SPK CSMS1000:2026 – Speeki Corporate Sustainability Management System Standard

ISO 14001:2015

Environmental management systems — Requirements with guidance for use

ISO 14064-1:2018

Greenhouse gases — Part 1: Organisational level GHG quantification and reporting

ISO 45001:2018

Occupational health and safety management systems — Requirements

ISO 50001:2018

Energy management systems — Requirements with guidance for use

ISO 37001:2016

Anti-bribery management systems — Requirements with guidance for use

ISO 42001:2023

Artificial intelligence management systems

ISO 26000:2010

Guidance on social responsibility (informative reference)

ISO 19011:2018

Guidelines for auditing management systems

ISO 31000:2018

Risk management — Guidelines

Global Circularity Protocol (current edition)

Measurement and reporting framework for organisational circular economy performance. Published by the World Business Council for Sustainable Development (WBCSD) and the Circle Economy Foundation.

ISO 59004:2024

Circular economy — Vocabulary, principles and guidance for use. Published by ISO/TC 323.

ISO 59010:2024

Circular economy — Transition of business models and value networks. Published by ISO/TC 323.

ISO 59020:2024

Circular economy — Measuring and assessing circularity. Published by ISO/TC 323.

GHG Protocol (current editions)

Corporate Standard; Scope 2 Guidance; Scope 3 Standard; Project Protocol

UN Guiding Principles

UN Guiding Principles on Business and Human Rights

TCFD Recommendations

Task Force on Climate-related Financial Disclosures

ISSB S1/S2

IFRS Sustainability Disclosure Standards

Governing body

The person or group of persons that has ultimate responsibility and authority for an organisation's activities, governance, and policies, and to which senior leadership reports and by which senior leadership is held accountable. A governing body may include a board of directors, supervisory board, board of trustees, partners, or equivalent. Where no separate governing body exists, the governing body requirements of this standard apply to senior leadership.

Senior leadership

The person or group of people who direct and control the organisation at the highest executive level. Senior leadership has the power to delegate authority and provide resources. For the purposes of this standard, senior leadership and top management are synonymous. Where the scope of the CSMS covers only part of an organisation, senior leadership refers to those who direct and control that part.

Interested party (preferred term) / Stakeholder (admitted term)

A person or organisation that can affect, be affected by, or perceive itself to be affected by a decision or activity of the organisation. Internal interested parties include employees, management, and the governing body. External interested parties include investors, lenders, customers, suppliers, communities, regulators, and civil society.

Personnel

Individuals in a working relationship with the organisation, whether recognised as an employment relationship under applicable law or under any contractual relationship. Includes employees, contractors working under the organisation's direction, and others performing work on behalf of the organisation.

Third party

A person or body that is independent of the organisation. All external service providers, suppliers, agents, and business associates are third parties. Outsourcing a CSMS activity to a third party does not transfer the organisation's responsibility for satisfying the requirements of this standard.

Chief Sustainability Officer (CSO)

The senior executive or equivalent designated role responsible for leading and managing the CSMS. The role may be a dedicated executive position or combined with other senior management responsibilities, depending on the size and complexity of the organisation. The CSO or equivalent shall have sufficient seniority, authority, and independence to discharge the responsibilities of the sustainability function as defined in Section 9, and shall have direct access to the governing body as required under Clause 7.5.

Risk

The effect of uncertainty on objectives. An effect is a deviation from the expected — positive or negative. Risk is often expressed in terms of the likelihood of an event and its consequences. For the purposes of this standard, risk includes both threats (negative effects) and the basis for identifying opportunities (positive effects).

Opportunity

A sustainability-related positive prospect for the organisation arising from its activities, context, or the transition to a more sustainable economy. Opportunities may include new markets, cost reductions, improved access to capital, enhanced reputation, or strengthened stakeholder relationships.

Competence

The ability to apply knowledge and skills to achieve intended results. Competence may be demonstrated through education, training, experience, or qualification. For sustainability management roles, competence includes the ability to drive outcomes across organisational functions without direct line authority.

Performance

A measurable result. Performance may relate to quantitative or qualitative findings and may apply to managing activities, processes, products, services, systems, or the CSMS as a whole.

Effectiveness

The extent to which planned activities are realised and planned results are achieved. An effective CSMS produces its intended outcomes. Effectiveness is one of three dimensions of continual improvement alongside suitability and adequacy.

Suitability

The extent to which the CSMS is appropriate and fit for the organisation's current context, material topics, stakeholder expectations, and applicable obligations. A suitable CSMS is correctly designed for the organisation's circumstances.

Adequacy

The extent to which the CSMS has sufficient scope, resources, governance, and controls to address all important and material sustainability topics within the certified scope. An adequate CSMS covers what it needs to cover.

IRO (Impacts, Risks, and Opportunities)

The three categories of sustainability matter assessed under the IRO-led workflow of SPK CSMS1000:2026 Section 6. Impacts are the organisation's actual or potential positive or negative effects on people, society, and the environment. Risks are sustainability-related threats to the organisation's own financial performance, business model, or assets. Opportunities are sustainability-related prospects for value creation, cost reduction, or competitive advantage. An IRO can involve both outward and inward dimensions simultaneously.

Action plan

A documented schedule of concrete actions required to achieve the organisation's sustainability objectives and SMART goals under Clauses 8.1, 8.2, and 8.4. Each action specifies what will be done, who is responsible, what resources are required, and when it will be completed.

Controls assessment

The evaluation of existing sustainability management controls — policies, procedures, operational measures, monitoring mechanisms, and governance arrangements — against the requirements of each important sustainability topic, identifying adequacy and gaps. The controls assessment under Clause 6.7 is the diagnostic baseline for the annual action plan under Clause 8.4.

Materiality type

The type of materiality analysis applicable to the organisation, determined by its reporting obligations under Clause 6.6. Types include impact materiality, financial materiality, and double materiality. The materiality type determines the topics assessed, the stakeholders engaged, and the methodology applied in the importance determination under Clause 6.7.

Audit programme

A set of one or more audits planned for a specific time frame and directed towards a specific purpose, managed in accordance with ISO 19011:2018. The audit programme for the CSMS shall define objectives, scope, frequency, resources, and responsibilities for internal audits conducted under Clause 12.4.

Audit

A systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. An audit may be internal (first party) or external (second or third party). Internal audits under this standard are conducted by the organisation itself or by an external party on its behalf.

Monitoring

The process of determining the status of a system, process, or activity. Monitoring involves checking, supervising, or critically observing over a period of time to identify change.

Procedure

A specified way to carry out an activity or process. A procedure may or may not be documented. Where this standard requires a documented procedure, the procedure must be maintained as documented information.

Documented information

Information required to be controlled and maintained by the organisation, and the medium on which it is contained. Documented information may be in any format and from any source. It may relate to the CSMS and its processes, information created for the organisation to operate (documentation), or evidence of results achieved (records).

Continual improvement

A recurring activity to enhance performance. Continual improvement encompasses improvement in suitability (the CSMS remains appropriate to context), adequacy (the CSMS covers what it needs to cover), and effectiveness (the CSMS achieves its intended outcomes). Continual improvement is distinct from corrective action, which addresses specific non-conformities.

Corrective action

Action to eliminate the root cause or causes of a non-conformity and to prevent recurrence. Corrective action addresses why the non-conformity occurred, not only what happened. Corrective action is distinct from immediate correction, which addresses the non-conformity itself, and from continual improvement, which enhances performance in the absence of a specific failure.

Non-conformity

Non-fulfilment of a requirement of this standard. A major non-conformity is a systemic failure to satisfy a requirement, or a pattern of isolated failures indicating a systemic weakness. A minor non-conformity is an isolated failure that does not indicate a systemic breakdown. Non-conformity is distinct from non-compliance (failure to meet an external obligation) and from performance shortfall (failure to achieve an ambitious objective).

Non-compliance

Non-fulfilment of a compliance obligation — a legal, regulatory, or contractual requirement identified in the obligations register under Clause 6.6. Non-compliance is distinct from CSMS non-conformity. A non-compliance may also constitute a CSMS non-conformity where the organisation's obligations management or control systems have failed.

Sustainability incident

An event that has caused, or has the potential to cause, actual harm to people, the environment, or society in connection with the organisation's activities, products, or services, or that has caused or could cause material harm to the organisation's sustainability commitments or disclosures. Sustainability incidents are managed through the non-conformity process under Clause 14.2 with additional notification requirements under Clause 7.5.

Sustainability culture

The values, ethics, beliefs, and conduct related to sustainability that exist throughout an organisation and interact with its structures, processes, and control systems to produce behavioural norms that support or undermine the achievement of the CSMS's intended outcomes. Sustainability culture is an outcome of leadership behaviour, governance arrangements, incentive structures, and communication — not a product of awareness training alone.

Circular economy

An economic model designed to eliminate waste and pollution, keep products and materials in use at their highest value for as long as possible, and regenerate natural systems. A circular economy replaces the linear take-make-dispose model with strategies including reduction, reuse, repair, remanufacturing, recycling, and biological recovery of materials and nutrients.

Circular material use rate (CMU rate)

The proportion of material inputs entering an organisation's operations or products that are sourced from circular flows — including recycled content, reused materials, and recovered by-products — rather than from virgin or primary resources, as calculated using the Global Circularity Protocol or ISO 59020:2024 methodology.

Material flow

The movement of materials into, through, and out of an organisation's operations, products, and services, encompassing raw material inputs, in-process materials, products and by-products produced, waste generated, and end-of-life material recovery. Material flow mapping is the primary tool for circular economy assessment under Clause 10.14.

