ISO/DIS 14019-1:2024(en)

ISO/TC 207/SC 2

Secretariat: UNI

Date: 2024-09-11

Sustainability information — Part 1: General principles and requirements for validation and verification

Informations sur la durabilité — Partie 1 : Principes généraux et exigences pour la validation et la vérification

© ISO 2024

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office

CP 401 • Ch. de Blandonnet 8

CH-1214 Vernier, Geneva

Phone: +41 22 749 01 11

Email: copyright@iso.org

Website: www.iso.org

Published in Switzerland

Contents

Foreword 4

Introduction 5

1 Scope 7

2 Normative references 7

3 Terms and definitions 7

3.1 Terms related to sustainability information 7

3.2 Terms related to entities involved in declared sustainability information validation and verification 9

3.3 Terms used in the validation and verification of declared sustainability information 11

4 Principles 17

4.1 General 17

4.2 Principles for the validation/verification process 17

5 Declared sustainability information 18

5.1 General 18

5.2 Quantitative and qualitative information 19

5.3 Difference between data and information 20

6 Assurance opinions and other deliverables 20

6.1 General 20

6.2 Assurance opinion 20

6.3 Mixed engagements 21

6.4 Development of the deliverable and its format 21

7 Validation/Verification programme 21

7.1 General 21

7.2 Description of the declared sustainability information 22

7.3 Specified requirements and criteria applying to the declared sustainability information 22

7.4 Specified requirements and criteria for executing the validation/verification 23

7.5 Rules and procedures and competence for validation/verification activities 23

7.6 Types of validation/verification outcome 24

8 Validation and verification processes 24

Annex A (informative) Terminology comparison between conformity assessment (ISO) and assurance (ISSA 5000) 25

Annex B (informative) Intended users and interested parties 26

B.1 General 26

B.2 Responsibilities 26

B.3 Legal considerations 27

B.4 Types of intended users 27

B.5 Types of information that can affect intended users’ decisions 28

B.6 Interested parties 28

B.7 Determining what sustainability information to be disclosed 29

Annex C (informative) Declared sustainability information 30

C.1 Principles associated with declared sustainability information 30

C.1.1 Meaningful, relevant and credible 30

C.1.2 Systems thinking 30

C.1.3 Intended users, interested parties and consultation 30

C.1.4 Transparency 31

C.1.5 Confidentiality 31

C.2 Sustainability information 31

C.3 Impact and dependencies 31

C.4 Intended user determination 32

C.5 Relevance determination process 32

C.6 Declared sustainability information 32

C.7 Disclosed sustainability information 33

Annex D (informative) Deliverables from validation and verification activities 35

D.1 General 35

D.2 Agreed-upon procedures 35

D.3 Report 36

Annex E (informative) Assurance and types of assurance opinions 37

E.1 General 37

E.2 Assurance of declared sustainability information 37

E.3 Levels of assurance 38

E.4 Types of assurance opinion 38

Annex F (informative) Reference to assurance opinions and use of marks 45

F.1 General 45

F.2 References to assurance opinions 45

F.2.1 General 45

F.2.2 References to verification on product statements based on life cycle assessment of products 46

F.3 Use of marks 46

Annex G (informative) Examples of reports of factual findings (AUP reports) 47

G.1 General 47

G.2 Example of a report of factual findings for a company destroying ozone-depleting substances 48

Bibliography 51

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

ISO draws attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee ISO/TC 207, Environmental management, Subcommittee SC 2, Environmental auditing and related environmental investigations in conjunction with ISO/CASCO, Committee on Conformity Assessment.

A list of all parts in the ISO 14019 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

0.1   With increasing public demand and advancing legal provisions (regulatory and contractual) for declarations, disclosures and reporting of sustainability information, there is a significant market need for the validation, verification and assurance of this information.

0.2   Standards are needed for both:

a) identifying metrics and indicators, monitoring, compiling, reporting, declaring and disclosing information about sustainability matters (including environmental, social and governance (ESG) matters); and

b) harmonised approaches to validation/verification and assurance of that information.

Validated and verified sustainability information can be used for decision making including investment decisions, procurement decisions, or individual choices during consumer purchasing, the use of services and decisions on where to work.

0.3   In this document, the sustainability information that is declared by a responsible party is the object of the validation or verification. Validation and verification bodies assess the declared sustainability information for its conformity and fulfilment of ‘specified requirements and criteria’.

0.4   Specified requirements and criteria are set by a validation/verification programme, which could be a mandatory regulatory reporting programme, or a voluntary programme for a specific sector or sustainability matter. The result of a completed validation/verification activity can be the provision of an assurance opinion which attests that the specified requirements and criteria have been fulfilled and:

a) the reasonableness of the assumptions, limitations and methods that support declared sustainability information about a future outcome has been validated; and

b) the material correctness and fair representation of historical data and information has been verified.

NOTE The primary outcome of validation/verification activities under the ISO 14019 series of standards is an assurance opinion. In addition, the ISO 14019 series of standards allows for alternative non-assurance outcomes or deliverables. The deliverable chosen for each specific validation/verification activity (i.e. an assurance opinion or a non-assurance deliverable) is specified in the relevant validation/verification programme and confirmed between the validation/verification body and it’s client in a specific engagement agreement. Non-assurance deliverables include reports of factual findings based on agreed-upon procedure (AUP report), findings reports and evidence reports. These non-assurance deliverables can be appropriate for situations where an assurance opinion is not required, for example, in voluntary or internal reporting, reporting from organizations upstream or downstream in the value chain, or for small and medium-sized enterprises (SMEs), or in situations where capacity building is being undertaken, or when the expense of an assurance opinion is prohibitive.

0.5   The overall aim of validation/verification is to give confidence to intended users that the declared sustainability information is fairly stated, can be used for the defined purpose and fulfils specified requirements and criteria. This confidence is provided through an impartial validation or verification process undertaken by a competent validator/verifier.

0.6   Parties that have an interest in validation/verification include, but are not limited to:

a) clients of validation/verification bodies;

b) validation/verification programme owners and other developers of standards;

c) regulatory authorities;

d) intended users of validated/verified declared sustainability information (e.g. investors, supply chain partners, industry bodies, NGOs, consumers) and other interested parties.

0.7   Frameworks, principles and processes guiding validation/verification methodologies should be compatible with the globally accepted quality infrastructure (standardisation, conformity assessment by validation/verification, peer assessment, accreditation). Furthermore developing these methodologies as ISO standards would allow all interested parties, especially those with already implemented structures and existing instruments, to participate.

