC ID 15511 | Audits and risk management | Establish/Maintain Documentation | |
| Include trends in the origination of incidents in the disclosure report. CC ID 15512 | Audits and risk management | Establish/Maintain Documentation | |
| Include trends in incident type in the disclosure report. CC ID 15510 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how the organization interacts with water in the disclosure report. CC ID 15752 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of water consumption in the disclosure report. CC ID 15754 | Audits and risk management | Establish/Maintain Documentation | |
| Include changes in water storage in the disclosure report. CC ID 15762 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of water discharge in the disclosure report. CC ID 15755 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of water withdrawal in the disclosure report. CC ID 15753 | Audits and risk management | Establish/Maintain Documentation | |
| Include the priority substances of concern for which water discharge is treated in the disclosure report. CC ID 15761 | Audits and risk management | Establish/Maintain Documentation | |
| Include the effluent discharge standards in the disclosure report. CC ID 15757 | Audits and risk management | Establish/Maintain Documentation | |
| Include water quality standards in the disclosure report. CC ID 15756 | Audits and risk management | Establish/Maintain Documentation | |
| Include business continuity risks in the disclosure report. CC ID 15608 | Audits and risk management | Establish/Maintain Documentation | |
| Include incidents in which encrypted data were acquired with a valid encryption key in the disclosure report. CC ID 15546 | Audits and risk management | Establish/Maintain Documentation | |
| Include recycling in the disclosure report. CC ID 15579 | Audits and risk management | Establish/Maintain Documentation | |
| Include the scope of recycled material in the disclosure report. CC ID 16153 | Audits and risk management | Establish/Maintain Documentation | |
| Include donated materials or refurbished materials in the disclosure report. CC ID 15561 | Audits and risk management | Establish/Maintain Documentation | |
| Include materials being physically handled by third parties for reuse, recycling, or refurbishment in the disclosure report. CC ID 15577 | Audits and risk management | Establish/Maintain Documentation | |
| Include materials being physically handled by the organization for reuse, recycling, or refurbishment in the disclosure report. CC ID 15575 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reuse of materials recovered in the disclosure report. CC ID 15566 | Audits and risk management | Establish/Maintain Documentation | |
| Include products, materials, and parts at the end of their useful life in the disclosure report. CC ID 15553 | Audits and risk management | Establish/Maintain Documentation | |
| Exclude products and parts waiting for repair and under warranty in the disclosure report. CC ID 15551 | Audits and risk management | Establish/Maintain Documentation | |
| Include all monetary liabilities to third parties in the disclosure report. CC ID 15572 | Audits and risk management | Establish/Maintain Documentation | |
| Include both first-party advertising and third-party advertising in the disclosure report. CC ID 15554 | Audits and risk management | Establish/Maintain Documentation | |
| Include the corrective action plan in the disclosure report. CC ID 15900 | Audits and risk management | Establish/Maintain Documentation | |
| Include the costs of corrective actions in the disclosure report. CC ID 16098 | Audits and risk management | Establish/Maintain Documentation | |
| Include exclusions from the scope of disclosure for each material topic in the disclosure report. CC ID 15893 | Audits and risk management | Establish/Maintain Documentation | |
| Include a justification for each exclusion from the scope of disclosure for each material topic in the disclosure report. CC ID 15892 | Audits and risk management | Establish/Maintain Documentation | |
| Include incidents with indications that encrypted data could be readily converted to plain text in the disclosure report. CC ID 15544 | Audits and risk management | Establish/Maintain Documentation | |
| Limit disclosures to data breaches that resulted in a deviation from expected outcomes for confidentiality or integrity in the disclosure report. CC ID 15545 | Audits and risk management | Establish/Maintain Documentation | |
| Limit the disclosure of breaches to those in which the individuals were notified in the disclosure report. CC ID 15550 | Audits and risk management | Establish/Maintain Documentation | |
| Restrict disclosures to wireless communications services in the disclosure report. CC ID 15555 | Audits and risk management | Establish/Maintain Documentation | |
| Restrict disclosures to wireline communications services in the disclosure report. CC ID 15556 | Audits and risk management | Establish/Maintain Documentation | |
| Restrict disclosure to Internet Service Provider services in the disclosure report. CC ID 15569 | Audits and risk management | Establish/Maintain Documentation | |
| Exclude legal fees and expenses used for defense in the disclosure report. CC ID 15571 | Audits and risk management | Establish/Maintain Documentation | |
| Include the external requirements to which third parties are compliant in the disclosure report. CC ID 15573 | Audits and risk management | Establish/Maintain Documentation | |
