Quick Read
SPK CSMS1000:2026 requires a sustainability policy that functions as an operational management instrument rather than an aspirational communications document, with mandatory content addressing material topics, applicable obligations, continual improvement, and harm prevention across operations and value chain. The policy must be formally approved by the governing body—not merely endorsed by executives—and this approval must be documented in governance records, reflecting the standard's intent that sustainability policy represents a collective board-level accountability commitment. The policy forms the first layer of a three-layer framework that connects governance intent to operational controls and sustainability objectives.
Executive Summary
The sustainability policy is often the first document an organisation produces and the last one it thinks carefully about. Most sustainability policies are aspirational statements — well-intentioned expressions of values and commitments that look good in a sustainability report but function poorly as management instruments. SPK CSMS1000:2026 requires something different: a governing-body-approved policy that is operationally connected to the CSMS, communicated genuinely to all relevant personnel, and auditable against specific requirements.
This paper explains what the policy, principles, and procedures clauses of the standard actually require, why the governing body approval requirement matters, and how the policy layer connects to the operational controls framework. It addresses the most common policy failures assessors find and provides practical guidance on building a policy framework that functions as a management instrument rather than a communications document.
A sustainability policy that no operational manager has read is not a management control. A policy that has never been tested against an actual decision is not a governance instrument. The standard requires a policy that is genuinely approved, genuinely communicated, and genuinely consulted when decisions are made.
1. The Three-Layer Policy Framework
SPK CSMS1000:2026 establishes a three-layer policy framework in Clauses 10.1 through 10.3. Each layer serves a different function and sits at a different level of the organisation.
Clause | Layer | Function |
|---|---|---|
10.1 | Sustainability Policy | The governing-body-approved statement of commitment and requirements — what the organisation commits to, and the standards it requires of itself |
10.2 | Principles and Guidelines | The governing principles that translate policy into behavioural expectations and decision-making guidance — how the organisation acts on its commitments |
10.3 | Procedures | The documented operational processes that implement the principles in specific business activities — what personnel actually do in specific situations |
2. The Sustainability Policy — Clause 10.1
2.1 What it must contain
The sustainability policy must be appropriate to the organisation's context and purpose — which means it must reflect the obligations identified in the obligations register (Clause 6.1) and the important and material topics identified through the IRO assessment (Clause 6.6). A policy that does not reference the organisation's material sustainability topics is not appropriate to its context.
The policy must include commitments to: satisfy applicable obligations; continually improve the CSMS; prevent harm — environmental, social, and governance harm — across the organisation's operations and value chain; and provide the framework for establishing sustainability objectives. These commitments are not optional elements — they are the minimum required content of the policy.
2.2 Governing body approval
The policy must be approved by the governing body — not just endorsed by the CEO or signed by the CSO. This requirement is specific. A policy signed by the CEO and reviewed by the board is not a governing-body-approved policy. The governing body must formally approve the policy, and this approval must be documented — in board minutes, by board resolution, or through equivalent governance record.
The governing body approval requirement reflects the governance intent of the standard: sustainability policy is a governance commitment, not an executive communication. The governing body, in approving the policy, accepts collective accountability for the commitments it contains. This is why the policy must be reviewed — and re-approved — whenever material changes in the organisation's context or important and material topics make the existing policy inadequate.
2.3 Genuine communication
The policy must be communicated to all personnel whose work has sustainability implications — which, in most organisations, means most personnel. Communication is not distribution. Assessors test whether personnel have actually received and understood the policy, not whether it is posted on an intranet page. A policy that personnel cannot locate or describe in their own words has not been genuinely communicated.
The policy must also be available to interested external parties. This typically means public availability — on the organisation's website, in its sustainability report, or on request. The availability of the policy is both a transparency requirement and a practical greenwashing risk management measure: a published policy creates an accountability benchmark against which the organisation's actions can be assessed.