0.8   Standards for the declaration and reporting of sustainability information already existing or under development relate, for instance, to organizations (e.g. listed companies or suppliers) that are increasingly required to report specific ESG or sustainability matters under voluntary or mandatory arrangements (e.g. as a pre-requisite to supply chain or market access, precondition for tenders and government procurement, and as part of securities exchange or regulatory annual reporting).

0.9   Within the existing legal framework of many countries and regions, the global system of conformity assessment and its recognition (e.g. through multilateral arrangements between accreditation bodies), the tools for reliable assessment and confirmation of declared information (claims, reports etc.) currently exist. However, standardised specifications of a consistent process for validating and verifying declared sustainability information is lacking.

0.10   Parties interested in qualitatively trustworthy and quantitatively comparable information will benefit from standardised validation/verification processes to be performed by legal entities that fulfil the requirements of ISO/IEC 17029, Conformity assessment — General principles and requirements for validation and verification bodies.

0.11   While validation and verification both result in a confirmation of declared information, they differ significantly in their execution. Assessing historic data with respect to truthful and correct statements in a verification requires different methodological approaches than determining whether declarations on an intended purpose or future effect is reasonable and plausible in a validation. It is therefore decided to develop separate documents for the validation process (ISO 14019-3) and the verification process (ISO 14019-2).

0.12   As for the type of information to be validated or verified, distinction could be made according to the subject matter (e.g. environmental, social, governance). However, taking the perspective of describing methodologies, the distinction according to the nature of the assessed information, being quantitative or qualitative, appears more rational.

0.13   ISO 14019 is developed in separate parts to provide a consistent overview of the entire validation/verification of sustainability information, and give general and specific requirements for validation/verification processes. Where the principles and requirements undergo rapid development, the individual parts can undergo revision separately as required.

0.14   In summary the parts to ISO 14019 are:

— Part 1 (this document) specifies terminology, principles and general requirements applicable to both validation and verification.

— The process specifics of verification (Part 2, under development) and validation (Part 3, development intended) are provided in separate documents.

— Part 4 (under development) contains the specific requirements applying to the validation/verification bodies and their personnel, the validators and verifiers, in addition to generic requirements of ISO/IEC 17029.

Sustainability information — Part 1: General principles and requirements for validation and verification

1.1 This document specifies general principles and requirements for the validation/verification of declared sustainability information, including reporting on environmental, social, governance and other sustainability matters. It applies to quantitative and qualitative information.

NOTE These principles and requirements complement the set of rules and procedures that are provided in validation/verification programmes.

1.2 This document can also be used as the basis for validation/verification activities that support other conformity assessment schemes.

NOTE This document can be applied by validation/verification bodies operating according to ISO/IEC 17029.

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 17029:2019, Conformity assessment — General principles and requirements for validation and verification bodies

For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminology databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at https://www.electropedia.org/

NOTE Annex A provides a comparison table between ISO/IEC and ISSA 5000 terminology.

3.1.1

sustainability

state of the global system in which the needs of the present are met without compromising the ability of future generations to meet their own needs

Note 1 to entry: Sustainability is the goal of sustainable development.

Note 2 to entry: Sustainability can include environmental, social, economic, governance and other aspects.

[SOURCE: ISO Guide 82:2019, 3.1, modified. Reference to “environmental, social and economic aspects” removed from definition and Note 1 from ISO Guide 82 deleted. Note 2 to entry added.]

3.1.2

sustainability matters

attribute that can influence sustainability, including an organization’s governance, objectives, goals, plans, processes and performance

Note 1 to entry: Sustainability matters are also referred to as “underlying subject matter”.

Note 2 to entry: Identification of sustainability matters can be undertaken from various viewpoints, including from the viewpoint of intended users, interested parties and from the viewpoint of those that may be affected by decisions of others in relation to sustainability. It may also be possible to take a viewpoint from a non-human perspective such as another species or ecosystem, or a natural system at local, regional or global scales (e.g. carbon or water cycle).

Note 3 to entry: Sustainability matters can be a description of a classification of underlying sustainability attributes and can be an aggregation of those attributes.

Note 4 to entry: Sustainability matters can relate to an organization’s influence as well as influence on an organization.

Note 5 to entry: Sustainability matters include attributes related to impacts, dependencies and performance.

Note 6 to entry: Attributes can relate to activities, products, services, value chains, natural and economic systems.

Note 7 to entry: Often sustainability matters will be interdependent and have complex cause and effect relationships and feedback loops.

3.1.3

sustainability information

information about sustainability matters

Note 1 to entry: Sustainability information can result from measuring or evaluating sustainability matters against specified requirements and criteria. Sustainability information is also referred to as “subject matter information”.

Note 2 to entry: Sustainability information is grounded in systems thinking and includes consideration of the interaction and interdependence between different sustainability matters.

Note 3 to entry: Sustainability information can be numerical, verbal, written, recorded, visual, virtual, etc.

Note 4 to entry: Validation/verification programmes can use alternative terms to categorise sustainability information, such as “issues”, ”factors”, etc.

3.1.4

declared sustainability information

sustainability information that is declared by a responsible party

Note 1 to entry: The responsible party determines the relevance of what it chooses to declare based on consideration of its intended users and their needs for information to make decisions for a purpose (see Annex B for more information on intended users).

Note 2 to entry: The term “declared sustainability information” in ISO 14019 is used in place of the term “claim” in ISO/IEC 17029.

Note 3 to entry: Declared sustainability information can represent a situation at a point in time or could cover a period of time (see Annex C for more information on declared sustainability information).

Note 4 to entry: Declared sustainability information is clearly identifiable and capable of consistent evaluation or measurement against specified requirements and criteria.

Note 5 to entry: Declared sustainability information can be provided in the form of a report, a statement, a disclosure, a declaration, a project plan, consolidated data or performance indicator. It can be provided in any format be that written, oral, recording, video, website or a combination thereof.

Note 6 to entry: Declared sustainability information can include information about more than one sustainability matter (e.g. an ESG declaration or a natural capital report).

3.1.5

disclosed sustainability information

sustainability information that is made available to parties external to the responsible party

Note 1 to entry: Examples of parties external to the responsible party to which sustainability information is disclosed can be: an intended user, a current or potential investor or lender, a supplier, a customer, a regulator, the public or any other organization or person.

Note 2 to entry: Disclosed sustainability information can be, in full or in part, declared sustainability information.

3.1.6

relevance determination process

process used by the responsible party to determine what sustainability information is to be included in the declared sustainability information to meet the need of identified intended users to make decisions for their stated purpose

Note 1 to entry: The relevance determination process may also be referred to as “the process to identify reporting elements”, “materiality process”, amongst other terms.