| Include the impact of monitoring, blocking, or filtering products and services in the disclosure report. CC ID 15602 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reclassification of Internet Service Providers in the disclosure report. CC ID 15576 | Audits and risk management | Establish/Maintain Documentation | |
| Include non-monetary sanctions in the disclosure report. CC ID 15872 | Audits and risk management | Establish/Maintain Documentation | |
| Include business activities that negatively impact the target environment in the disclosure report. CC ID 15683 | Audits and risk management | Establish/Maintain Documentation | |
| Include the organization's name in the disclosure report. CC ID 15668 [{start date}{compliance disclosure statement} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Provide a statement of use Guidance ¶ 2] | Audits and risk management | Establish/Maintain Documentation | |
| Include the time period in which privacy breaches occurred in the disclosure report. CC ID 15730 | Audits and risk management | Establish/Maintain Documentation | |
| Include the metrics used to track how material topics and related impacts are managed in the disclosure report. CC ID 15686 | Audits and risk management | Establish/Maintain Documentation | |
| Include the process used to track the effectiveness of corrective actions taken to manage material topics and related impacts in the disclosure report. CC ID 15687 | Audits and risk management | Establish/Maintain Documentation | |
| Include a list of material topics in the disclosure report. CC ID 15656 [{approved standard} The organization shall: report a list of its material topics using Disclosure 3-2; Requirement 4 ¶ 1(b)] | Audits and risk management | Establish/Maintain Documentation | |
| Include changes to the list of material topics in the disclosure report. CC ID 15681 | Audits and risk management | Establish/Maintain Documentation | |
| Include the processes used to monitor material topics and related impacts in the disclosure report. CC ID 15819 | Audits and risk management | Establish/Maintain Documentation | |
| Include policies and commitments regarding each material topic in the disclosure report. CC ID 15684 | Audits and risk management | Establish/Maintain Documentation | |
| Include a commitment to preserve human rights in the disclosure report. CC ID 15854 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reasons that policies and commitments are not publicly available in the disclosure report. CC ID 15873 | Audits and risk management | Establish/Maintain Documentation | |
| Include how the impacts related to material topics are managed in the disclosure report. CC ID 15685 | Audits and risk management | Establish/Maintain Documentation | |
| Include the individuals who helped determine the material topics in the disclosure report. CC ID 15680 | Audits and risk management | Establish/Maintain Documentation | |
| Include the impacts related to each material topic in the disclosure report. CC ID 15682 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reversibility or irreversibility of impacts in the disclosure report. CC ID 16037 | Audits and risk management | Establish/Maintain Documentation | |
| Include the impact duration in the disclosure report. CC ID 16036 | Audits and risk management | Establish/Maintain Documentation | |
| Include the extent of impacts in the disclosure report. CC ID 16016 | Audits and risk management | Establish/Maintain Documentation | |
| Include the process for determining material topics in the disclosure report. CC ID 15655 [{approved standard}The organization shall: report its process of determining material topics using Disclosure 3-1; Requirement 4 ¶ 1(a)] | Audits and risk management | Establish/Maintain Documentation | |
| Refrain from including the same data in other required disclosures, as necessary. CC ID 15732 | Audits and risk management | Establish/Maintain Documentation | |
| Include the process for setting goals and targets in the disclosure report. CC ID 15763 | Audits and risk management | Establish/Maintain Documentation | |
| Include risks to the achievement of goals and targets in the disclosure report. CC ID 16166 | Audits and risk management | Establish/Maintain Documentation | |
| Include the timelines for achieving goals and targets in the disclosure report. CC ID 16164 | Audits and risk management | Establish/Maintain Documentation | |
| Include the mechanisms for achieving goals and targets in the disclosure report. CC ID 16144 | Audits and risk management | Establish/Maintain Documentation | |
| Include the progress towards goals and targets in the disclosure report. CC ID 15688 | Audits and risk management | Establish/Maintain Documentation | |
| Include a justification for disclosures that do not reconcile with data reported in other required disclosures in the disclosure report. CC ID 16053 | Audits and risk management | Establish/Maintain Documentation | |
| Include historical information and future-oriented information in the disclosure report. CC ID 16336 | Audits and risk management | Establish/Maintain Documentation | |
| Include preventive actions in the disclosure report. CC ID 15796 | Audits and risk management | Establish/Maintain Documentation | |
