MOVEit Transfer Vulnerability: Lack of Supply Chain Visibility Exacerbates Breach View Post

L. Environmental, Social and Governance

This domain covers how your organisation manages and governs its environmental and social impact.

01) Does your organisation have any certifications or audit reports that cover environmental, social or governance issues (such as ISO 14001, ISO 45001 or B Corporation certification)?

Answer yes if your organisation has obtained any certifications or any external audit reports which cover any environmental, social or governance issues. Please state the certification or report in the notes and please upload a PDF of the relevant certification or report as evidence.

Environmental, Social and Governance
Read more

02) Does your organisation have a documented Environmental Management policy?

Answer yes if your organisation has a documented environmental management policy that looks to minimise your organisation's impact on the environment. The policy must have undergone senior management review and approval within the last year. Please upload the policy (as a PDF file) as evidence.

Procurement Risk
Environmental Policy
Read more

03) Does your organisation publicly share metrics related to your Environmental, Social & Corporate Governance?

Answer yes if your organisation publicly shares information and metrics about your environmental and social impact. Please upload a copy of the latest report as evidence or provide a link to it.

Environmental, Social and Governance
Read more

04) Does your organisation conduct any activities that might be deemed as hazardous to the environment?

Answer yes if your organisation conducts any activities that could be perceived to be hazardous to the environment. This could include but is not limited to mining, construction, demolition, manufacturing, chemical processing, or fossil fuels. Please describe your business activities in the notes.

Environmental, Social and Governance
Read more

05) Has your organisation received any adverse media coverage, legal action, penalties or sanctions for environmental reasons?

Answer yes if your organisation has been subject to any adverse media coverage or legal action relating to environmental concerns or if your organisation has received any penalties or sanctions for environmental reasons. Please include details in the notes.

Environmental, Social and Governance
Read more

06) Does your organisation measure its scope 1, scope 2, or scope 3 emissions as per Greenhouse Gas (GHG) Protocol standards?

Answer yes if your organisation measures your scope 1, scope 2, or scope 3 emissions as defined by Greenhouse Gas (GHG) Protocol. If you only measure your scope 1 or 2 emissions, please still answer yes and provide the relevant information in the following questions.

Environmental, Social and Governance
Read more

07) What are your scope 1 emissions (tonnes of CO2 equivalent per year)?

Please enter the most recent measurement for your scope 1 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 1 emissions, please enter zero as your numerical answer and state this clearly in the notes section.

Environmental, Social and Governance
Read more

08) What are your scope 2 emissions (tonnes of CO2 equivalent per year)?

Please enter the most recent measurement for your scope 2 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 2 emissions, please enter zero as your numerical answer and state this clearly in the notes section.

Environmental, Social and Governance
Read more

09) What are your scope 3 emissions (tonnes of CO2 equivalent per year)?

Please enter the most recent measurement for your scope 3 emissions in tonnes of CO2 equivalent. Please state when this was last measured and provide further information on the scope and method of measurement, if applicable, in the notes section. If you do not measure scope 3 emissions, please enter zero as your numerical answer and state this clearly in the notes section.

Environmental, Social and Governance
Read more

10) Is your organisation working towards a net zero carbon emissions target?

Answer yes if your organisation is proactively working towards achieving net zero carbon emissions.

Environmental, Social and Governance
Read more

11) When do you expect to achieve net zero carbon emissions?

Please state the year in which you expect your organisation to achieve net zero carbon emissions.

Environmental, Social and Governance
Read more

12) Does your organisation have a documented Health & Safety Policy?

Answer yes if your organisation has a documented Health & Safety policy. Please upload the policy (as a PDF file) as evidence.

Procurement Risk
Registered Entity
Read more

13) Does your organisation have a senior manager or board member who is responsible for your Health & Safety Programme?

Answer yes if your organisation has an appointed resource that is responsible for the design and delivery of your company's health and safety programme. This is typically a health and safety officer. In the notes, please outline the job role and whether or not this is a dedicated full time position.

Procurement Risk
Health and Safety
Appointed Person
Read more

14) Does your organisation have an established and consistent framework for Health and Safety which includes provisions to ensure a safe and hygienic working environment for all of your personnel, in accordance with local health and safety laws and industry best practices?