3.1.7

impact

positive or negative change in an outcome as a result of an organization’s decisions or execution, and the consequences of those decisions

Note 1 to entry: Taking account of other causes of any change in those outcomes.

Note 2 to entry: The change in an outcome can be positive or negative depending on its relation to a threshold.

Note 3 to entry: There may be interim points between actions and their resulting impacts where measurement can support management towards achieving organizational purpose.

[SOURCE: ISO 37005:2024, modified: the words “organizational outcome (3.8) because of a governing body´s” in the definition replaced by the words “organization”, Note 4 to entry deleted.]

3.2.1

client

organization or person requesting validation/verification

Note 1 to entry: The client is the party instructing the validating/verifying body to carry out the validation/verification of the declared sustainability information.

Note 2 to entry: The client can be the responsible party or the intended user of the validated/verified declared sustainability information.

[SOURCE: ISO/IEC 17029:2019, 3.13, modified — The word “claim” is replaced by the words “declared sustainability information”. Note 2 to entry added.]

3.2.2

programme owner

person or organization responsible for developing and maintaining a specific validation programme or verification programme

Note 1 to entry: The programme owner can be the validation/verification body itself, a governmental authority, a trade association, a group of validation bodies/verification bodies, an external programme owner or others.

[SOURCE: ISO/IEC 17029:2019, 3.10]

3.2.3

responsible party

organization or person providing the declared sustainability information

Note 1 to entry: The responsible party is responsible for all information supporting the declared sustainability information, irrespective of whether they gathered it themselves or it was gathered by another party. The sources, methodologies and technologies used to gather such information may be provided by another party, however responsibility for the accuracy and veracity of the information remains with the responsible party.

3.2.4

intended user

organization or person that is intended by the responsible party to use the declared sustainability information to make decisions for its or their stated purpose

Note 1 to entry: An intended user can act on behalf of one or more interested parties.

3.2.5

interested party

person or organization that can affect, be affected by, or perceive itself to be affected by sustainability matters or sustainability information

Note 1 to entry: Interested parties can include, but are not limited to, employees, material suppliers, manufacturers, trade associations, purchasers, users, consumers, non-governmental organizations (NGOs), public agencies, conformity assessment bodies, indigenous communities and vulnerable individuals.

Note 2 to entry: ‘affected by’ can also include being ‘impacted by’.

[SOURCE: ISO 14050:2020, 3.1.2, modified — Reference to “by a decision or activity” replaced by a reference to “sustainability matters or sustainability information”. Notes to entry modified and added.]

3.2.6

validation body

body that performs validation

Note 1 to entry: A validation body can be an organization, or part of an organization.

[SOURCE: ISO/IEC 17029:2019, 3.4, modified — Note 1 to entry added.]

3.2.7

verification body

body that performs verification

Note 1 to entry: A verification body can be an organization or part of an organization.

[SOURCE: ISO/IEC 17029:2019, 3.5]

3.2.8

validator

competent and impartial person with responsibility for performing and reporting on a validation

[SOURCE: ISO 14065:2020, 3.3.6]

3.2.9

verifier

competent and impartial person with responsibility for performing and reporting on a verification

[SOURCE: ISO 14065:2020, 3.3.5]

3.2.10

organization

person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives

[SOURCE: ISO 14050:2020, 3.1.1, modified — Note 1 to entry has been deleted.]

3.2.11

technical expert

person who provides specific knowledge on a specified subject

Note 1 to entry: Specific knowledge or expertise is that which relates to the organization or the process or activity associated with the subject to be verified or validated, finance, local regulations, language or culture.

Note 2 to entry: A technical expert does not act as a verifier or validator in the validation/verification team.

[SOURCE: ISO 14066:2023, 3.3.5, modified — Notes 1 and 2 to entry have been revised.]

3.2.12

competence

ability to apply knowledge and skills to achieve intended results

[SOURCE: ISO 14066:2023, 3.1.2]

3.2.13

team leader

person who manages the validation team (see 3.1.7) or verification team (see 3.1.8)

[SOURCE: ISO 14066:2023, 3.4.9]

3.2.14

validation team

one or more validators conducting validation activities, supported if needed by technical experts

Note 1 to entry: One person of the validation team is appointed as the team leader.

Note 2 to entry: The validation team may be accompanied by validators-in-training.

[SOURCE: ISO 14066:2023, 3.4.7]

3.2.15

verification team

one or more verifiers conducting verification activities, supported if needed by technical experts

Note 1 to entry: One person of the verification team is appointed as the team leader.

Note 2 to entry: The verification team may be accompanied by verifiers-in-training.

[SOURCE: ISO 14066:2023, 3.4.8]

3.2.16

independent reviewer

competent person, who is not a member of the validation/verification team, who reviews the verification or validation activities and conclusions

[SOURCE: ISO 14064-3:2019, 3.2.9]

3.3.1

validation/verification programme

set of rules and procedures that describe the declared sustainability information, identifies the specified requirements and criteria, and provides the methodology for performing validation/verification

Note 1 to entry: Programmes may be operated at international, regional, national, sub-national, sector-specific or organizational levels.

Note 2 to entry: A programme can also be called a “scheme”.

Note 3 to entry: A programme can include a combination of validation and verification activities, and result in mixed engagements.

Note 4 to entry: A programme can be a set of activities defined by a validation/verification body in agreement with their client or refer to a formal programme document which has a set of rules with varying degrees of specification and complexity.

Note 5 to entry: Programmes can be voluntary or mandatory in the case of regulation or contractual requirements.

[SOURCE: ISO/IEC 17000:2020 4.9, modified — “declared sustainability information” has been substituted for “object of conformity assessment” and “validation/verification” has been substituted for “conformity assessment”. Notes to entry have been added.]

3.3.2

criteria

policies, procedures or requirements used as a reference against which the declared sustainability information is validated or verified

Note 1 to entry: Criteria may be established by governments, regulators, programmes, voluntary reporting initiatives, standards, codes of practice, or internal procedures.

Note 2 to entry: “specified requirements and criteria” is used in place of “specified requirements” used in ISO/IEC 17029.

[SOURCE: ISO 14064-3:2019, 3.6.10, modified — “declared sustainability information” has replaced “GHG statement”. Notes 1 and 2 to entry have been added.]

3.3.3

specified requirement

need or expectation that is stated

Note 1 to entry: Specified requirements can be stated in normative documents such as regulations, standards and technical specifications.