| Include the methodology for reporting future-oriented information in the disclosure report. CC ID 16335 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reporting period in the disclosure report. CC ID 15661 [{compliance disclosure statement}{start date} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Requirement 8 Guidance ¶ 2 To apply the Timeliness principle, the organization should: indicate the time period covered by the reported information. Timeliness Guidance ¶ 2 Bullet 3 To apply the Completeness principle, the organization should: present activities, events, and impacts for the reporting period in which they occur. This includes reporting information about activities that have a minimal impact in the short-term, but a reasonably foreseeable cumulative impact that can become unavoidable or irreversible in the long-term (e.g., activities that generate bio-accumulative or persistent pollutants); Completeness Guidance ¶ 1 Bullet 1 {start date}{compliance disclosure statement} The organization is required to insert the name of the organization and the start and end dates of its reporting period in the statement, for example: Provide a statement of use Guidance ¶ 2] | Audits and risk management | Establish/Maintain Documentation | |
| Include restatements of information from previous reporting periods and an explanation for their use in the disclosure report. CC ID 15827 | Audits and risk management | Establish/Maintain Documentation | |
| Include roles and responsibilities in the disclosure report. CC ID 15846 | Audits and risk management | Establish/Maintain Documentation | |
| Include the organization's location in the disclosure report. CC ID 16311 | Audits and risk management | Establish/Maintain Documentation | |
| Include how conflicts of interest in roles are handled in the disclosure report. CC ID 15848 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reporting structure in the disclosure report. CC ID 15845 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of whistleblowing mechanisms in the disclosure report. CC ID 16027 | Audits and risk management | Establish/Maintain Documentation | |
| Include the differences between the list of entities in financial reporting and in sustainability reporting in the disclosure report. CC ID 15874 | Audits and risk management | Establish/Maintain Documentation | |
| Include the governance structure in the disclosure report. CC ID 15840 | Audits and risk management | Establish/Maintain Documentation | |
| Include stakeholder representation in the disclosure report. CC ID 15847 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of the composition of governance bodies and committees in the disclosure report. CC ID 15843 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of significant fluctuations in the total number of contractors and outsource partners in the disclosure report. CC ID 15839 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of contractual relationships in the disclosure report. CC ID 15838 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of significant fluctuations in the total number of employees in the disclosure report. CC ID 15836 | Audits and risk management | Establish/Maintain Documentation | |
| Include research findings based on previous and current research methodologies in the disclosure report. CC ID 15630 [{negative trend}{positive trend}To apply the Balance principle, the organization should: present information in a way that allows information users to see negative and positive year-on-year trends in impacts; Balance Guidance ¶ 1 Bullet 1 To apply the Comparability principle, the organization should: present the current disclosures alongside restatements of historical data to enable comparisons if there have been changes from the information reported previously. This can include changes in the length of the reporting period, in the measurement methodologies, in the definitions used, or in other elements of reporting. The organization is required to report restatements of information under Disclosure 2-4 in GRI 2: General Disclosures 2021; Comparability Guidance ¶ 2 Bullet 7] | Audits and risk management | Establish/Maintain Documentation | |
| Include the methodology used to report numbers in the disclosure report. CC ID 15841 | Audits and risk management | Establish/Maintain Documentation | |
| Include definitions of terms in the disclosure report. CC ID 15832 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of third party relationships in the disclosure report. CC ID 15830 | Audits and risk management | Establish/Maintain Documentation | |
| Include the type of work performed by contractors and outsource partners in the disclosure report. CC ID 15842 | Audits and risk management | Establish/Maintain Documentation | |
| Include any changes made to information in restatements in the disclosure report. CC ID 15829 | Audits and risk management | Establish/Maintain Documentation | |
| Include the criteria for determining when to use restatements in the disclosure report. CC ID 15828 | Audits and risk management | Establish/Maintain Documentation | |
| Include points of contact in the disclosure report. CC ID 15826 | Audits and risk management | Establish/Maintain Documentation | |
| Include the reason that reporting periods for different reports do not align in the disclosure report. CC ID 15825 | Audits and risk management | Establish/Maintain Documentation | |
| Include a description of how information is consolidated in the disclosure report. CC ID 15824 | Audits and risk management | Establish/Maintain Documentation | |
| Include the legal form of organization in the disclosure report. CC ID 15823 | Audits and risk management | Establish/Maintain Documentation | |
| Include the ownership structure in the disclosure report. CC ID 15822 | Audits and risk management | Establish/Maintain Documentation | |