Answer yes if your organisation has implemented a framework for managing health and safety compliance across your company. The framework must include health and safety awareness initiatives (such as posters), a risk assessment programme, a defined and auditable reporting process, and relevant and valid insurance policies (in the UK this is covered by your employers liability insurance). Please describe how you manage Health & Safety in the notes.

Procurement Risk
Health and Safety
Framework
Read more

15) Does your organisation work to a committed code of business ethics which includes ethical labour practises?

Answer yes if you commit to the standards set out in a publicly recognised code of ethics such as the Ethical Trading Initiative (ETI) Base Code or if your organisation has developed and abides by its own code of ethics covering labour practises. Please give more details in the notes section.

Environmental, Social and Governance
Read more

16) Does your organisation ensure compliance with all applicable human rights laws and regulations?

Answer yes if your organisation is fully compliant with all applicable human rights laws and regulations. This may include, but is not limited to, the International Bill of Human Rights, the UK Modern Slavery Act 2015, and the EU working time directive. Please note that these laws and regulations may require further actions from your organisation to ensure compliance. Please describe how you comply in the notes section and upload evidence of relevant policies, processes or compliance documents.

Procurement Risk
Human Rights
Read more

17) Does your organisation have policies and procedures in place that ensure the prevention of modern slavery?

Answer yes if your organisation has policies and accompanying procedures in place to prevent modern slavery in your own organisation and within your supply chains. Relevant policies may include: Supplier code of conduct, Migrant worker policy, Child labour policy, Human rights policy, Recruitment policy, Procurement policy, Employee code of conduct, Policies concerning access to remedy, compensation and justice for victims of modern slavery, Policies that relate to staff training and increasing awareness of modern slavery, Policies that relate to worker wages, welfare and living standards. Please include in the notes details of your policies and procedures and upload the relevant documents (as PDF files) as evidence.

Environmental, Social and Governance
Read more

18) Have any incidences of modern slavery been recorded or uncovered within your organisation or supply chains in the past 12 months?

Answer yes if there have been any suspected or confirmed cases of modern slavery within your organisation or within your supply chain in the past 12 months. Please include in the notes details about how the incidences were identified, investigated and what action was taken.

Environmental, Social and Governance
Read more

19) Does your organisation provide a grievance mechanism for workers to raise workplace concerns?

Answer yes if your organisation has a mechanism in place (backed up by a written policy document with a defined process) that allows employees and contractors to address grievances relating to their employment. Please upload the policy document (as a PDF file) as evidence.

Procurement Risk
Grievance
Read more

20) Does your organisation have a documented diversity and inclusion policy?

Answer yes if your organisation has a documented diversity and inclusion policy that outlines the organisation's commitment to providing an inclusive and supportive environment for staff, contractors and visitors that is free from discrimination.

Procurement Risk
Diversity and Inclusion
Read more

21) Does your organisation provide a confidential method (also known as a whistleblowing procedure) for employees and contract staff to freely report any perceived issues that might impact your clients or their customers?

Answer yes if your organisation has a defined and documented procedure that enables employees and contract staff to report any incidents or perceived issues confidentially. This is typically provided through a confidential phoneline or email address. Please outline the process in the notes section provided, or upload a policy or process document (as a PDF file) as evidence.

Procurement Risk
Whistleblowing
Read more

22) Does your organisation clearly inform employees and contract staff how to access and utilise the whistleblowing procedure to confidentially report any issues?

Answer yes if your organisation clearly informs all employees and contract staff how to access and utilise the whistleblowing procedure.

Procurement Risk
Whistleblowing Awareness
Read more

23) Does your organisation conduct regular assurance activities against its suppliers to ensure they are operating in line with your own environmental, social and governance policies, including checking that they are compliant with relevant laws and regulations?

Answer yes if your organisation conducts regular (e.g. quarterly, annually) supplier assurance to ensure your suppliers meet the same standards of environmental management, social responsibility, and governance that is expected of your organisation, and that they are compliant with all applicable laws and regulations. Describe the nature and frequency of the assurance activities in the notes.

Environmental, Social and Governance
Read more