Waste diversion rate

The proportion of total waste generated by the organisation that is diverted from landfill and incineration through reuse, repair, remanufacturing, recycling, or energy recovery, expressed as a percentage of total waste generated in the reporting period.

Greenhouse gas (GHG)

A gaseous component of the atmosphere that absorbs and emits radiation within the thermal infrared range, contributing to the greenhouse effect. For the purposes of this standard, GHGs include the seven gases covered by the UNFCCC: CO2, CH4, N2O, HFCs, PFCs, SF6, and NF3, expressed as carbon dioxide equivalents (CO2e).

Corporate Sustainability Management System (CSMS)

The set of interrelated and interacting elements used by an organisation to plan, implement, measure, and improve its corporate sustainability and ESG programme across all important and material sustainability topics. The CSMS encompasses the nine stages of the Speeki programme management framework.

Material Sustainability Topic

A sustainability topic significant due to its financial impact on the organisation (financial materiality), its impact on people, society, or the environment (impact materiality), or both, as determined through the organisation's materiality assessment under Clause 6.2.

Important Sustainability Topic

A sustainability topic that the CSMS shall address from a governance and management perspective, regardless of whether it crosses the materiality threshold for external reporting. All material topics are also important topics, but not all important topics are material for reporting purposes.

Double Materiality

The assessment of sustainability topics from two perspectives simultaneously: financial materiality (how sustainability-related risks and opportunities affect the organisation's cash flows, financial position, and financial performance) and impact materiality (the significance of the organisation's actual and potential impacts on people, society, and the environment).

Impacts, Risks, and Opportunities (IROs)

The three categories assessed through double materiality analysis under Clause 6.2. Impacts are the organisation's actual and potential effects on people, society, and the environment — positive or negative, intended or unintended. Risks are sustainability-related threats to the organisation's business model, strategy, and financial performance. Opportunities are sustainability-related positive prospects for value creation.

Importance and Materiality Assessment

The combined process by which the organisation determines: (a) which sustainability topics are important and shall be addressed by the CSMS (importance assessment); and (b) which sustainability topics require inclusion in external sustainability reporting through double materiality analysis using the IRO framework (materiality assessment).

Value Proposition

A documented rationale for sustainability investment tailored to a specific stakeholder group, articulating the business value — financial, operational, reputational, or risk-related — of the CSMS or a specific ESG initiative.

Obligations Register

A documented record of all mandatory compliance obligations (laws, regulations, permits, judicial orders, and mandatory reporting requirements) and voluntary sustainability commitments (frameworks, codes, standards, and contractual ESG obligations) applicable to the organisation's important and material sustainability topics.

SMART Goal

A sustainability objective expressed as Specific, Measurable, Achievable, Relevant, and Time-bound, with documented baseline, target value, measurement methodology, data quality controls, and assigned data owner.

Internal Controls for Sustainability Reporting (ICSR)

The system of controls governing the collection, processing, validation, and reporting of sustainability data, designed to ensure accuracy, completeness, and consistency in sustainability disclosures. ICSR applies the principles of the COSO internal control framework or equivalent to sustainability data management.

SPK CSMS1000:2026 Certification

The single-outcome certification awarded by Speeki to an organisation that satisfies all normative requirements of this standard as demonstrated through the SPK CSMS1000:2026 assessment process. An organisation is either certified or not certified. There are no graduated certification levels.

Shall

Indicates a normative requirement of this standard. Non-fulfilment of a shall requirement constitutes a non-conformity and may prevent certification or result in suspension or withdrawal of an existing certificate.

Should

Indicates a recommendation. Should requirements appear only in Annex A (Implementation Guidelines). Departure from a should requirement does not constitute a non-conformity against this standard.

May

Indicates a possibility or permission. May does not indicate a requirement.

5.1.1

The organisation shall determine and document the internal and external context relevant to corporate sustainability, addressing at minimum: the organisation's business model, industry and sector, key products and services, geographic footprint, ownership and governance structure, and the primary drivers for the corporate sustainability programme spanning regulatory requirements, investor and financial institution expectations, customer requirements, employee expectations, competitive positioning, and reputational considerations.

5.1.2

The organisation shall assess and document the current state of existing sustainability and ESG initiatives across the organisation, including programmes already in place, policies adopted, certifications held, and public commitments made, identifying gaps against the intended CSMS scope.

5.1.3

The organisation shall assess the potential ESG impact of the organisation's operations on the environment, affected communities, customers, and markets, documenting this as the organisation's impact footprint, and assess how sustainability risks and opportunities affect the organisation's financial performance and position, applying double materiality analysis.

5.1.4

The organisation shall determine the governance model for the CSMS — whether centrally directed or distributed across business units and regions — and document the model, its rationale, the allocation of budget and resources, and the treatment of subsidiaries, joint ventures, and minority investments.

5.1.5

The organisation shall maintain context documentation as current documented information reviewed at intervals not exceeding 24 months, and demonstrate that context reviews are used to update the materiality assessment, risk register, and programme priorities.

5.2.1

The organisation shall define and document the geographical scope of the CSMS specifying the countries, regions, and legal entities included, and the organisational boundary using one of the following consolidation approaches: equity share, financial control, or operational control, with documented rationale.

5.2.2

The organisation shall document the treatment of subsidiaries, joint ventures, and minority investments with respect to the CSMS scope, including whether they are required to adopt the programme, maintain their own equivalent, or are excluded with documented rationale.

5.2.3

The organisation shall document whether and to what extent the scope covers supply chain and sales channel ecosystems, including the specific ESG requirements applicable to third parties in those ecosystems and the mechanism for communicating and monitoring those requirements.

5.2.4

The organisation shall document the rationale for any scope exclusions, confirm through documented analysis that no exclusion results in a material ESG risk being unmanaged, and review scope boundaries annually.

5.3.1

The organisation shall conduct and document research to build value propositions for the sustainability programme, covering at minimum: employee or workforce surveys on ESG expectations; competitor and peer ESG programme analysis reviewing at least three material industry peers; a legal and regulatory obligation review across all material jurisdictions; and business use case development demonstrating how each material ESG topic connects to financial value (revenue, cost, risk, capital access, or talent).

5.3.2

The organisation shall maintain a current research base, reviewed and updated annually, incorporating regulatory development tracking, investor ESG expectation analysis, customer ESG requirement review, and peer benchmarking data.

5.3.3

The organisation shall document how specific research findings have directly influenced programme priorities, objective-setting, policy design, and resource allocation decisions, creating a traceable connection between evidence and programme design.

5.4.1

The organisation shall conduct benchmarking analysis covering all material sustainability topics, referencing competitor sustainability report disclosures, applicable reporting framework requirements (GRI, ISSB, ESRS), available ESG rating criteria, and investor stewardship expectations.

5.4.2

The organisation shall use benchmarking outcomes as a primary input to the objective-setting process, documenting how benchmarks have calibrated the ambition of each material objective, and address any finding that the organisation is materially below peer performance with a documented action plan.

5.5.1

The organisation shall develop and document value propositions for the CSMS tailored to each of the following stakeholder groups: (a) executives and senior leadership — focused on financial performance, competitive advantage, and risk mitigation; (b) management — focused on operational efficiency, risk management, and team performance; (c) employees — focused on brand, workplace quality, and personal purpose; (d) the governing body — focused on governance quality, investor relations, regulatory compliance, and long-term enterprise value.

5.5.2

The organisation shall ensure each value proposition is substantiated by documented evidence from the research conducted under Clause 5.3, with specific financial, operational, or reputational justifications provided for sustainability investment across each material topic.

5.5.3

The organisation shall review and update value propositions annually, incorporate updated research and stakeholder feedback, and demonstrate that value propositions have been used to secure and maintain leadership support and resource allocation for the CSMS.

6.1.1

The organisation shall identify and document all obligations applicable to the organisation, establishing the business rationale for the CSMS. Obligations answer the foundational question of why the organisation is managing sustainability at all — they define what the organisation must achieve (mandatory obligations) and has committed to achieve (voluntary obligations), and they frame the scope and priorities of the entire CSMS. Obligations shall be classified as: (a) mandatory obligations — laws, regulations, permits, binding reporting requirements, and regulatory standards across all jurisdictions of material operation, including sustainability disclosure obligations (CSRD/ESRS, SGX sustainability reporting rules, HKEX ESG reporting requirements, SEC climate disclosure rules, and equivalents); labour, environmental, health and safety, and anti-corruption laws; human rights due diligence obligations (CSDDD, German SCDDA, and equivalents); and contractual ESG obligations with material counterparties; and (b) voluntary obligations — sustainability frameworks, codes, standards, and commitments the organisation has chosen to adopt, including GRI, ISSB, TCFD, TNFD, and voluntary certification schemes.

6.1.2

The organisation shall document for each obligation: the source, nature, and jurisdiction; the sustainability topics and domains it governs; the reporting, disclosure, or management requirements it creates; the applicable materiality type — impact materiality (GRI/impact-led frameworks), financial materiality (ISSB/investor-led frameworks), or double materiality (CSRD/ESRS — both simultaneously); the consequence of non-fulfilment; and the responsible owner within the organisation. The obligations register is the primary input to: determining which stakeholder groups must be engaged under Clause 6.2; scoping the IRO identification process under Clause 6.3; determining the applicable significance criteria for the IRO assessment under Clause 6.4; and determining which sustainability topics require external reporting under Clause 6.6.