| Include the shareholding structure in the disclosure report. CC ID 16093 | Audits and risk management | Establish/Maintain Documentation | |
| Include the processes used to collect and monitor in scope information in the disclosure report. CC ID 15779 | Audits and risk management | Establish/Maintain Documentation | |
| Refrain from including out of scope information in the disclosure report. CC ID 15793 | Audits and risk management | Establish/Maintain Documentation | |
| Include the processes used to assess third party compliance in the disclosure report. CC ID 15773 | Audits and risk management | Establish/Maintain Documentation | |
| Include the calculation methodology in the disclosure report. CC ID 15733 [To apply the Accuracy principle, the organization should: indicate which data has been estimated, and explain the underlying assumptions and techniques used for the estimation as well as any limitations of the estimates. Accuracy Guidance ¶ 2 Bullet 5 To apply the Accuracy principle, the organization should: indicate which data has been measured; Accuracy Guidance ¶ 2 Bullet 2] | Audits and risk management | Establish/Maintain Documentation | |
| Include the rationale for choosing the calculation methodology in the disclosure report. CC ID 15734 | Audits and risk management | Establish/Maintain Documentation | |
| Include the effects of changes to calculation methodologies in the disclosure report. CC ID 16344 | Audits and risk management | Establish/Maintain Documentation | |
| Include the source of conversion factors in the disclosure report. CC ID 15747 | Audits and risk management | Establish/Maintain Documentation | |
| Include known limitations in the disclosure report. CC ID 15669 [To apply the Verifiability principle, the organization should: provide clear explanations of any uncertainties associated with the reported information. Verifiability Guidance ¶ 2 Bullet 7] | Audits and risk management | Establish/Maintain Documentation | |
| Include the lessons learned in the disclosure report. CC ID 15689 | Audits and risk management | Establish/Maintain Documentation | |
| Include how lessons learned are incorporated into policies and procedures in the disclosure report. CC ID 15690 | Audits and risk management | Establish/Maintain Documentation | |
| Include whether training requirements apply to third parties in the disclosure report. CC ID 15727 | Audits and risk management | Establish/Maintain Documentation | |
| Include a link to the content index in the disclosure report. CC ID 15666 [if it publishes a standalone sustainability report and the GRI content index is not included in the report itself, provide a link or reference to the GRI content index in the report. Requirement 7 ¶ 1(b) if it publishes a standalone sustainability report and the GRI content index is not included in the report itself, provide a link or reference to the GRI content index in the report. Publish a GRI content index ¶ 1(b)] | Audits and risk management | Establish/Maintain Documentation | |
| Include stakeholder engagement activities in the disclosure report. CC ID 15691 | Audits and risk management | Establish/Maintain Documentation | |
| Include supplemental disclosures in the disclosure report. CC ID 15629 [{be different}{material topic} In addition to reporting Disclosure 3-3, the organization should report other disclosures for that topic. These can include the additional sector disclosures recommended in the GRI Sector Standards, disclosures from other sources, or disclosures developed by the organization itself. Requirement 5 Reporting on material topics not covered in the GRI Topic Standards ¶ 2] | Audits and risk management | Establish/Maintain Documentation | |
| Disseminate and communicate the disclosure report to interested personnel and affected parties. CC ID 15667 [{appropriate authority}{compliance disclosure statement}The organization should include the following information in the email: The statement of use. Requirement 9 Guidance ¶ 1 Bullet 4 {compliance disclosure statement}{appropriate authority} The organization should include the following information in the email: The statement of use. Notify GRI Guidance ¶ 1 Bullet 4 {appropriate authority} The organization should include the following information in the email: The link to the report, if publishing a standalone sustainability report. Notify GRI Guidance ¶ 1 Bullet 3] | Audits and risk management | Communicate | |
| Establish, implement, and maintain high level operational roles and responsibilities. CC ID 00806 | Human Resources management | Establish Roles | |
| Define and assign the Board of Directors roles and responsibilities and senior management roles and responsibilities, including signing off on key policies and procedures. CC ID 00807 [The organization is required to report whether the highest governance body is responsible for reviewing and approving the reported information, including the organization's material topics, under Disclosure 2-14 in GRI 2: General Disclosures 2021. Requirement 8 Guidance ¶ 4] | Human Resources management | Establish Roles | |
| Establish and maintain board committees, as necessary. CC ID 14789 | Human Resources management | Human Resources Management | |
| Define and assign the roles and responsibilities of the chairman of the board. CC ID 14786 | Human Resources management | Establish/Maintain Documentation | |
| Assign oversight of C-level executives to the Board of Directors. CC ID 14784 | Human Resources management | Human Resources Management | |