2.4 The policy as a decision-making reference
The most important test of a sustainability policy is whether it is actually consulted when decisions are made. A policy that exists only as a document — that is never referenced when a commercial decision involves a sustainability trade-off — is not functioning as a management control. Assessors will ask executives and operational managers whether they have consulted the sustainability policy in the context of a recent decision. The answer reveals more about the policy's effectiveness than its content.
3. Principles and Guidelines — Clause 10.2
Guiding principles translate the high-level commitments in the policy into behavioural expectations and decision-making guidance. They occupy the layer between the policy (which states commitments) and the procedures (which specify actions in specific situations). Principles address the how and why that guides behaviour across the full range of situations not covered by specific procedures.
Effective sustainability principles are specific enough to guide decisions but general enough to apply across contexts. 'We will consider the sustainability implications of all material decisions' is too vague to guide behaviour. 'We assess the carbon footprint, human rights implications, and community impact of all capital expenditure decisions above $1 million before approval' is specific enough to guide behaviour and audit.
Principles should be communicated to the personnel most likely to encounter the situations they address — and the communication must ensure understanding, not just awareness. A sustainability principle known only to the sustainability team does not govern the decisions of the procurement manager who has never heard of it.
4. Procedures — Clause 10.3
Procedures are the documented processes through which the policy and principles are implemented in specific business activities. They are the most operational layer of the policy framework — describing what specific personnel actually do in specific situations to ensure the CSMS requirements are met.
The standard does not require procedures for every possible situation. It requires documented procedures for activities where their absence would create a material sustainability risk: procurement of materials with significant sustainability implications; handling of hazardous materials; investigation of sustainability incidents; data collection for sustainability reporting; supplier qualification for high-risk categories; and equivalent activities where undocumented or ad hoc approaches create material risk.
Procedure quality matters. A procedure that exists on paper but is unknown to the personnel who should be following it has no control value. A procedure that was accurate when written but has not been updated to reflect changes in the operating environment creates compliance risk rather than reducing it. Procedures require maintenance — a documented review cycle and a change control process.
Speeki Meridian™ — Auditor Expectations
At Stage 1, assessors will request: the sustainability policy with the governing body approval record; the principles and guidelines document; and the procedure register with selected procedures for material sustainability activities. At Stage 2, the policy assessment is primarily interview-based. Assessors will ask: Can you show me where this policy was approved in the board minutes? Can you explain what 'committed to preventing harm across our value chain' means in practice for your role? When was the last time you consulted the policy in the context of a decision? For procedures, assessors will select two or three procedures covering high-risk activities and test whether the procedures are known to and followed by the personnel responsible for them. The most common findings: policy signed by the CEO and 'noted' by the board rather than formally approved; principles that are aspirational statements indistinguishable from the policy; procedures that exist but are unknown to operational personnel; and a procedure register that has not been reviewed in more than two years.
Implementation Guidance
Start with the governing body approval process. If your sustainability policy has never been formally approved by the governing body with a documented resolution, this must be corrected before Stage 1. Schedule it as a formal agenda item — not an information item — at the next governing body meeting. Record the approval explicitly in the minutes. For the policy content, map it against your important and material topics from Clause 6.6. Does the policy reference the topics that the IRO assessment identified as material? If the policy was written before the IRO assessment was conducted, it almost certainly requires updating. For principles, ask the sustainability function to identify the five decisions where sustainability considerations are most commonly at risk of being ignored or overridden. Write principles that directly address those decisions. Test whether the principles actually change how those decisions are made. For procedures, focus first on the activities that carry the highest sustainability risk if done incorrectly: data collection for material KPIs (connecting to ICSR), supplier qualification for high-risk categories (connecting to supply chain controls), and incident reporting (connecting to investigation processes).
About Speeki
Speeki is an accredited certification body operating across more than 100 countries. Speeki certifies organisations against SPK CSMS1000:2026 through the Speeki Meridian™ certification programme. Speeki is a certification body — it does not provide sustainability consulting or advisory services of any kind.
For current details of Speeki's accreditations, scope of certification, and service offerings, visit speeki.com. You can also ask Nicole AI on the Speeki website to find the information you need.
speeki.com | © Speeki Pte Ltd 2026