Using ISO 37301 to build an ESG-Compliant management system

Most companies are now coming to grips with the European Corporate Sustainability Directive (CSDD), which mandates certain ESG-driven due diligence activity in the supply chain. Many companies that already carried out some form of supplier-based due diligence (albeit likely for non-ESG matters) are now considering the impact of the CSDD and which changes need to be made to their existing due diligence programmes to align with the directive. 

Most existing due diligence on suppliers is done as part of a ‘best practice’ initiative, where the due diligence is not directly mandated by any laws but is instead done as part of another compliance initiative (e.g. anti-bribery due diligence). It therefore only covers a small element of the requirements of CSDD. 

Compliance with the CSDD will be different because it places a clear obligation on the company to conduct some form of due diligence on the supply chain. It is a mandatory requirement backed by a law and places accountability with the company to not only perform the due diligence but take active steps to reduce the risks of underlying conduct (e.g. human rights or environmental issues). CSDD has enforcement teeth and places obligations on directors to be held responsible for lapses in compliance (although it is noted that this piece may be watered down). Because a new law is, or will shortly be, in place, there is a need to ensure compliance with the requirements of that law in addition to any internal obligations (i.e. policies) that you may already have.

Speeki believes it is necessary to combine all these various due diligence issues as one compliance system and manage it as one programme. As more obligations get added, you simply add them into your management system. 

Many companies use the phrase ‘third party due diligence’, but at Speeki we tend to use the phrase ‘ESG due diligence’. Whether it is a second party, third party, or fourth party is irrelevant – it is still due diligence and needs to be broad enough to account for the various relationships between you and your counterparties. 

ISO 37301 is the perfect solution to compliance with the CSDD and all other due diligence initiatives because it provides a framework for companies to identify, assess and mitigate the broad range of risks associated with their due diligence activities. The due diligence becomes the compliance management system, and the underlying obligations covered by that management system include both internal policies and the CSDD.

ISO 37301 is a standard for compliance management systems. It can be used to manage any risk area, law, commitment or policy. It is not limited in its application and is perfect for when a growing number of global obligations are being layered on top of an existing system. 

ISO 37301 provides some essential elements, such as: 

• risk assessment – the company should identify and assess the risks inside its supply chain, including the environmental and social risks associated with its activities and how these risks are being addressed by due diligence, as well as the likelihood of these risks happening and whether the existing controls are effectively managing them
• prevention – the company should take actions with clear, measurable objectives to prevent or mitigate the risks and ensure that those steps effectively manage the risk
• remediation – the company should have a plan to remediate any failure to meet the stated objectives of its system
• reporting – the company should report on its due diligence activities to its stakeholders and clearly identify areas where improvements can be made. 

In addition, ISO 37301 is a globally recognised standard, which means that companies certified to ISO 37301 can demonstrate their commitment to customers, investors and other stakeholders around the world. This will be particularly important as a defence if any regulator overseeing the CSDD asks you to explain your compliance. 

Here are some of the benefits of using ISO 37301 to comply with the CSDD: 

• Reduced risk
• A well-designed due diligence programme can help companies reduce the risk of causing environmental or social harm, reducing the costs associated with selecting bad suppliers or those arising from any investigation into human rights or environmental issues in their supply chain. 
• Improved reputation
• Companies that are seen to be taking steps to address environmental and social issues can improve their reputation with stakeholders. Using a verifiable and certifiable standard is evidence of that commitment. 
• New business opportunities
• Companies that effectively and sensibly manage supply chain risk without overburdening suppliers can more easily engage with suppliers as partners and build better relationships. 
• Cost savings
• By taking steps to prevent or mitigate environmental and social risks in their supply chain, companies can avoid the costs of remediation and other negative consequences. 

If your company needs to comply with the CSDD, ISO 37301 is the perfect solution. It is a comprehensive, globally recognised standard that can help reduce risk, improve reputation and attract relationships with new suppliers. Even better, it supports you to look more holistically at your due diligence measures across many obligations, rather than building a compliance system on every law or obligation.