6.1.3

The organisation shall use the obligations register to identify which stakeholder groups are implicated by the organisation's obligations — for example, investor-led frameworks (ISSB) implicate capital providers; impact-led frameworks (GRI) implicate affected communities and workers; supply chain due diligence obligations implicate suppliers and affected communities. This stakeholder identification informs and scopes the stakeholder analysis under Clause 6.2, ensuring that the right voices are engaged in the IRO process for the right reasons.

6.1.4

The organisation shall review and update the obligations register at least annually and whenever the organisation enters new jurisdictions, takes on new voluntary commitments, or when applicable regulations change materially. Changes to the obligations register shall be assessed for their implications for the scope and materiality type of the CSMS and reported to the governing body.

6.2.1

The organisation shall identify and document all material internal and external stakeholders relevant to the organisation's sustainability management, including: internal stakeholders (employees, management, executives, governing body); and external stakeholders (investors, lenders, customers, suppliers, affected communities, civil society, regulators, and sales channel partners). For each group, document their sustainability-related interests and concerns, the nature of their relationship to the organisation's impacts and risks, and the appropriate mechanism and frequency for engagement.

6.2.2

The organisation shall use the identified stakeholder groups as active participants in the IRO identification process under Clause 6.2, ensuring that stakeholder input — including the views, concerns, and priorities of those most directly affected by the organisation's activities — informs and shapes the IRO universe. Prioritise for engagement those stakeholders most relevant to the organisation's material operations and highest-significance impact areas.

6.2.3

The organisation shall maintain ongoing stakeholder engagement channels appropriate to each group, document the outcomes and views expressed, and update the stakeholder analysis whenever significant changes in the organisation's context, operations, or material topics occur. Stakeholder input shall be traceable through the IRO process to the importance and materiality determinations under Clauses 6.5 and 6.6.

6.3.1

The organisation shall identify and document the full universe of the organisation's actual and potential impacts, risks, and opportunities (IROs) across its own operations and value chain, considering: (a) actual and potential negative impacts — where the organisation causes, contributes to, or is directly linked to harm to people, society, or the environment through its activities, products, services, or business relationships; (b) actual and potential positive impacts — where the organisation creates or contributes to benefit through its activities; and (c) sustainability-related risks and opportunities — where sustainability issues create financial risks (threats to business performance, cash flows, or assets) or opportunities (prospects for growth, cost reduction, or competitive advantage) for the organisation itself.

6.3.2

The organisation shall conduct IRO identification through a structured process that draws on: the organisation's context and business model under Clause 5.1; sector-specific impact taxonomies and peer practice; stakeholder input from Clause 6.1, particularly the perspectives of those affected by the organisation's activities; established IRO or impact frameworks including the ESRS list of sustainability matters, the GRI Universal Standards, and TNFD nature-related risk and opportunity frameworks; and the outputs of due diligence processes under Clause 10.10. The identification process shall consider different time horizons — short, medium, and long term.

6.3.3

The organisation shall document each identified IRO with: a description of the impact, risk, or opportunity; the activity or relationship through which it arises; the part of the value chain affected; whether it is actual (occurring) or potential (possible); the stakeholders most affected or concerned; and whether it is primarily an outward impact on people or the environment, an inward financial risk or opportunity, or both. The IRO inventory shall be reviewed and updated at least annually.

6.4.1

The organisation shall assess each identified IRO for significance using documented criteria and thresholds, considering the following assessment dimensions: (a) for negative impacts — scale (how severe is the harm); scope (how widespread is the harm, measured by the number of people affected or the extent of environmental damage); remediability (how easily can the harm be addressed or reversed); and likelihood (how probable is the impact for potential impacts); (b) for positive impacts — scale and scope of the benefit and the number of people or extent of environment positively affected; (c) for financial risks and opportunities — the magnitude of the potential financial effect on the organisation's cash flows, revenues, costs, or asset values; the likelihood of materialisation; and the time horizon over which it is relevant.

6.4.2

The organisation shall incorporate stakeholder relevance as an assessment dimension: for each IRO, document the significance attributed to it by the stakeholder groups most directly affected, drawing on the stakeholder engagement conducted under Clause 6.2. Where stakeholder views differ materially from the organisation's own assessment of significance, document the difference and the rationale for the final assessment conclusion.

6.4.3

The organisation shall document the assessment outcome for each IRO — the significance rating, the assessment criteria and thresholds applied, and the key evidence or assumptions underlying the rating. The IRO assessment shall be reviewed at least annually and whenever significant changes in the organisation's activities, value chain, or external environment occur.

6.5.1

The organisation shall cluster the assessed IROs into coherent sustainability topics, grouping together IROs that relate to the same underlying sustainability issue, affect similar stakeholders, or require similar management responses. Topics shall be sufficiently specific to be distinctly managed and reported, and sufficiently broad to provide a coherent and manageable framework. Document the grouping methodology and the assignment of each IRO to its topic.

6.5.2

The organisation shall use established sustainability topic taxonomies — including the ESRS list of sustainability matters, the GRI material topics taxonomy, and applicable sector-specific frameworks — as a reference starting point for topic grouping, adapting the taxonomy to reflect the specific IROs identified for the organisation. The topic list shall be agreed by senior leadership before proceeding to the importance determination under Clause 6.7.

6.6.1

The organisation shall apply the significance assessment from Clause 6.4 to each sustainability topic to determine its management and reporting status. The determination produces two distinct lists: (a) the importance list — topics that must be actively managed within the CSMS because their significance is sufficient to warrant sustained management attention, controls, and performance monitoring, regardless of whether they require external reporting; and (b) the materiality list — topics from the importance list that cross the disclosure threshold required by the applicable reporting frameworks identified under Clause 6.1. All material topics are also important. Not all important topics are necessarily material for reporting. An organisation may manage 20 important topics in its CSMS but report externally on 12 material topics — the remaining 8 are still managed, but not individually disclosed.

6.6.2

The organisation shall document the determination for each topic: whether it is important (management priority), material for reporting (reporting priority), or both; the IROs driving the determination and the significance ratings from Clause 6.4; the stakeholder input from Clauses 6.2 and 6.3 that informed it; the applicable materiality type and framework under Clause 6.1; and where a topic is not classified as important, the rationale for exclusion. The documentation shall be sufficient to demonstrate the traceability from the IRO universe through the significance assessment to the management and reporting conclusions.

6.6.3

The organisation shall submit the completed importance and materiality determination — including both lists and the rationale for each conclusion — to the governing body for formal approval before it is used as the basis for the CSMS scope, objectives, and controls. The governing body approval confirms the organisation's management priorities and reporting commitments and shall be documented. For each material topic, document the disclosure linkage: the specific framework requirements, applicable metrics, and required disclosures under the frameworks identified in Clause 6.1.

6.6.4

The organisation shall review the importance and materiality determination at least annually, considering changes in the IRO universe, the obligations register, and the outcomes of stakeholder engagement. Changes to the importance or materiality lists shall be approved by the governing body before being reflected in the CSMS or sustainability report.

6.7.1

The organisation shall conduct and document a controls and risk assessment for each topic identified as important under Clause 6.7, evaluating: (a) the existing controls in place — the policies, procedures, operational measures, monitoring mechanisms, and governance arrangements currently addressing the topic; (b) the adequacy of those controls — whether existing controls are proportionate to the significance of the topic and the IROs driving it; and (c) the control gaps — important topics or aspects of topics where controls are absent, insufficient, or not operating effectively.

6.7.2

The organisation shall assess the residual risk profile of each important topic after considering existing controls, evaluating the likelihood and magnitude of adverse outcomes — impacts on people or environment, financial consequences, or stakeholder concerns — that could materialise if current controls are maintained without change. Prioritise topics where residual risk is highest or where identified control gaps are most significant.

6.7.3

The organisation shall produce a documented assessment output that lists each important topic with its current controls, identified gaps, and residual risk rating; identifies the priority actions required to address material control gaps; and connects directly to the sustainability objectives under Clause 8.1 and the annual action plan under Clause 8.4. The controls and risk assessment shall be reviewed at each management review cycle under Clause 12.3 and updated whenever the importance determination under Clause 6.7 changes.

7.1.1

The organisation shall secure and document buy-in from each internal function with material CSMS responsibilities, including at minimum human resources, finance, legal and compliance, procurement, and operations, confirming that each function understands its specific sustainability responsibilities and has accepted accountability for them.

7.1.2

The organisation shall manage external stakeholder buy-in through documented communications to material suppliers on ESG expectations, to investors and financial institutions presenting the programme and performance data, and to customers on sustainability commitments relevant to products and services.

7.1.3

The organisation shall maintain active buy-in through annual confirmation from material internal functions of their current CSMS responsibilities and annual external stakeholder engagement demonstrating continued alignment.

7.2.1

The organisation shall secure documented approval and endorsement of the CSMS from the CEO or equivalent, including formal sign-off of the sustainability policy, and ensure the governing body is informed of the CSMS scope, governance structure, and objectives.

7.2.2

The organisation shall assign named oversight responsibility for the CSMS to a designated governing body member, committee, or subcommittee with documented terms of reference, ensure the governing body receives CSMS performance reports at intervals not exceeding 6 months, and confirm that at least one governing body member has demonstrated sustainability competence through documented training, relevant experience, or professional qualification.

7.2.3

The organisation shall ensure sustainability risks and opportunities are formally considered as part of the governing body's strategic oversight and risk management processes, with sustainability risks appearing in the enterprise risk register reviewed by the governing body.