Note 2 to entry: Specified requirements can be detailed or general.

Note 3 to entry: “specified requirements and criteria” is used in place of “specified requirements” used in ISO/IEC 17029.

[SOURCE: ISO/IEC 17000:2020, 5.1, modified— Note 3 to entry added.]

3.3.4

product

any good or service

Note 1 to entry: The definition of product can refer to the process of producing the good or service.

[SOURCE: ISO 14050:2020, 3.5.12, modified — Note 1 to entry added.]

3.3.5

value chain

sequence of activities, or parties, that create or receive value through the provision of a product (3.3.4)

Note 1 to entry: In this document, value chain is regarded as a broader concept than supply chain (persons or organizations that perform a sequence of activities to produce and deliver a product). The supply chain is a part of the value chain, but the value chain can also include other persons or organizations upstream and downstream from the supply chain and not directly involved in the supply chain. All the persons or organizations in the value chain are all or part of the interested parties and interested parties may be persons or organizations outside the value chain.

[SOURCE: ISO 14050:2020, 3.5.28, modified — commas added to the definition and Note 1 to entry added.]

3.3.6

validation

process for evaluating the reasonableness of the assumptions, limitations and methods that support declared sustainability information about the outcome of future activities

Note 1 to entry: The term “declared sustainability information” in ISO 14019 is synonymous with the term “claim” in ISO/IEC 17029.

[SOURCE: ISO/IEC 14065, 3.3.16, modified — Note 1 to entry added.]

3.3.7

verification

process for evaluating declared sustainability information of a historical nature to determine if the declared sustainability information is materially correct and conforms to specified requirements and criteria

Note 1 to entry: The term “declared sustainability information” in ISO 14019 is synonymous with the term “claim” in ISO/IEC 17029.

Note 2 to entry: Evaluation activities performed that do not provide assurance are called agreed-upon procedures.

[SOURCE: ISO/IEC 14065:2020, 3.3.15, modified — Replaced the words “environmental information statement” with “declared sustainability information” and Note 1 to entry added.]

3.3.8

level of assurance

degree of confidence in the declared sustainability information

Note 1 to entry: The levels of assurance and the conditions to achieve them can be defined in the programme (e.g. reasonable, limited).

[SOURCE: ISO/IEC 17029:2019, 3.15, modified — The word “claim” replaced by the words “declared sustainability information”.]

3.3.9

material

significant to intended users

[SOURCE: ISO/IEC 17029:2019, 3.16, modified — Notes 1 and 2 to entry deleted.]

3.3.10

materiality

concept that misstatements, individually or aggregated, could influence the reliability of the declared sustainability information and hence decisions made by the intended user

Note 1 to entry: Materiality can be qualitative or quantitative.

[SOURCE: ISO/IEC 14065:2020, 3.3.19, modified — Editorial change in definition and Note 1 to entry added.]

3.3.11

misstatement

error, omission, misreporting or misrepresentation in the declared sustainability information

Note 1 to entry: Misstatement can be qualitative or quantitative.

Note 2 to entry: Misstatements are not limited to numerical errors but include errors in presentation, declared sustainability information, sustainability matters or assumptions as well as the potential for statements to mislead the intended user.

Note 3 to entry: Misstatement can be unintentional or intentional, including fraud.

[SOURCE: ISO 14065:2020, 3.3.21, modified — Replace the words “environmental information statement” with the words “declared sustainability information”.]

3.3.12

material misstatement

individual misstatement or the aggregate of actual misstatements in the declared sustainability information that could affect the decisions of the intended users for their stated purpose.

[SOURCE: ISO 14065:2020, 3.2.22, modified — Replace the words “environmental information statement” with the words “declared sustainability information”.]

3.3.13

engagement risk

risk that the assurance opinion reaches an inappropriate conclusion when the declared sustainability information is materially misstated

3.3.14

sampling risk

the risk that the verifier’s conclusion based on a sample can be different from the conclusion if the entire population were subjected to the same verification procedure

3.3.15

information risk

likelihood of a material misstatement materializing and the consequences

[SOURCE: ISO 28004-1:2007, 3.1, modified — The word “information” added to the term “risk”.]

3.3.16

risk assessment

overall process for risk identification, risk analysis, risk evaluation, and risk mitigation

[SOURCE: ISO 22734:2019, 3.30, modified — The word “of” replaced by “for” in the definition.]

3.3.17

scope limitation

specific situation in which part of a validation/verification cannot be performed as intended

Note 1 to entry: Conclusions, including the assurance opinion provided, may be affected by these limitations.

Note 2 to entry: Scope limitations can be due to various factors, such as limited access to information, time constraints, inadequate resources, or restrictions imposed by the client or responsible party.

Note 3 to entry: Scope limitations may prevent the validator/verifier from obtaining complete and unrestricted access to all relevant information or conducting a thorough examination of certain areas or activities.

3.3.18

inherent limitation

constraint or uncertainty present in any validation/verification

Note 1 to entry: Inherent limitations may arise due to factors beyond the control of the validator/verifier and is integral to the nature of the validation/verification activities. Examples include the reliability of information, the possibility of fraud or error, the effectiveness of internal controls, or the future-oriented nature of validation activities.

Note 2 to entry: Even with a well-planned and executed validation/verification process, there is always a residual risk that some material misstatements or issues may go undetected.

3.3.19

strategic analysis

process to comprehend the context for validation/verification activities

Note 1 to entry: The process includes researching, gathering, and analysing information in relation to a responsible party, its business environment and its declared sustainability information.

3.3.20

scope of validation/verification

identification of:

— the declared sustainability information (see 3.1.3) to be the object of validation (see 3.3.6) or verification (see 3.3.7) including the boundaries of the declared sustainability information;

— the applicable validation/verification programme (see 3.3.1); and

— the specified requirements and criteria to which the declared sustainability information is validated/verified.

[SOURCE: ISO 17029:2019, 3.11, modified — Replaced the word “claim” with the words “declared sustainability information” and replaced the words “standards and other normative documents, including their date of publication” with the words “specified requirements and criteria”.]

3.3.21

evidence report

issue of results from evidence gathering activities

Note 1 to entry: An evidence report includes the evidence gathered. It does not include the outcome of any review or any decision as to whether specified requirements and criteria have been fulfilled, and thus does not provide an assurance opinion.

3.3.22

findings report

issue of review results from review of evidence gathering

Note 1 to entry: A findings report includes consideration whether the evidence gathering activities have been suitable, adequate and effective, and whether they have resulted in conclusive evidence with regard to fulfilment of specified requirements and criteria. It does not include any decision as to whether specified requirements and criteria have been fulfilled, and thus does not provide an assurance opinion.

