ESG risks reflects expectations around ethical sourcing, sustainability, and supplier conduct. These risks can affect reputation, compliance, and stakeholder trust.
Common ESG risk drivers include:
- Limited visibility of supply chains beyond tier one suppliers.
- Limited visibility of the impact of services on the climate (an ISO 27001 and 42001 consideration).
- Inconsistent screening for modern slavery or unethical practices.
- Misalignment between stated commitments and supplier behaviour.
- Reliance on self-attestation without validation.
Controls that support ESG risk management:
- Risk-based screening aligned to supplier location and activity.
- Clear expectations communicated through supplier codes of conduct.
- Escalation pathways for identified concerns.
- Integration of ESG considerations into supplier selection and renewal.
ESG risk management is most effective when embedded into supplier lifecycle decisions rather than treated as a reporting exercise.