7.2.4

The organisation shall include sustainability performance accountability in the documented performance objectives of the CEO and, where applicable, other members of the senior leadership team with material CSMS responsibilities, with defined and measurable sustainability performance criteria.

7.3.1

The organisation shall solicit and document feedback from a representative sample of employees on the CSMS at programme launch and following each material programme update, communicate the programme's purpose, scope, material topics, and employee contribution to all personnel, and maintain active employee engagement mechanisms with documented engagement activities conducted at intervals not exceeding 12 months.

7.3.2

The organisation shall demonstrate that employee feedback has influenced programme design or implementation, and ensure employees in sustainability-relevant roles can articulate their specific CSMS responsibilities and understand the material sustainability topics relevant to their work.

7.4.1

The organisation shall develop, maintain, and promote a sustainability culture at all levels of the organisation, embedding the values, behaviours, and conduct standards required to achieve the intended outcomes of the CSMS throughout the organisation's structures, processes, and people.

7.4.2

The organisation shall ensure that the governing body, senior leadership, and management demonstrate active, visible, consistent, and sustained commitment to sustainability values and objectives — both in formal governance processes and in day-to-day decisions and conduct. Leadership behaviour shall be consistent with the organisation's stated sustainability commitments. A gap between espoused values and observed leadership behaviour is a non-conformity against this clause.

7.4.3

The organisation shall actively encourage behaviours that support sustainability goals, and actively prevent and not tolerate behaviours that undermine the CSMS, its policies, or the organisation's sustainability commitments. Consequences for sustainability-related misconduct or wilful disregard of sustainability obligations shall be applied consistently and proportionately regardless of seniority.

7.4.4

The organisation shall integrate sustainability culture into standard organisational processes including: new employee induction, establishing sustainability values and conduct expectations from the first day of employment; regular internal communications reinforcing sustainability conduct standards; performance management systems that assess sustainability behaviour alongside financial and operational performance; and formal recognition of exemplary sustainability conduct.

7.4.5

The organisation shall measure sustainability culture at intervals not exceeding 24 months, using employee surveys, culture assessments, or equivalent tools capable of providing a reliable indicator of whether sustainability values are understood, believed, and acted upon at all levels of the organisation. Report culture measurement results to senior leadership and the governing body.

7.4.6

The organisation shall where culture measurement or other evidence identifies a material gap — including disconnect between stated sustainability values and observed management behaviour, low employee belief in the genuineness of sustainability commitments, or evidence that sustainability-related misconduct is being tolerated — develop and implement a documented culture improvement plan with defined actions, responsible owners, and target timelines.

7.5.1

The organisation shall establish and maintain the following sustainability governance principles as non-negotiable conditions of the CSMS: (a) Direct access — the sustainability function shall have direct access to the governing body, including the ability to report concerns directly to the governing body or its designated committee without interference from or clearance by line management; (b) Independence — the sustainability function shall operate free from undue interference, pressure, or conflicts of interest from any business unit or individual whose activities it is responsible for overseeing; (c) Authority — the sustainability function shall have authority commensurate with its responsibilities, including authority to raise sustainability concerns at the highest governance level and to direct corrective action across organisational functions.

7.5.2

The organisation shall formally approve the sustainability policy under Clause 10.1 at governing body level. Governing body approval establishes joint governance accountability between the board and executive management for the organisation's sustainability commitments. The sustainability policy shall not be issued, materially amended, or withdrawn without governing body approval.

7.5.3

The organisation shall ensure that material sustainability failures are reported to the governing body promptly and without deferral to the next scheduled reporting cycle. Events requiring immediate governing body notification include: material regulatory breaches or enforcement actions; discoveries of sustainability data manipulation or misrepresentation; substantive allegations of sustainability-related misconduct involving senior personnel; findings that would require material restatement of published sustainability disclosures; and significant OHS incidents resulting in fatality or serious injury.

7.5.4

The organisation shall actively exercise oversight of the CEO and senior leadership team's management of the CSMS by: formally assessing CEO sustainability performance against documented performance objectives at the annual performance review; holding the CEO accountable for the achievement of material CSMS objectives and for the timely escalation of material sustainability failures; and ensuring that identified corrective actions are implemented within defined timeframes.

7.5.5

The organisation shall review and confirm at intervals not exceeding 24 months that the organisation's remuneration structures, performance incentives, and commercial targets do not create pressure that works against the organisation's sustainability commitments or the requirements of this standard. Executive remuneration shall include a sustainability performance component for the CEO and, where appropriate, other senior executives, proportionate to the organisation's CSMS scope and sustainability ambition.

7.5.6

The organisation shall actively develop the governing body's collective sustainability competence through: structured sustainability education or briefings for all governing body members at intervals not exceeding 24 months; access to independent external sustainability expertise to support the governing body's oversight function; regular briefings on material developments in sustainability regulation, stakeholder expectations, and management practice relevant to the organisation's material topics; and periodic self-assessment of the governing body's sustainability governance effectiveness.

7.5.7

The organisation shall include sustainability as a standing agenda item at governing body meetings at intervals not exceeding 6 months, with substantive discussion of CSMS performance, material risks, and strategic sustainability developments. All material sustainability decisions made by the governing body — including changes to sustainability scope, approval of major resource allocation for sustainability, and responses to material sustainability incidents — shall be formally documented in governing body minutes or equivalent records.

8.1.1

The organisation shall establish documented sustainability objectives for each material topic with assigned ownership, defined timeframes, and explicit alignment to the sustainability policy and materiality assessment.

8.1.2

The organisation shall develop objectives through cross-functional involvement, engaging subject-matter experts from relevant business functions for each material topic, and reference applicable reporting framework requirements when defining objectives.

8.1.3

The organisation shall cascade objectives to relevant business units and functions with documented implementation plans and resource requirements, review all objectives at intervals not exceeding 12 months, and update them where context, stakeholder expectations, or risk assessments have changed materially.

8.2.1

The organisation shall express sustainability objectives as SMART goals — specific, measurable, achievable, relevant, and time-bound — with documented baselines, target values, measurement methodology, data quality controls, and assigned data owners.

8.2.2

The organisation shall track SMART goal performance at intervals not exceeding quarterly and report status to the responsible function owner, with a documented corrective action plan for any goal at risk of not being achieved within the defined timeframe.

8.2.3

The organisation shall apply anti-greenwashing discipline to all SMART goals by defining them with sufficient specificity to be objectively verifiable, documenting the evidence base that will be used to confirm achievement, and avoiding goals that rely on vague qualifiers or that cannot be independently tested.

8.3.1

The organisation shall define success criteria for the CSMS overall, articulating what constitutes programme success from the perspective of each key stakeholder group, and communicate these to senior leadership as the governing framework for programme evaluation.

8.3.2

The organisation shall maintain documented success criteria for each material sustainability topic, incorporate success criteria evaluation into the annual management review, and assess and report on the degree to which criteria have been met or missed.

8.4.1

The organisation shall for each sustainability objective and SMART goal established under Clauses 8.1 and 8.2, define and document a set of concrete actions specifying: what will be done; who is responsible for each action; what resources — financial, human, and technological — are required; when each action will be completed; and how the completion of the action will be measured. Actions shall be sufficiently specific and time-bound to be verifiable at the management review.

8.4.2

The organisation shall consolidate all documented actions into an annual sustainability action plan, covering all material topics and all sections of the CSMS, and ensure the action plan is consistent with the controls and risk assessment under Clause 6.7 and the resource allocation under Clause 9.5. The annual action plan shall be reviewed and approved by senior leadership and presented to the governing body as part of the management review process under Clause 12.2.

8.4.3

The organisation shall monitor progress against documented actions as part of the KPI tracking process under Clause 12.2 and report action status — on track, at risk, or overdue — to management at each programme review under Clause 12.3 and to the sustainability function at each sustainability function review under Clause 12.6.

8.4.4

The organisation shall where an action is not completed within the planned timeframe, assess whether the non-completion creates a risk to achievement of the related sustainability objective, and either: (a) revise the timeline with documented justification and approval by the responsible owner and their manager; or (b) initiate a corrective action under Clause 14.2 where the delay is attributable to a control failure or resource shortfall that itself represents a non-conformity with this standard.

8.5.1

The organisation shall where the organisation determines the need to change the CSMS — including changes to scope, material topics, objectives, governance structure, operational controls, or reporting approach — carry out those changes in a planned and controlled manner before implementation.

8.5.2

The organisation shall when planning any CSMS change, consider and document: the purpose of the change and its potential consequences for the ongoing effectiveness and integrity of the system; the availability of resources required to implement the change; and the allocation or reallocation of responsibilities and authorities resulting from the change.

8.5.3

The organisation shall communicate planned material changes to the CSMS to all affected personnel and relevant stakeholders before implementation, and review the effectiveness of each material change at the next management review cycle under Clause 12.2.

9.1.1

The organisation shall designate a senior individual as owner of the CSMS with documented authority to establish, implement, monitor, and report on the programme, assign topic-level ownership for each material sustainability topic to a named functional lead, and document the programme owner's reporting line and access to the CEO and governing body.

9.1.2

The organisation shall establish a cross-functional sustainability governance structure (committee, working group, or equivalent) with documented terms of reference, meeting frequency, decision-making authority, and reporting line to senior leadership.

9.1.3

The organisation shall review the sustainability governance structure annually and confirm it remains adequate given the organisation's size, CSMS scope, and programme maturity.