3.3.23

assurance

confidence that can be placed on the declared sustainability information as a result of validation or verification processes

3.3.24

assurance opinion

assurance statement

declaration by the validation/verification body on assurance (see 3.3.23) in accordance with an engagement agreement

Note 1 to entry: Assurance opinions can be referred to using specific programme terminology, such as “decisions”, “statements” or “reports”.

Note 2 to entry: The assurance opinion reflects only the situation at the point in time it is issued.

Note 3 to entry: The assurance opinion for a verification can be confirming or not confirming the information declared by the responsible party, with or without comments, according to the programme requirements.

Note 4 to entry: The assurance opinion for validation can be confirming or not confirming the assumptions/methodologies used to develop the projected future information that is declared by the responsible party, with or without comments, according to the programme requirements.

3.3.25

agreed-upon procedures

AUP

engagement agreement that results in a report on validation or verification activities and does not provide an assurance opinion

[SOURCE: ISO 14064-3 2019, 3.6.4]

3.3.26

AUP report

report of factual findings

documented output of agreed-upon procedures

3.3.27

nonconformity

non-fulfilment of a requirement

Note 1 to entry: Some programmes can require that nonconformities raised against legal requirements related to the programme are raised as noncompliances.

[SOURCE: ISO 14064-3:2019, 3.6.19, modified — Note 1 to entry has been added.]

3.3.28

professional scepticism

attitude that includes a questioning mind and a critical assessment of evidence

[SOURCE: ISO 14066:2023, 3.1.1]

3.3.29

impartiality

objectivity with regard to the outcome of a validation/verification activity

Note 1 to entry: Objectivity can be understood as freedom from bias or freedom from conflicts of interest.

Note 2 to entry: Other terms that are useful in conveying the element of impartiality include “independence”, “freedom from conflicts of interest”, “freedom from bias”, “lack of prejudice”, “neutrality”, “fairness”, “open-mindedness”, “even-handedness”, “detachment” “balance”.

[SOURCE: ISO/IEC 17000:2020, 5.3, modified — The word “conformity assessment” has been replaced by “validation/verification”, Note 2 to entry has been added.]

3.3.30

consultancy

provision of specific expertise on the subject matter that supports the preparation of the declared sustainability information

Note 1 to entry: Arranging training and participating as a trainer is not considered consultancy, provided that, where the course relates to validation/verification or the declared sustainability information being validated or verified, it is confined to the provision of generic information, i.e. the trainer should not provide client-specific advice or solutions.

[SOURCE: ISO/IEC 17029:2019, 3.14]

3.3.31

appeal

request by the responsible party or client to the validation/verification body for reconsideration of a decision it has made with respect to the issuance of an assurance opinion

[SOURCE: ISO/IEC 17000:2020, 8.6, modified — The words “person or organization that provides, or that is, the object of conformity assessment” have been replaced by “responsible party or client”, the words “a conformity assessment body or an accreditation body” have been replaced by “the validation/verification body”, the words “relating to that object” have been replaced by “with respect to the issuance of an assurance opinion”.]

3.3.32

complaint

expression of dissatisfaction, other than appeal, by any person or organization to a body, relating to the activities of that body, where a response is expected

[SOURCE: ISO/IEC 17000:2020, 8.7, modified — The word “body” has replaced “conformity assessment body or an accreditation body”.]

3.3.33

engagement

arrangement between the validation/verification body and its client with the terms to perform services, usually specified in the form of a contract

Note 1 to entry: The word “engagement” is also sometimes used to refer to the activities performed under an engagement, such as a validation or a verification, or an agreement to perform agreed-upon procedures.

The application of principles is fundamental to ensure that declared sustainability information is presented fairly and truthfully. Principles provide the basis for and guide the application of the requirements in this document.

NOTE Principles for declared sustainability information are included in Annex C.

4.2.1.1 The validation/verification process deploys techniques for reaching accurate, defensible, reliable and reproducible validation/verification conclusions that are based on sufficient and appropriate objective evidence.

4.2.1.2 The assurance opinion is based on evidence collected through an objective validation/verification process of the declared sustainability information.

4.2.1.3 Evidence is based on sampling of information. Sampling is undertaken appropriately to ensure confidence in the assurance opinion and the level of assurance.

4.2.1.4 The validation/verification body exercises due professional care and judgement in validating/verifying evidence, especially in the case of qualitative information.

4.2.2.1 The validator/verifier follows a consistent approach throughout the validation/verification process.

4.2.2.2 Where changes in the engagement agreement are necessary, any associated effects on the validation/verification activities and intended outcomes are determined and explained in the assurance opinion.

4.2.2.3 The validation/verification process is documented and forms the basis for the conclusion and decision regarding assurance of the declared sustainability information.

4.2.3.1 Decisions are based on objective evidence obtained through the validation/verification process and are not influenced by other interests or parties.

4.2.3.2 Threats to impartiality can include but are not limited to the following:

a) self-interest: threats that arise from a person or body acting in their own interest (e.g. commercial or financial self-interest);

b) self-review: threats that arise from a person or body reviewing the work done by themselves (e.g. consultancy);

c) over familiarity (or unquestionable trust): threats that arise from a person or body being too familiar with or trusting of another person instead of seeking evidence for validation/verification;

d) intimidation: threats that arise from a person or body having a perception of being coerced openly or secretively, such as a threat to be replaced or harmed.

Personnel have the necessary knowledge, skills, behaviours, experience, training, supporting infrastructure and capacity to effectively perform validation/verification activities.

NOTE 1 Personnel include those persons that are employees, directors and committee members of the body, and any contracted persons that are used by the body to undertake validation/verification activities including technical experts .

NOTE 2 ISO 14019-4 Annex A includes requirements for competence of validation/verification teams, validators and verifiers, independent reviewers and technical experts.

4.2.5.1 Confidential and sensitive information obtained or created during validation/verification activities is safeguarded and not inappropriately or carelessly handled or disclosed.

4.2.5.2 Information is not used inappropriately for personal gain by those involved in the validation/verification process or in a manner detrimental to the legitimate interest of the client or responsible party.

Integrity is demonstrated through the behaviour, trust, honesty, working with diligence and responsibility, observing the law, maintaining confidentiality and making disclosures expected by the law and the profession throughout the validation or verification process.

Validation/verification activities, findings, conclusions and assurance, including significant problems encountered during the validation/verification activities are truthfully and accurately reflected, and all unresolved or divergent views between the validation/verification body and the client or responsible party are truthfully and accurately disclosed.