| Establish, implement, and maintain candidate selection procedures to the board of directors. CC ID 14782 | Human Resources management | Establish/Maintain Documentation | |
| Include the criteria of mixed experiences and skills in the candidate selection procedures. CC ID 14791 | Human Resources management | Establish/Maintain Documentation | |
| Assign oversight of the financial management program to the board of directors. CC ID 14781 | Human Resources management | Human Resources Management | |
| Assign senior management to the role of supporting Quality Management. CC ID 13692 | Human Resources management | Human Resources Management | |
| Assign senior management to the role of authorizing official. CC ID 14238 | Human Resources management | Establish Roles | |
| Assign members who are independent from management to the Board of Directors. CC ID 12395 | Human Resources management | Human Resources Management | |
| Assign ownership of risks to the Board of Directors or senior management. CC ID 13662 | Human Resources management | Human Resources Management | |
| Assign the organization's board and senior management to oversee the continuity planning process. CC ID 12991 | Human Resources management | Human Resources Management | |
| Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Operational management | Establish/Maintain Documentation | |
| Implement and comply with the Governance, Risk, and Compliance framework. CC ID 00818 | Operational management | Business Processes | |
| Comply with all implemented policies in the organization's compliance framework. CC ID 06384 [The organization is required to comply with Requirement 3-b only if GRI Sector Standards that apply to its sectors are available. Requirement 3 Guidance to 3-b ¶ 1 {applicable requirement} The organization is required to comply with Requirement 5-b only if GRI Sector Standards that apply to its sectors are available. The Sector Standards provide information for organizations about their likely material topics. Requirement 5 Guidance to 5-b ¶ 1] | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain an environmental management system. CC ID 14945 | Operational management | Business Processes | |
| Include environmental impacts in the environmental management system. CC ID 15175 [The organization shall report information about its impacts in the wider context of sustainable development. Sustainability context ¶ 1(a)] | Operational management | Establish/Maintain Documentation | |
| Include the scope in the environmental management system. CC ID 14950 | Operational management | Establish/Maintain Documentation | |
| Include the environmental impact of activities, products, and services in the scope of the environmental management system. CC ID 15184 [To apply the Sustainability context principle, the organization should: draw on objective information and authoritative measures on sustainable development to report information about its impacts (e.g., scientific research or consensus on the limits and demands placed on environmental resources); Sustainability context Guidance ¶ 2 Bullet 1 To apply the Sustainability context principle, the organization should: report information about its impacts in relation to sustainable development goals and conditions (e.g., reporting total greenhouse gas [GHG] emissions as well as reductions in GHG emissions in relation to the goals set out in the United Nations [UN] Framework Convention on Climate Change [FCCC]Paris Agreement [4]); Sustainability context Guidance ¶ 2 Bullet 2 {local environment} To apply the Sustainability context principle, the organization should: if operating in a range of locations, report information about its impacts in relation to appropriate local contexts( e.g., reporting total water use, as well as water use relative to the sustainable thresholds and the social context of given catchments). Sustainability context Guidance ¶ 2 Bullet 4] | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain records management procedures. CC ID 11619 | Records management | Establish/Maintain Documentation | |
| Establish, implement, and maintain data processing integrity controls. CC ID 00923 [The organization shall gather, record, compile, and analyze information in such a way that the information can be examined to establish its quality. Verifiability ¶ 1(a) {other individuals} To apply the Verifiability principle, the organization should: set up internal controls and organize documentation in such a way that individuals other than those preparing the reported information (e.g., internal auditors, external assurance providers) can review them; Verifiability Guidance ¶ 2 Bullet 1] | Records management | Establish Roles | |
| Sanitize user input in accordance with organizational standards. CC ID 16856 | Records management | Process or Activity | |
| Establish, implement, and maintain Automated Data Processing validation checks and editing checks. CC ID 00924 | Records management | Data and Information Management | |
| Establish, implement, and maintain Automated Data Processing error handling procedures. CC ID 00925 | Records management | Establish/Maintain Documentation | |
| Establish, implement, and maintain Automated Data Processing error handling reporting. CC ID 11659 | Records management | Establish/Maintain Documentation | |