9.2.1

The organisation shall document sustainability roles and responsibilities for all functions with material CSMS involvement, specifying for each role the specific responsibilities, authority to act, and interface with other roles, and include sustainability responsibilities in relevant position descriptions.

9.2.2

The organisation shall maintain a current CSMS responsibility matrix reviewed at intervals not exceeding 12 months, ensure each role has commensurate authority to discharge its responsibilities, and integrate sustainability responsibilities into performance management frameworks for roles with material CSMS accountabilities.

9.3.1

The organisation shall define competence requirements for all persons in CSMS roles covering: sustainability programme knowledge, relevant ISO standard familiarity, stakeholder engagement skills, data management capability, and sector-specific sustainability expertise, including the ability to drive programme delivery across functions without direct line authority.

9.3.2

The organisation shall maintain documented evidence of competence for all persons in CSMS roles, address identified competence gaps through training, development, or appointment, and conduct a formal competence assessment at intervals not exceeding 24 months.

9.4.1

The organisation shall communicate to all personnel their individual accountability for CSMS performance within their role, document the consequences of failing to meet sustainability obligations, policies, or procedures, and embed sustainability accountability in performance appraisal, disciplinary, and escalation protocols.

9.4.2

The organisation shall operate documented mechanisms for personnel to raise sustainability concerns and report potential non-conformities without fear of retaliation, and ensure that accountability for sustainability performance is maintained when activities are outsourced or delivered through third parties.

9.5.1

The organisation shall determine and provide the human, technical, and financial resources needed for the establishment, implementation, maintenance, and continual improvement of the CSMS, ensuring that resource allocation is reviewed at each management review cycle and that identified resource gaps are addressed through documented action plans.

9.5.2

The organisation shall ensure that resources allocated to the CSMS are proportionate to the scope, complexity, and material risk profile of the programme, and that resource constraints do not prevent the organisation from satisfying the requirements of SPK CSMS1000:2026.

9.5.3

The organisation shall document CSMS resource requirements, including: sustainability function headcount and competence profile; technology and data management systems; external service provision; training budget; and financial budget for sustainability initiatives and programme delivery.

10.1.1

The organisation shall establish, document, and communicate a sustainability policy that: commits to meeting all applicable legal and regulatory compliance obligations; commits to meaningful stakeholder engagement; commits to continual improvement of the CSMS; is approved by the governing body and signed by the CEO or equivalent; is written in plain language accessible to all personnel; and is reviewed and reapproved by the governing body at intervals not exceeding 24 months.

10.1.2

The organisation shall ensure the sustainability policy addresses all material ESG dimensions and is supported by topic-specific operational policies for each material domain.

10.1.3

The organisation shall make the sustainability policy publicly available and demonstrate through management review records that the policy drives documented management decisions.

10.2.1

The organisation shall document and communicate guiding principles for the corporate sustainability programme, articulating the values and ethical standards the organisation applies across material ESG topics, reference these principles in the code of conduct and sustainability policy, and embed them in key external-facing documents.

10.2.2

The organisation shall develop guidelines that translate guiding principles into practical direction for specific sustainability topics, review principles and guidelines at intervals not exceeding 24 months, and demonstrate through governance records how principles have influenced operational decisions.

10.3.1

The organisation shall document procedures for all key business processes with material ESG relevance, including at minimum: vendor and supplier onboarding incorporating anti-bribery, ethical dealing, and ESG qualification criteria; employee hiring and HR management incorporating equal employment opportunity, diversity, and conflict of interest; health and safety operational processes; and data handling and protection.

10.3.2

The organisation shall maintain current, accessible, and controlled procedures for all material ESG-relevant processes with version control and documented review, and review procedures at intervals not exceeding 12 months to confirm they reflect current policy, obligations, and risk assessment outputs.

10.4.1

The organisation shall establish, document, and maintain a CSMS control framework that identifies, designs, and operates the controls required to implement the actions under Clause 8.4, achieve the sustainability objectives under Clause 8.1, and manage the risks and gaps identified in the controls and risk assessment under Clause 6.7. The control framework shall cover each material sustainability topic and shall specify for each control: the control objective; the control type (preventive, detective, or corrective); the control owner; the operating frequency; and the evidence produced. Controls shall be proportionate to the significance and urgency of the risks and gaps they address.

10.4.2

The organisation shall establish and operate financial controls that integrate sustainability into the organisation's financial management processes, including: sustainability budget allocation and approval processes ensuring dedicated funding for material CSMS actions and objectives; capital expenditure evaluation criteria that incorporate sustainability risk, lifecycle environmental cost, and ESG considerations in investment decisions; cost tracking for sustainability initiatives sufficient to demonstrate resource deployment against each material objective; and financial authorisation controls ensuring that material sustainability expenditure and commitments are approved at the appropriate level of authority.

10.4.3

The organisation shall establish and operate operational controls that govern the sustainability performance of the organisation's day-to-day activities, processes, and outputs. Operational controls shall address each material sustainability domain — environmental management (Clause 10.5), GHG emissions (Clause 10.6), energy (Clause 10.7), occupational health and safety (Clause 10.8), compliance and anti-bribery (Clause 10.9), social responsibility (Clause 10.10), circular economy (Clause 10.12) — and shall include documented procedures, work instructions, engineering controls, administrative controls, and monitoring mechanisms appropriate to each domain. Where ISO management system standards apply to a domain, the controls for that domain shall be designed to meet the requirements of the applicable standard.

10.4.4

The organisation shall establish and operate procurement controls that embed sustainability requirements into the organisation's purchasing and supplier selection processes, including: sustainability qualification criteria incorporated into supplier onboarding and approval processes for all material spend categories; supplier code of conduct requirements communicated to all material suppliers and incorporated into material contracts; sustainability-specific clauses in contracts with high-risk suppliers covering human rights, environmental standards, anti-bribery, and compliance; and procurement approval controls that require sustainability criteria to be assessed before committing material expenditure.

10.4.5

The organisation shall establish and operate supply chain controls that manage sustainability risks across the organisation's upstream and downstream value chain, including: a supply chain risk assessment identifying high-risk supplier categories, geographies, and commodities based on the risk assessment under Clause 6.7; a supplier due diligence programme proportionate to identified supply chain risk, covering at minimum human rights, forced labour, environmental compliance, and anti-bribery; a supplier audit or assessment programme for material high-risk suppliers; and a documented process for addressing identified supplier non-compliance, including escalation, remediation timelines, and, where remediation is not achieved, exit processes.

10.4.6

The organisation shall establish and operate Internal Controls over Sustainability Reporting (ICSR) — the data governance controls that ensure the accuracy, completeness, and consistency of all sustainability data used in performance management, internal reporting, and external disclosure. ICSR shall cover: documented data collection procedures and responsibilities for each material KPI; calculation methodology documentation and version control; data validation and independent review processes before data is used in internal or external reporting; reconciliation controls connecting reported figures to source systems and records; and change control procedures governing updates to calculation methodologies or data sources. ICSR controls shall be designed to meet the requirements of a limited assurance engagement as a minimum, and shall be tested as part of the internal audit programme under Clause 12.4.

10.4.7

The organisation shall establish and operate people controls that govern sustainability-relevant human behaviour across the organisation, including: new employee induction processes that communicate sustainability values, conduct standards, and individual responsibilities from the first day of employment; performance management processes that assess and hold accountable individuals at all levels — including senior leaders and executives — for their sustainability conduct and the sustainability outcomes within their area of responsibility; training and competency controls ensuring personnel with material sustainability responsibilities have the knowledge, skills, and authorisations required; and speak-up controls ensuring all personnel have access to a confidential reporting channel for sustainability-related concerns under Clause 10.9.

10.4.8

The organisation shall test and review the CSMS control framework at intervals not exceeding 12 months, verifying that controls are designed appropriately and operating effectively. Control testing shall identify control failures — instances where a control did not operate as designed — and control gaps — material sustainability risks or requirements not adequately addressed by existing controls. All identified control failures and material gaps shall be addressed through the corrective action process under Clause 14.2 with documented remediation plans, responsible owners, and target closure dates. The results of control testing shall be reported to senior leadership and used as input to the management review under Clause 12.3 and the sustainability function review under Clause 12.6.

10.5.1

The organisation shall identify and document significant environmental aspects and impacts across operations, products, and services — including energy, water, waste, emissions, land use, and biodiversity where material — establish operational controls for significant aspects, and document applicable environmental legal obligations.

10.5.2

The organisation shall maintain documented environmental objectives and action plans for all significant aspects, conduct compliance evaluations against applicable environmental legal requirements at intervals not exceeding 12 months, and track environmental KPIs.

10.6.1

The organisation shall select and document the GHG accounting and reporting methodology the organisation will apply: either (a) the GHG Protocol Corporate Accounting and Reporting Standard (GHG Protocol), which classifies emissions as Scope 1 (direct), Scope 2 (energy indirect), and Scope 3 (all other indirect); or (b) ISO 14064-1:2018, which classifies emissions as Category 1 (direct), Category 2 (energy indirect), and Categories 3–6 (other indirect). Both methodologies cover equivalent emission categories and are equally acceptable under this standard. The selected methodology shall be applied consistently across reporting periods and any change of methodology shall be documented with a restatement of prior-period data where material.