Due professional care, judgement and competence is exercised in accordance with the risk attributed to the tasks performed and the confidence that is placed upon the validation/verification process by clients and intended users.

Professional judgement draws meaningful and accurate conclusions, opinions and interpretations that are based on observations, knowledge, experience, literature, objective evidence and other sources of information, and demonstration of professional scepticism.

NOTE ISO 14019-4 Annex A describes professional skills of validation/verification teams, validators and verifiers.

5.1.1 Declared sustainability information is the object of conformity assessment in validation/verification. Declared sustainability information is derived from consideration of sustainability, sustainability matters, sustainability information, and activities by the responsibility party to:

a) identify impacts, dependencies, and intended users; and

b) determine what sustainability information is relevant to intended users to enable them to make decisions for their stated purpose.

NOTE See Annex B for further information about intended users and Annex C for further information about declared sustainability information.

5.1.2 A visual representation of sustainability, sustainability matters, sustainability information and declared sustainability information is provided in Figure 1.

Figure 1 — Sustainability matters, sustainability information and declared sustainability information

5.1.3 The general description of declared sustainability information is provided within a context of a validation/verification programme. A validation/verification programme provides the specified requirements and criteria that the declared sustainability information has to fulfil and the methodology for validation/verification activities. These specified requirements and criteria and methodology can be contained in normative documents, such as standards, regulations, or reporting programmes.

5.1.4 The specific declared sustainability information to be validated or verified is:

a) defined in an engagement agreement between a validation/verification body and its client based on the agreed validation or verification programme;

b) dependent on what supporting information is available to be used to undertake validation or verification;

c) linked to the controls the responsible party has on the declared sustainability information; and

d) not under control of the responsible party, and if so, who has that control (e.g. other parties within a value chain), or whether there is no control on the information.

5.2.1 Declared sustainability information can be based on quantitative information, such as measurable contributions, number of workplace injuries, amount of water consumption, etc.

5.2.2 Declared sustainability information can be based on qualitative information, such as narrative reports, information from business strategy and action plans, community involvement, indigenous representation, etc.

5.2.3 Ways that information can be transformed include, but are not limited to, the following:

a) by summarizing large data sets;

b) by analyzing data to identify trends over time;

c) by visualizing information through charts, graphs, and infographics;

d) by combining data from different sources to provide a holistic view of sustainability performance;

e) by contextualizing data by comparing it to benchmarks, targets, or industry averages.

Transformation of data does not alter the fact that access to raw data is needed to see how the transformation has been performed.

5.2.4 The validation/verification activities that are applied to declared sustainability information depend on the type of information (quantitative or qualitative) and include:

a) in case of quantitative information application of statistics, re-measurement or re-calculation, and comparison with target or threshold values; and

b) in case of qualitative information application of hypothesis testing, evaluation of consistency between underlying supporting qualitative information, review of external resources, and professional judgement.

5.3.1 Data refers to the raw, unprocessed facts and figures that are collected through various sources and methods, such as surveys, measurements, observations, or transactions. Data can be quantitative (e.g. numbers, quantities) or qualitative (e.g. descriptions, attributes), and can be stored in various forms, such as text, images, audio, or video. Data by itself is meaningless and does not provide any context or insight into what it represents.

5.3.2 Information, on the other hand, is the processed, organised, and meaningful data that has been transformed into a usable form to support decision-making or understanding.

NOTE In the ISO 14019 series of standards the term “information” is used to encompass both raw unprocessed data and the processed data.

6.1.1 The types of deliverables (outputs) provided to the client after validation/verification of declared sustainability information using the ISO 14019 series of standards include:

a) assurance opinions; and

b) non-assurance deliverables.

NOTE 1 Issued deliverables can be used as stand-alone outputs by clients as well as by other conformity assessment bodies using it as input to their activities.

NOTE 2 Examples of non-assurance deliverables include agreed-upon procedures reports (AUP reports), evidence reports and findings reports.

NOTE 3 Further explanation is provided in Annex D on the types of deliverable, Annex E on assurance and assurance opinions, Annex F on references to assurance opinions and the use of marks, and Annex G on examples of reports of factual findings (AUP reports).

6.2.1 An assurance opinion is the deliverable when all validation/verification process steps are completed. The assurance opinion shall be based on validation activities or verification activities, or a mixture of validation and verification activities (i.e. a mixed engagement).

6.2.2 Subject to the validation/verification programme, assurance opinions shall be provided on the basis of a level of assurance (often referred to as a “reasonable level of assurance” or “limited level of assurance”). Assurance opinions may provide different types of conclusions, unmodified (confirmed) or modified as adverse or disclaimed (not confirmed), see Annex E.

6.3.1 A mixed engagement combines validation and verification activities under a single engagement agreement.

NOTE Mixed engagement occur when the declared sustainability information includes quantitative and qualitative information derived from both historical information and from information based on projections about the future. Mixed engagements can also encompass validation and verification activities specified in agreed-upon procedures (AUP). The process for validation activities in mixed engagements can be ISO 14019-3 (intended to be developed at the time of publishing this document), and the process for the verification activities in mixed engagements can be ISO 14019-2.

6.3.2 When a mixed engagement is undertaken, the following shall apply:

a) the strategic analysis and evidence gathering plan clearly separate the elements of the declared sustainability information associated with validation and verification;

b) the risk assessment clearly separates the elements of the declared sustainability information covered by the risk assessment;

c) the resulting assurance opinion and non-assurance deliverable explicitly states:

i. that a mixed engagement was undertaken;

ii. the separate elements of the declared sustainability information are the subject of the assurance opinion and what elements are the subject of the non-assurance deliverable;

iii. what element of the declared sustainability information was subjected to validation activities and what to verification activities;

iv. the conclusion related to the validation activities is separate from the conclusion related to the verification activities.

NOTE Subject to the relevant validation/verification programme, declared sustainability information that includes information about the future which is based primarily on only historical data may not require validation activities to be undertaken.

If not otherwise specified in the validation/verification programme, the validation/verification body and its client shall agree on the process used to establish the deliverable and its format. This shall include, but is not limited to, the following:

a) the type and format of the deliverable;

b) the validation/verification process;

c) how nonconformities with specified requirements and criteria are to be managed during the validation or verification;

d) the extent to which the client may suggest corrections or modifications to the draft deliverable before finalisation and how this is to be managed;

e) the reference made to the deliverable and the use and distribution by the client;

f) how facts that are discovered after the deliverable is issued are to be managed.