| Initiate the System Development Life Cycle planning phase. CC ID 06266 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Establish, implement, and maintain system design requirements. CC ID 06618 [To apply the Verifiability principle, the organization should: if the organization designs information systems for its sustainability reporting, design these systems in a way that they can be examined as part of an external assurance process; Verifiability Guidance ¶ 2 Bullet 3] | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Implement dual authorization in systems with critical business functions, as necessary. CC ID 14922 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Document stakeholder requirements and how they influence system design requirements. CC ID 06925 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Document legal requirements and how they influence system design requirements. CC ID 11793 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Design and develop built-in redundancies, as necessary. CC ID 13064 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Identify and document system design constraints. CC ID 06923 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Identify and document limitations that the implementation technology and the implementation strategy puts on the system design solution. CC ID 06928 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Design resource-isolation mechanisms into the infrastructure of Software as a Service. CC ID 12348 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Design the Software as a Service infrastructure to segment cloud customer user access. CC ID 12347 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Identify and document system development constraints. CC ID 11698 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Identify and document the system boundaries of the system design project. CC ID 06924 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Evaluate the criticality and sensitivity of information being accessed when designing systems. CC ID 07076 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Include performance criteria in the system requirements specification. CC ID 11540 | Systems design, build, and implementation | Technical Security | |
| Include accommodating increases in capacity in the system requirements specification. CC ID 11562 | Systems design, build, and implementation | Technical Security | |
| Include product upgrade methodologies in the system requirements specification. CC ID 11563 | Systems design, build, and implementation | Technical Security | |
| Include the ability of products to verify their own quality in the system requirements specification. CC ID 11564 | Systems design, build, and implementation | Technical Security | |
| Include anti-counterfeit measures in the system requirements specification. CC ID 11547 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Include anti-counterfeit measures that resist reverse engineering in the system requirements specification. CC ID 11548 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Include anti-counterfeit measures that are apparent to anti-counterfeit authentication testing in the system requirements specification. CC ID 11549 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Include anti-counterfeit measures that are interdependent between material goods and the anti-counterfeit authentication test in the system requirements specification. CC ID 11550 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Include anti-counterfeit measures that allow product characteristic change detection as the result of an attack in the system requirements specification. CC ID 11551 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Include anti-counterfeit measures that make attempts to circumvent them evident during the anti-counterfeit authentication test in the system requirements specification. CC ID 11552 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Analyze anti-counterfeit measures for their longevity. CC ID 11553 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Disallow reuse of anti-counterfeit measures absent authentication. CC ID 11554 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Include anti-counterfeit measures to be compatible with material goods associated with the product in the system requirements specification. CC ID 11555 | Systems design, build, and implementation | Physical and Environmental Protection | |
| Establish, implement, and maintain organizational documents. CC ID 16202 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Organize all compliance documents. CC ID 06096 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Organize all compliance documents to fit the message. CC ID 06097 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Define the structure for compliance documents and governance documents. CC ID 06111 [{international or national standard} publish a GRI content index that includes: the title of GRI 1 used; Requirement 7 ¶ 1(a)(iii)] | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Subordinate the structure of the compliance document to fit the topic. CC ID 06109 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Define visual and formatting styles for all structured headings. CC ID 06110 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Define the section heading style, if section headings are being used. CC ID 06112 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Use a table of contents to show sections and headings, if section headings are being used. CC ID 06113 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Place the table of contents at the document's beginning. CC ID 06114 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |
| Add term definitions to the document's end. CC ID 06115 | Harmonization Methods and Manual of Style | Establish/Maintain Documentation | |