10.6.2

The organisation shall quantify and manage GHG emissions across all emission categories of the selected methodology — encompassing direct emissions, energy indirect emissions, and all other indirect emissions across the value chain. For the value chain indirect category (GHG Protocol Scope 3 or ISO 14064-1 Categories 3–6), conduct a documented screening assessment of all fifteen Scope 3 categories defined by the GHG Protocol Corporate Value Chain (Scope 3) Accounting and Reporting Standard to identify material categories, and calculate and report all material categories. Document the organisational and operational boundary, base year, emission source inventory, emission factors and their sources, and the calculation methodology applied. Report Category 2 / Scope 2 emissions using both market-based and location-based methods.

10.6.3

The organisation shall establish a documented GHG reduction objective expressed as a SMART goal under Clause 8.2, covering all material emission categories. Track year-on-year emission trends, maintain a GHG data quality assessment documenting uncertainty by category, and ensure all GHG data is subject to the ICSR controls under Clause 10.4. Where the organisation seeks independent verification of its GHG inventory — whether under a voluntary programme, regulatory requirement, or as part of a sustainability report assurance engagement — verification shall be conducted in accordance with ISO 14064-3:2019, which applies as the verification standard regardless of whether the GHG Protocol or ISO 14064-1 was used as the underlying accounting methodology.

10.7.1

The organisation shall establish and maintain a comprehensive energy consumption inventory covering all energy types consumed across the organisation's material operations: grid electricity; natural gas; diesel, fuel oil, and LPG; district heat and steam; on-site renewable generation; and any other significant energy source. The inventory shall distinguish between energy derived from fossil fuels and energy derived from renewable or low-carbon sources, and shall establish a documented energy performance baseline from which improvement is measured. The inventory shall be updated at least annually and

whenever significant changes in operations or facilities occur.

10.7.2

The organisation shall identify and document the organisation's Significant Energy Uses (SEUs) — the energy uses that account for a substantial proportion of total energy consumption and those with significant potential for improvement. For each SEU, document the current consumption, the variables affecting consumption, the relevant personnel and equipment, and the current performance level. SEU analysis shall be the primary basis for prioritising energy management resources and action.

10.7.3

The organisation shall develop and implement a documented energy strategy that: (a) applies the energy hierarchy — demand reduction and efficiency improvement are addressed before source substitution; (b) sets a direction of travel away from fossil fuel dependency across all energy types including electricity, heating, cooling, and process energy; (c) establishes targets for the proportion of energy from renewable or low-carbon sources, with a trajectory that is at minimum consistent with the organisation's GHG reduction objectives under Clause 10.6 and any applicable science-based targets; and (d) identifies specific transition milestones for replacing fossil-fuel-dependent systems or energy contracts with renewable or low-carbon alternatives over a defined timeframe. The energy strategy shall be reviewed by senior leadership at each management review under Clause 12.3 and shall be updated whenever material changes in the energy landscape, regulatory requirements, or the organisation's GHG objectives occur.

10.7.4

The organisation shall establish and operate an energy efficiency improvement programme that systematically identifies, evaluates, prioritises, and implements opportunities to reduce energy demand before substituting energy sources. The programme shall include: an energy opportunity assessment conducted at intervals not exceeding three years, or more frequently where operations change materially; documented improvement opportunities with estimated energy and cost savings; implementation plans with responsible owners and target completion dates; and tracking of actual energy savings achieved against estimated savings. Energy efficiency requirements shall be incorporated into the design of new facilities, the specification of new equipment and systems, and the evaluation criteria for capital investment decisions. The organisation shall not install fossil-fuel-dependent systems — including gas boilers, fossil-fuel heating, and combustion-based process equipment — where commercially viable low-carbon or renewable alternatives are available.

10.7.5

The organisation shall develop and implement a renewable and low-carbon energy procurement plan addressing all significant energy types, including: a plan to source electricity from renewable origins through direct power purchase agreements (PPAs), renewable energy certificates (RECs), guarantees of origin, or utility green tariffs, with documented coverage targets and timeframes; assessment of the feasibility of on-site renewable energy generation for material facilities; and a roadmap for transitioning fossil-fuel heating, cooling, and process energy to electrification or other low-carbon alternatives as technology and commercial viability allow. Renewable energy procurement shall be reflected in the market-based Scope 2 reporting under Clause 10.6, and the distinction between renewable and fossil-derived energy shall be documented and auditable.

10.7.6

The organisation shall establish documented Energy Performance Indicators (EnPIs) appropriate to the organisation's energy profile and significant energy uses, including at minimum: total energy consumption by type and source; proportion of energy from renewable or low-carbon sources; energy intensity (energy per unit of output or activity) for each significant energy use; and year-on-year performance trend. EnPIs shall be expressed as SMART goals under Clause 8.2, tracked at intervals not exceeding 12 months, and reported in the sustainability report under Clause 13.2. Progress against the energy strategy and renewable energy targets shall be reported to the governing body at each governing body review under Clause 12.2.

10.8.1

The organisation shall document significant OHS hazards and legal obligations, have an OHS policy, and apply the hierarchy of controls when determining appropriate risk controls, in the following priority order: (a) elimination of the hazard; (b) substitution with a less hazardous process, operation, material, or equipment; (c) engineering controls; (d) administrative controls including safe work procedures and training; (e) personal protective equipment. Document the hierarchy of controls applied for each significant OHS hazard.

10.8.2

The organisation shall establish and maintain documented processes for worker participation and consultation on OHS matters, including: participation in hazard identification, risk assessment, and incident investigation; involvement in OHS objective-setting and determination of required controls; consultation before implementing changes that affect worker health and safety; and participation in an OHS committee or equivalent representative mechanism where applicable. Ensure that workers are not subject to reprisals, intimidation, or discrimination for raising OHS concerns, participating in OHS investigations, or refusing work they reasonably believe presents an imminent and serious danger.

10.8.3

The organisation shall track OHS KPIs including total recordable incident rate (TRIR), lost time injury frequency rate (LTIFR), and near-miss reporting rate, maintain emergency response plans for material OHS incidents and test them at defined intervals, and document OHS performance in the management review.

10.9.1

The organisation shall have a documented code of ethics and conduct, an anti-bribery policy, a speak-up or whistleblowing channel accessible to all personnel and relevant third parties that accepts anonymous reports and protects reporters from retaliation, and a documented process for investigating reported concerns, conducted independently and without conflicts of interest.

10.9.2

The organisation shall have systematic compliance management controls including a documented compliance function with defined authority, a current obligations register, compliance and bribery risk assessments at intervals not exceeding 24 months, compliance training for personnel in high-risk roles, and compliance KPIs reported to senior leadership.

10.9.3

The organisation shall conduct anti-bribery and corruption due diligence on material third parties using a documented methodology proportionate to assessed risk, and monitor speak-up channel effectiveness through documented metrics.

10.10.1

The organisation shall identify material social responsibility topics including human rights in operations and supply chains, labour practices, diversity and inclusion, community impact, and data privacy, and document applicable controls and objectives.

10.10.2

The organisation shall conduct human rights due diligence in accordance with the UN Guiding Principles on Business and Human Rights, maintain a supplier code of conduct, conduct social risk assessments for material suppliers, and have documented remediation processes for identified social compliance issues.

10.11.1

The organisation shall where the organisation uses AI systems in operations, sustainability data management, or sustainability reporting, document the systems in use, identify associated risks including accuracy, bias, transparency, and environmental impact, assign governance responsibility, and have a documented AI policy and governance framework with risk assessments for material AI systems reported to senior leadership at intervals not exceeding 12 months.

10.12.1

The organisation shall identify and document the organisation's material input flows and output flows across operations, products, and services, including at minimum: virgin raw material consumption by category; recycled and recovered content used; energy inputs by source; water withdrawal and discharge; packaging materials; and waste generated by type and disposal route (reuse, repair, remanufacturing, recycling, recovery, landfill, and incineration). Calculate the organisation's circular material use rate using the Global Circularity Protocol methodology or equivalent recognised circularity measurement framework.

10.12.2

The organisation shall assess the organisation's current business model for circular economy alignment, evaluating the extent to which the design of products, services, packaging, and operational processes incorporates circular strategies including: design for longevity, repairability, and disassembly; substitution of virgin materials with recycled, recovered, or bio-based alternatives; extended producer responsibility and product take-back schemes; product-as-a-service, leasing, or sharing models; and closed-loop material recovery within operations and across the supply chain.

10.12.3

The organisation shall establish documented circular economy objectives aligned with the sustainability objectives under Clause 8.1, targeting measurable improvement in at least one of the following: circular material use rate; waste diversion rate from landfill and incineration; recycled or recovered content in products or packaging; product lifetime extension; or adoption of circular business model revenues as a proportion of total revenue. Objectives shall be expressed as SMART goals under Clause 8.2.

10.12.4

The organisation shall engage material suppliers and value chain partners on circular economy requirements, assessing and preferring suppliers who demonstrate: use of recycled or recovered content; participation in take-back or closed-loop return schemes; design for circularity in supplied components or packaging; and transparency on their own material flows. Circular economy supplier expectations shall be incorporated into the supplier code of conduct under Clause 10.10.

10.12.5

The organisation shall measure and report the organisation's circular economy performance using the Global Circularity Protocol disclosure framework or equivalent recognised standard, including at minimum: total material input consumption; circular material use rate; waste diversion rate; and progress against circular economy SMART goals. Circular economy performance data shall be subject to the same data quality controls as other material sustainability KPIs under Clause 10.4.