7.1.1 The validation/verification body shall operate validation/verification programmes that are consistent with the requirements of ISO/IEC 17029 and do not exclude any of the requirements in that document.

7.1.2 The validation/verification body should evaluate the suitability of validation/verification programmes by considering whether they include the following elements:

a) description of the declared sustainability information which is to be confirmed through validation or verification (see 7.2);

b) identification of the applicable specified requirements and criteria against which the declared sustainability information is to be validated/verified (see 7.3);

c) identification of the applicable specified requirements and criteria, principles and preconditions to be used by the validator/verifier for planning and gathering evidence (see 7.4);

d) identification of the applicable specified requirements and criteria and rules for the decision to be used by the validator/verifier for confirming the assessed declared sustainability information to be plausible (validation) or truthful (verification) (see 7.4);

e) specification of the methodology for the validation/verification activities including the appropriate competence (see 7.5);

f) specification of the type of deliverable as the outcome of the validation/verification (see 7.6).

NOTE Further information of the elements that can be included in a validation/verification programme are described in ISO/IEC 17029:2019, Annex A. It relates to specifics or details where the applicable standard for the validation/verification body provides only generic or minimum requirements.

7.1.3 After evaluating the suitability of a validation/ verification programme, validation/verification bodies should decide whether to proceed with validation or verification activities.

The validation/verification body shall ensure that the declared sustainability information to be validated/verified is clearly described in terms of:

a) identification for the scope of validation/verification;

b) the information covered (e.g. representing a situation at a point in time or covering a period of time, stating facts and observations relating to sustainability, or including information on impacts);

c) its nature (e.g. being qualitative or quantitative sustainability information);

d) the applicable boundaries (e.g. temporal, geographic, physical, economic, demographic, social boundaries);

e) the format and media in which the declared sustainability information is to be provided (e.g. report, statement, declaration, plan, consolidated data);

f) any consultation process performed by the responsible party;

NOTE See the principle associated with intended users, interested parties and consultation in Annex B.

g) the intended users and their purpose, including if any intended user is representing interested parties;

h) what, if any, declared sustainability information is to be disclosed and if any additional information will be included in disclosed sustainability information.

7.3.1 The validation/verification body shall ensure that the specified requirements and criteria against which the declared sustainability information is to be validated/verified are identified in terms of:

a) intended users and their purpose and whether any intended users represent interested parties;

b) sustainability impacts and dependencies;

c) declared sustainability information;

d) whether the declared sustainability information is to be disclosed in full or part;

e) whether any additional sustainability information will form part of disclosed sustainability information;

f) the responsible party’s relevance determination process;

g) any preconditions; and

h) reference to relevant regulations, standards, specifications, and other normative documents.

7.3.2 The validation/verification body shall clarify whether the responsible party has made available to intended users the specified requirements and criteria. Specified requirements and criteria can be made available to the intended users in one or more of the following ways:

a) publicly;

b) through inclusion in a clear manner in the presentation of the sustainability information;

c) through inclusion in a clear manner in the assurance opinion.

7.3.3 As part of the pre-engagement, the validation/verification body shall determine whether the specified requirements and criteria are suitable to be used as the basis for the validation/verification activity.

7.4.1 At the process step of engagement, the validation/verification body shall agree with the client the scope of validation/verification, and the specified requirements and criteria.

7.4.2 The validation/verification body shall ensure that the applicable specified requirements and criteria and principles for the validation/verification activities are identified and suitable in terms of:

a) preconditions regarding the suitability of criteria (i.e. relevance, completeness, reliability, neutrality, understandability);

b) application to the agreed scope of validation/verification;

c) selecting competent personnel and appropriate resources for the validation/verification;

d) planning, evidence gathering, review and decision;

e) issuing the assurance opinion, including specifics (e.g. defined level of assurance, conditions for modifications, disclaimer for reference to the assurance opinion, use of marks associated with the issued assurance opinion).

In addition to the description of the declared sustainability information to be validated/verified (see 7.2) and the specified requirements and criteria that apply to the declared sustainability information (see 7.3) and rules and procedures that apply to the validation/verification activities (see 7.4), the validation/verification body shall identify the applicable methodology provided by the validation/verification programme for performing validation/verification activities, including:

a) rules and procedures for the process steps to be completed, such as pre-engagement, engagement, planning, execution, review, decisions on nonconformities or facts discovered after issue of the assurance opinion;

b) evidence gathering activities, including on-site or remote activities and use of remote methods such as drone surveys;

c) the type of deliverable as an output of the validation/verification process, such as an issued assurance opinion or report;

d) specific competence criteria for the validation/verification team (including technical experts) and independent reviewers in accordance with ISO 14019-4 Annex A, and taking into account the associated principles (see ISO 14019-4 clause 4); and

e) requirements for the validation/verification body, e.g. governance, accreditation or designation by public authorities.

7.6.1 The validation/verification body shall ensure that the type of outcome and deliverable (see Clause 6) is specified by the applicable validation/verification programme and agreed with the client at the pre-engagement step of the validation/verification process.

NOTE The result of the evaluation of an underlying subject matter is the information that results from applying the specified requirements and criteria to the declared sustainability information. This can result in different types of outcomes.

7.6.2 Specification of the validation/verification output relates to the type of deliverable (see Clause 6) as well as to the intended users as chosen by the responsible party and by the person or organization requesting validation/verification (i.e. the client).

8.1 Validation of declared sustainability information shall be undertaken by a validation body that uses ISO 14019-3 (intended to be developed at the time of publishing this document) and conforms with ISO 14019-4.

8.2 Verification of sustainability information shall be undertaken by a verification body that uses ISO 14019-2 and conforms with ISO 14019-4.

8.3 A mixed engagement is an engagement agreement combining verification and validation activities performed at the same time and on the same declared sustainability information.

1. 
   (informative)
   
   Terminology comparison between conformity assessment (ISO) and assurance (ISSA 5000)

A.1 Table A.1 provides a comparison of the terms used in the ISO/IEC standards on conformity assessment (including ISO/IEC 17029), ISSA 5000 and the within the ISO 14019 series of standards. This comparison is:

a) based on the terms as stated at the time that Table A.1 was created, and it is expected the terms and their definitions will change over time; and

b) an approximate comparison of similar terms only, and does not indicate that the terms or their definitions are identical, synonymise or equivalent.

NOTE Caution needs to be taken in comparing the terms included in the table, and the user should obtain the latest copies of the originating documents and make their own comparisons based on expert advice.

