CRISP Security Shield Logo

Compliance Risk &

Information Security Partners

Introducing the new small business third-party risk management company

15-N: Environmental, Social & Governance

This section evaluates your organization’s approach to Environmental, Social, and Governance (ESG) responsibilities and how these practices intersect with risk management and compliance.

The questions focus on whether you have defined ESG policies, oversight, and reporting; how you address environmental impact, labor practices, diversity and inclusion, and community responsibility; and how ethical conduct, anti-corruption, and board-level governance are enforced.

Overall, this section confirms that your organization manages ESG risks in a structured, transparent way that supports long-term resilience and responsible business conduct.

Explanation: Sustainability and resilience planning ensures an organization can adapt to market changes, environmental factors, and economic challenges, maintaining long-term viability.

Risks of Incorrect Answer: Lack of sustainability planning may lead to operational disruptions during unforeseen events.

Absence of resilience measures could result in financial losses or reputational damage.

Applicable Frameworks: ISO 22301: Business continuity management focuses on resilience.

NIST CSF (ID.BE-5): Encourages planning for sustainability and adaptability.

GRI Standards: Include sustainability reporting requirements

Explanation: Strong leadership and ethical practices build trust with stakeholders, while risk management ensures the organization can handle challenges effectively.

Risks of Incorrect Answer: Weak leadership or unethical behavior could result in legal penalties and reputational harm.

Ineffective risk management may lead to operational inefficiencies or financial losses.

Applicable Frameworks: ISO 31000: Risk management principles and guidelines.

NIST CSF (ID.RM-1): Encourages robust risk management programs.

UN Global Compact: Promotes ethical business practices and leadership.

Explanation:

Addressing environmental and social issues demonstrates corporate responsibility and ensures compliance with evolving regulations related to sustainability and ethical sourcing.

Risks of Incorrect Answer:

Ignoring these issues could lead to regulatory fines, supply chain disruptions, or reputational damage.

Non-compliance with environmental or labor laws may alienate customers and stakeholders.

Applicable Frameworks:

ISO 14001: Environmental management systems.

SA8000: Social accountability standards.

GRI Standards: Reporting on environmental and social impacts

Explanation:

Diversity in procurement supports social equity, enhances innovation, and aligns with corporate social responsibility goals.

Risks of Incorrect Answer:

Excluding diverse suppliers may result in missed business opportunities or non-compliance with diversity-related mandates.

Failure to support diverse suppliers could harm public perception.

Applicable Frameworks:

UN Sustainable Development Goals (SDG 5 and SDG 10): Promote inclusivity and reduced inequalities.

GRI Standards (GRI 204): Address procurement practices and supplier diversity.

ISO 26000: Guidance on social responsibility, including inclusive practices.

THANK YOU


You have successfully completed
the Environmental, Social & Governance portion of this Assessment.

Please Press Submit
so that we can process your results

NEXT
CRISP Secrity Logo

​Compliance Risk &

Information Security
Partners

CRISP

Empowering small businesses
with BIG Solutions

Some or all of the services described in this engagement may not be available to certain clients, including those who have affiliations or relationships with audit firms or related entities.

The information provided herein is of a general nature and is not intended to address the specific circumstances of any individual or entity. While we strive to offer accurate and up-to-date information, we cannot guarantee its accuracy at the time it is received or in the future. No action should be taken based solely on this information without seeking appropriate professional advice tailored to your particular situation. CRISP does not provide legal or tax advice.

This information is not intended to constitute “written advice concerning one or more Federal tax matters” as defined by section 10.37(a)(2) of Treasury Department Circular 230.

Contact Us

Let’s discuss your unique security needs and address any other questions you may have. Contact us today for a free consultation and take the next step towards strengthening your company’s defenses.

LEGAL POLICIES

Privacy Policy

Terms & Conditions

Disclaimer

Cookie Policy

DSAR

Refunds/Returns

Shipping Policy

EULA

Message

© 2025 Compliance Risk & Information Security Partners (CRISP). All rights reserved.