10.13.1

The organisation shall establish, implement, and maintain a documented process for investigating reported or suspected instances of CSMS non-conformity, sustainability incidents, data quality failures, and sustainability-related misconduct. Investigation reporting channels shall be visible and accessible throughout the organisation, shall maintain confidentiality of reports where required, shall accept reports from any personnel or relevant third party, and shall protect those making reports from retaliation.

10.13.2

The organisation shall ensure all CSMS investigations are conducted independently and without conflicts of interest, by personnel with documented competence appropriate to the subject matter, using a fair and impartial decision-making process free from interference by any personnel with an interest in the outcome.

10.13.3

The organisation shall document investigation findings, identified root causes, the organisation's response, corrective actions implemented, and any consequential changes made to the CSMS as a result of investigation outcomes.

10.13.4

The organisation shall report to senior leadership and the governing body on the number, nature, and outcomes of CSMS investigations at intervals not exceeding 12 months, and use investigation outcomes as a mandatory input to the management review under Clause 12.3 and the continual improvement process under Clause 14.1.

10.14.1

The organisation shall identify all CSMS processes, activities, and functions that are provided externally or outsourced, including at minimum: sustainability data collection and calculation services, third-party internal audit delivery, externally managed speak-up or whistleblowing platforms, contracted training delivery, and external sustainability assurance or advisory services.

10.14.2

The organisation shall ensure that outsourcing a CSMS activity does not relieve the organisation of its responsibility to satisfy the requirements of SPK CSMS1000:2026. All externally provided CSMS processes shall operate under the organisation's governance and quality controls.

10.14.3

The organisation shall establish and maintain documented controls for all externally provided CSMS processes, including: selection and qualification of external providers against defined capability and independence requirements; contractual obligations for compliance with applicable SPK CSMS1000:2026 requirements; monitoring and periodic review of external provider performance against defined criteria; and defined escalation and termination rights where provider performance is inadequate.

11.1.1

The organisation shall develop and deliver awareness activities informing all relevant personnel of the sustainability policy, material topics, and programme objectives, document each activity including target audience, content, delivery method, and number reached, and measure awareness levels using before-and-after assessment or equivalent methodology at intervals not exceeding 12 months.

11.1.2

The organisation shall track awareness levels as an ongoing programme metric and use awareness measurement results to update the communications strategy.

11.2.1

The organisation shall develop and document a sustainability communications plan covering what will be communicated, target audiences, channels, frequency, and success criteria for each material communication activity, covering both internal and external audiences.

11.2.2

The organisation shall deliver regular multi-channel sustainability communications, subject all external public sustainability claims to anti-greenwashing review confirming they are substantiated by documented evidence and consistent with programme data before publication, and measure the effectiveness of each material communication against pre-defined success criteria.

11.3.1

The organisation shall deliver sustainability training to all personnel in roles with material CSMS responsibilities, appropriate to the role and its sustainability risk exposure, maintain training records as documented information, and define training objectives and effectiveness measurement criteria for each training programme.

11.3.2

The organisation shall develop a documented sustainability training curriculum covering all material ESG topics with defined audience segments, delivery methodology, and frequency, review and update it annually, assess training effectiveness beyond attendance including knowledge change and behaviour impact, and extend training requirements to high-risk third parties.

12.1.1

The organisation shall establish and implement monitoring processes for all material sustainability KPIs with documented monitoring methods, frequency, data sources, and responsible parties, using both leading indicators (predictive) and lagging indicators (outcome), with monitoring data forming the primary evidence base for the sustainability report and management reviews.

12.2.1

The organisation shall document KPIs for all material sustainability topics with defined metrics, data sources, collection methodology, data owners, reporting frequency, and baseline values, and collect performance data at intervals appropriate to each KPI.

12.2.2

The organisation shall operate an ESG performance dashboard or equivalent tracking system displaying KPI status against SMART goals and benchmarks for programme management and senior leadership, with data subject to documented quality controls and accessible to the governing body in a format appropriate for their oversight function.

12.3.1

The organisation shall conduct structured programme reviews at each of the following three levels at intervals not exceeding 12 months: (a) employee review — gathering employee perspective on programme effectiveness using surveys, focus groups, or equivalent tools, with documented findings and management response; (b) management review — holistic evaluation of performance against SMART goals, budget utilisation, stakeholder satisfaction, and required programme changes; (c) governing body review — board-level assessment of sustainability risk profile, strategic performance, and the programme's contribution to enterprise value. Each level of review shall be supported by documented inputs and shall produce documented outputs and decisions.

12.3.2

The organisation shall ensure the management review incorporates as mandatory inputs: the conclusions and recommendations of the sustainability function review under Clause 12.6; internal audit findings and corrective action trends under Clause 12.5; monitoring and KPI performance data under Clauses 12.1 and 12.2; non-conformity and corrective action trends under Clause 14.2; outcomes of CSMS effectiveness assessments under Clause 12.4; the status of actions from previous management reviews; changes in external and internal context under Clause 5.1; and stakeholder feedback under Clause 6.1.

12.3.3

The organisation shall document review outputs at all three levels, consolidate findings into integrated programme priorities for the following cycle, and ensure governing body reviews address: the adequacy, independence, and authority of the sustainability function under Clause 7.5; the quality and reliability of sustainability data; speak-up system effectiveness under Clause 10.9; status of ISO management system certifications under Clause 13.5; and material conclusions from the sustainability function review under Clause 12.6.

12.4.1

The organisation shall conduct a CSMS effectiveness assessment at intervals not exceeding three years, or more frequently where the management review under Clause 12.3 identifies material concerns about the CSMS's fitness for purpose. The effectiveness assessment is distinct from and serves a different purpose to the internal audit under Clause 12.5, the management review under Clause 12.3, and the sustainability function review under Clause 12.6: it asks not whether requirements are being met (internal audit), not what performance data shows (management review), and not what the sustainability function concludes about its own system (sustainability function review) — but whether the CSMS as a whole is genuinely working: embedded in operational practice, producing authentic sustainability outcomes, trusted by stakeholders, and fit for the organisation's current and foreseeable context.

12.4.2

The organisation shall ensure the CSMS effectiveness assessment evaluates the following dimensions: (a) integration — the degree to which sustainability management is embedded into operational processes, financial decisions, procurement, and supply chain rather than maintained as a parallel sustainability function activity; (b) culture — whether the sustainability culture under Clause 7.4 is authentic and observable in leadership behaviour and operational practice, or primarily aspirational; (c) data quality — the reliability and integrity of the sustainability data generated by the CSMS, assessed against the ICSR controls under Clause 10.4; (d) outcomes — whether the CSMS is producing measurable improvement in sustainability performance against the objectives under Clause 8.1 and the controls and risk assessment under Clause 6.7; and (e) external relevance — whether the CSMS scope, objectives, and material topics remain appropriate given changes in the organisation's context, regulatory environment, and stakeholder expectations.

12.4.3

The organisation shall ensure the effectiveness assessment is conducted by assessors with sufficient independence from day-to-day operation of the CSMS to provide an objective evaluation. This independence requirement may be met by qualified external assessors, by an internal audit team operating independently from the sustainability function, or by a structured multi-disciplinary internal panel including finance, legal, HR, operations, and supply chain representation. The assessment approach and assessor qualifications shall be documented. Where external assessors are engaged, they shall have demonstrated competence in sustainability management systems and the domains material to the organisation.

12.4.4

The organisation shall produce a documented effectiveness assessment report presenting conclusions on each dimension assessed, identifying systemic strengths, systemic weaknesses, and improvement priorities. The report shall distinguish between issues of conformity with SPK CSMS1000:2026 requirements (which are managed through the corrective action process under Clause 14.2) and issues of effectiveness that fall within the requirements but represent opportunities for material improvement. The report shall be presented to senior leadership and the governing body, and shall form a primary input to the continual improvement plan under Clause 14.1 and the management review under Clause 12.2.

12.5.1

The organisation shall establish, implement, maintain, and continuously improve an internal audit programme for the CSMS, aligned with ISO 19011:2018 Guidelines for auditing management systems. The audit programme shall: define audit programme objectives; determine the extent of the programme — including frequency, type, number, and duration of audits — based on the scope, size, and complexity of the CSMS, the results of previous audits, and the relative risk profile of different CSMS domains; define responsibilities for managing the programme; and ensure adequate resources, including competent auditors, are available for the programme's effective implementation.

12.5.2

The organisation shall plan each audit within the programme before commencement by defining: the audit objectives, scope, and criteria; the audit methodology (document review, interviews, observation, data testing, or combined approach); the audit plan including timeline, activities, and logistics; auditor assignments including the lead auditor and any specialist team members; and any specific areas requiring domain expertise (e.g. GHG calculation methodology, OHS risk assessment, or financial controls). The audit plan shall be communicated to auditees and confirmed as adequate before the audit commences.

12.5.3

The organisation shall select auditors for each CSMS internal audit based on: demonstrated competence in sustainability management systems and the specific CSMS domain being audited; demonstrated familiarity with audit methodology consistent with ISO 19011:2018, including evidence collection, finding generation, and reporting; and independence from the function, process, or activity being audited, such that objectivity is maintained and conflicts of interest are avoided. An auditor who has designed, implemented, or operates the controls being audited may not audit those controls.

12.5.4

The organisation shall conduct each audit in accordance with the audit plan, including: an opening meeting to confirm scope, objectives, criteria, and methodology with relevant management and auditees; systematic collection and objective evaluation of audit evidence through interviews, observation of activities, review of documented information, and sampling of records and data; generation of audit findings supported by documented evidence; development of audit conclusions assessing the degree to which audit criteria are fulfilled; and a closing meeting at which audit findings and conclusions are presented to management before the audit report is finalised.

12.5.5

The organisation shall prepare a documented audit report for each audit, containing at minimum: the audit objectives, scope, criteria, and methodology; the audit team composition and dates of activities; the audit findings categorised as major non-conformities, minor non-conformities, and observations; and the overall audit conclusions. The audit report shall be distributed to senior leadership, the sustainability function, and the management of each function audited, within a defined and documented timeframe following completion of the audit.

12.5.6

The organisation shall include sustainability data quality as a defined audit domain within every annual audit programme cycle, specifically testing the accuracy, completeness, and consistency of material CSMS performance data, the operation of ICSR controls under Clause 10.4, and the traceability of reported figures from source data to disclosed output.

12.5.7

The organisation shall ensure that all non-conformities identified in internal audits are addressed through the corrective action process under Clause 14.2, with documented corrective action plans, responsible owners, and target closure dates assigned before the audit record is considered complete. The lead auditor or a designated independent reviewer shall verify the effectiveness of each corrective action before the non-conformity is formally closed.

12.5.8

The organisation shall review the audit programme at each management review cycle under Clause 12.3, considering the findings, non-conformity trends, and corrective action status from the preceding cycle, changes to the CSMS scope or material risk profile, and any new sustainability topics or regulatory requirements, and update the programme's objectives, scope, and frequency accordingly.

12.6.1

The organisation shall conduct and document a formal sustainability function review of the CSMS at intervals not exceeding 12 months. The sustainability function review is conducted by or under the direction of the sustainability function (CSO or equivalent), is distinct from the management review under Clause 12.3 and from the internal audit under Clause 12.5, and represents the sustainability function's own assessment of whether the CSMS remains suitable, adequate, and effective for the organisation's current context and obligations.

12.6.2

The organisation shall ensure the sustainability function review considers the following inputs in full: the status and implementation of actions arising from the previous sustainability function review; changes in the organisation's context, material topics, important sustainability topics, and stakeholder expectations under Clauses 5.1, 6.1, and 6.2; changes in the obligations register under Clause 6.6; updates to the risk assessment under Clause 6.7; the performance of the CSMS against SMART goals and KPIs from the monitoring system under Clauses 12.1 and 12.2; the findings, non-conformity trends, and corrective action status from internal audits under Clause 12.5; non-conformity and corrective action data from Clause 14.2; stakeholder feedback and complaints; and any material sustainability incidents under Clause 10.13.

12.6.3

The organisation shall ensure the sustainability function review produces documented conclusions addressing: whether the sustainability policy remains appropriate and whether it is being followed in practice; whether the CSMS scope remains adequate to address all important and material sustainability topics; whether resources allocated to the CSMS are sufficient for the function to discharge its responsibilities under Clause 9.5; whether the governance arrangements including direct access, independence, and authority under Clause 7.5 are operating effectively; and a formal assessment of CSMS suitability, adequacy, and effectiveness against the requirements of this standard.

12.6.4

The organisation shall report the conclusions and recommendations of the sustainability function review to senior leadership within a defined timeframe following completion of the review, and — where conclusions identify material CSMS weaknesses, resource inadequacies, governance failures, or risks of significant non-compliance — escalate directly to the governing body under the direct access principle in Clause 7.5 without deferral to the scheduled management review cycle.

12.6.5

The organisation shall use the documented conclusions of the sustainability function review as a mandatory primary input to: the management review under Clause 12.3; the continual improvement plan under Clause 14.1; and any corrective actions under Clause 14.2 arising from identified CSMS failures. The sustainability function review report shall be retained as documented information and made available to internal auditors and, where required, to external assessors.

13.1.1

The organisation shall maintain all SPK CSMS1000:2026-required documented information in a controlled document management system with version control, review and approval processes, access permissions, and retention periods, ensuring it is available for use by CSMS personnel, the governing body, auditors, and external parties as required.

13.2.1

The organisation shall produce an annual sustainability report against a recognised reporting framework (GRI Standards, ISSB S1/S2, CSRD/ESRS, or equivalent) covering all material topics with quantitative performance data and year-on-year comparisons, make it publicly available within 6 months of the period end date, and maintain a framework index confirming the location of each required disclosure.

13.3.1

The organisation shall identify all mandatory external sustainability reporting obligations applicable in jurisdictions of material operation and document current compliance status, responsible functions, and filing timelines in the obligations register.

13.3.2

The organisation shall have documented processes for preparing, reviewing, and submitting all required external sustainability filings on time and in the required format, report filing compliance status to senior leadership at each management review, and proactively prepare data systems for known future mandatory requirements in advance of their effective date.

13.4.1

The organisation should consider which ESG ratings and evaluation schemes are material to the organisation's key investor, customer, or regulatory stakeholders, participate in at least one such scheme (CDP, MSCI ESG, DJSI, Sustainalytics, or equivalent), use rating feedback to identify programme improvement priorities, and track rating performance year-on-year.

13.5.1

The organisation should assess which ISO management system certifications are applicable and material to the CSMS scope, document a planned certification timeline for each relevant standard, and hold at least one ISO management system certification relevant to a material sustainability topic within 24 months of initial SPK CSMS1000:2026 certification.

14.1.1

The organisation shall continually improve the suitability, adequacy, and effectiveness of the CSMS. Suitability means the CSMS remains aligned with the organisation's evolving context, material topics, and stakeholder expectations. Adequacy means it has sufficient scope, resources, and governance to address all important and material sustainability topics. Effectiveness means it is achieving its intended outcomes and the organisation's sustainability objectives. These three dimensions shall each be addressed in every management review cycle.

14.1.2

The organisation shall use the following as mandatory inputs to the continual improvement process: outputs of the sustainability function review under Clause 12.6; outputs of the multi-level programme review under Clause 12.2; internal audit findings and corrective action trends under Clause 12.5; sustainability performance monitoring data under Clause 12.1; non-conformity and corrective action analysis under Clause 14.2; stakeholder feedback and engagement outcomes under Clause 6.1; benchmarking data under Clause 5.4; and external assessment findings under Clause 12.3.

14.1.3

The organisation shall maintain a documented continual improvement plan covering all material CSMS domains, specifying for each planned improvement: the improvement objective and expected outcome; the connection to the evidence or gap that identified the need for improvement; the responsible owner; required resources; target completion date; and the success criteria against which improvement will be assessed.

14.1.4

The organisation shall review the continual improvement plan at each management review cycle, assess progress against planned improvements, document impediments to delivery, and update the plan to reflect newly identified improvement priorities.

14.1.5

The organisation shall ensure that the sustainability programme culture actively encourages identification and honest reporting of weaknesses, shortfalls, and improvement opportunities. The organisation shall clearly distinguish between non-conformity with a management system requirement — which requires corrective action under Clause 14.2 — and failure to achieve an ambitious sustainability target, which requires analysis and improvement planning under this clause but does not constitute a non-conformity.

14.2.1

The organisation shall when a CSMS non-conformity occurs — defined as the non-fulfilment of any requirement of this standard — react promptly by: taking action to control and correct the non-conformity; addressing the immediate consequences for people, the environment, stakeholders, or the organisation's sustainability commitments; and determining whether the non-conformity has resulted in or could result in regulatory non-compliance, sustainability data misrepresentation, or harm to any person.

14.2.2

The organisation shall evaluate the need for action to eliminate the root cause or causes of each non-conformity in order to prevent recurrence and avoid occurrence elsewhere, by: documenting the nature, extent, and circumstances of the non-conformity; conducting systematic root-cause analysis using a documented methodology; and determining whether the same or similar non-conformities exist or could potentially occur in other parts of the organisation, supply chain, or outsourced CSMS functions.

14.2.3

The organisation shall implement corrective actions appropriate to the severity of each non-conformity and proportionate to its effects, assigning a named responsible owner and target completion date for each action, and documenting all planned corrective actions in a non-conformity register maintained as controlled documented information.

14.2.4

The organisation shall review the effectiveness of each corrective action following implementation, confirming that the root cause has been eliminated and that the non-conformity has not recurred. Where a corrective action is found to be ineffective, conduct further root-cause analysis and implement revised or additional corrective action until effectiveness is confirmed.

14.2.5

The organisation shall where corrective action requires changes to the CSMS — including changes to procedures, controls, objectives, governance arrangements, resource allocation, or scope — implement those changes in a planned manner under Clause 8.5 (Planning of Changes) and document the traceable connection between the non-conformity finding and the management system change.

14.2.6

The organisation shall distinguish between: CSMS non-conformities (failure to meet a requirement of this standard); sustainability non-compliances (failure to meet a legal, regulatory, or contractual obligation under Clause 6.3); and sustainability incidents (an event causing or potentially causing harm to people, the environment, or the organisation). Each category shall be managed through this non-conformity process, with additional notification and investigation requirements applying to non-compliances and incidents as specified in Clauses 6.1, 7.5, and 10.12 respectively.

14.2.7

The organisation shall maintain documented information as evidence of: the nature and extent of each non-conformity; the root causes determined; the corrective actions planned and implemented; evidence of corrective action effectiveness review; any resulting changes to the CSMS; and the current status of all open corrective actions.

14.2.8

The organisation shall report non-conformity trends — including the number, categories, root causes, and corrective action status of non-conformities in the review period — to senior leadership at each management review under Clause 12.3 and to the governing body at each governing body review under Clause 7.5. Use trend analysis as a primary input to the continual improvement process under Clause 14.1.