Table A.1 — Comparison of terms

1. 
   (informative)
   
   Intended users and interested parties
   1. General

B.1.1 Intended users are central to the application of ISO 14019 as they comprise the audience for which declared sustainability information is prepared based on the responsible party’s determination of how the intended users as selected will use declared sustainability information to make decisions for their stated purpose.

B.1.2 The aim of validation/verification is to give confidence to intended users that declared sustainability information fulfils specified requirements and criteria as agreed with the client.

B.1.3 Validators and verifiers take account of the needs of intended users when performing their work. They may consult with intended users (including intended users selected by the responsible party to represent and interested parties) on the responsible party’s relevance determination process, specified requirements and criteria, materiality and levels of assurance, and the preferred format of deliverables. Declared sustainability information is transparent and accessible to intended users.

• 1. Responsibilities

B.2.1 Based upon the application of a relevance determination process (see 3.1.6), responsible parties identify intended users, the purpose(s) they have for declared sustainability information and the types of decisions they would make for specific purposes after learning declared sustainability information (see 3.1.4). They may additionally identify interested parties who are not intended users of declared sustainability information but who are likely to have an interest in learning about it and appoint an intended user to represent these interested parties.

B.2.2 Validators and verifiers are responsible for understanding who the intended users are and the kinds of decisions they are likely to make for their specific purposes. Validators and verifiers should be knowledgeable about specified requirements and criteria against which declared sustainability information is validated or verified (see 7.3.1). Validators and verifiers should also ensure that specified requirements and criteria are made available to intended users (see 7.3.2). Figure B.1 describes the relationships that exist among the responsible party, the validator or verifier, and intended users.

Figure B.1 — Three-party assurance relationship

• 1. Legal considerations

B.3.1 In many jurisdictions validators and verifiers have legal liability under the law to their clients, to third parties, and to government entities with respect to the work that they perform. A client may sue a validator or verifier for not discovering a material fraud during an audit. A third party may sue the validator or verifier for not discovering that declared sustainability information was materially misstated. Finally, regulatory bodies may hold validators or verifiers legally responsible for not fulfilling the requirements of laws or regulations relating to the auditing of declared sustainability information.

B.3.2 The extent of legal liability of a validator or verifier may be limited by terms stipulated in the engagement agreement with the client. Third parties who are not parties to the engagement agreement normally have a more limited ability to seek redress against a validator or verifier when they claim to have suffered harm as a result of relying on issued validation or verification opinions.

B.3.3 The validation/verification bodies may differentiate between foreseen users and foreseeable users of assurance opinions. Foreseeable users comprise an unlimited class of users whom validators or verifiers can reasonably foresee as likely users of their assurance opinions. In contrast, foreseen users are more limited in number and comprise those whom the validator or verifier expects will rely on issued assurance opinions. This document uses the term “intended user” (see 3.2.4) in the more limited sense of a “foreseen user”.

• 1. Types of intended users

While the determination of intended users is first and foremost a responsibility of the responsible party, validators and verifiers should be aware of the kinds of groups that may be included as intended users for declared sustainability information. Examples of intender users include:

a) investors, owners and shareholders;

b) customers, user, consumers and clients;

c) personnel and potential personnel;

d) governments, public authorities and regulatory bodies;

e) communities, societies and environment;

f) business partners, suppliers and competitors;

g) communities and nongovernmental organizations;

h) academics and researchers;

i) media.

• 1. Types of information that can affect intended users’ decisions

Validators and verifiers should develop an understanding of the types of information that can affect the decisions of intended users. Examples of types of information include:

a) performance data on how sustainability initiatives impact financial returns;

b) risk assessments related to environmental, social, and governance (ESG) factors;

c) adaptation and resilience planning and implementation;

d) information on ethical practices and compliance with sustainability standards in governance, operations, and dealing with suppliers and customers;

e) internal sustainability policies;

f) planned actions to achieve employee well-being, diversity, inclusion and equal opportunity;

g) compliance information on organizational (e.g. corporate) responsibility, environmental, social and governance regulations;

h) transparency related to the sustainability reporting standards and frameworks used by the responsible party to prepare its declared sustainability information;

i) sustainable procurement criteria and policies;

j) expectations and requirements for suppliers in terms of sustainability performance;

k) impact assessments of the responsible party’s activities on local communities, society, and the environment;

l) strategies for engagement with local communities; and

m) responsiveness to concerns raised by interested parties.

• 1. Interested parties

Interested parties may include:

a) persons impacted by the decisions of intended users based on the sustainability information;

b) advocates for the well-being of people, value chains, natural systems, ecosystems and species impacted by the decisions of intended users based on declared sustainability information;

c) future generations and their expectations for access to resources to meet their needs.

• 1. Determining what sustainability information to be disclosed

Interested parties (see 3.2.5) are identified by the responsible party (see 3.2.3) when determining who in addition to intended users the declared sustainability information is for. The responsible party makes available to the validator or verifier what elements of the declared sustainability information are to be disclosed and explains the rationale for disclosure and whether sustainability information not included in the declared sustainability information is to be disclosed (see also Annex C, subclause C.7).

1. 
   (informative)
   
   Declared sustainability information
   1. Principles associated with declared sustainability information
      1. Meaningful, relevant and credible

The usefulness and effectiveness of declared sustainability information depends upon the extent to which it conveys meaningful, relevant and credible information about sustainability matters. Declared sustainability information is to be truthful, plausible, accurate and not misleading.

• • 1. Systems thinking

C.1.2.1 Declared sustainability information is framed in the context of systems thinking covering the organization, its impacts and dependencies, and value chain.

C.1.2.2 System thinking allows:

a) declared sustainability information to be relevant to the intended users and their purpose; and

b) ensure that the relevance determination process has identified the appropriate and pertinent characteristics and principles to be used as the basis for determining the declared sustainability information based on its relevance to the intended users.

• • 1. Intended users, interested parties and consultation

C.1.3.1 In order to:

a) address the risk that the purpose of the intended users selected by the responsible party would result in negative sustainability impacts on interested parties (concerned about the programme or the specific declared sustainability information); and

b) to reflect the public interest;

one or more of the intended users should act in the interests of all those experience negative consequences of decisions made based on the declared sustainability information.

C.1.3.2 The engagement agreement identifies the validation/verification programme and determines the extent to which consultation is undertaken with intended users and interested parties. When consultation is undertaken, reasonable effort is made to achieve a consensus throughout the process.

NOTE “Consultation” does not necessarily imply a public consultation.

C.1.3.3 To encourage acceptance and support for the validation/verification programme related to the declared sustainability information it is important to gain “buy-in” from intended users and interested parties. This can be achieved by the validation/verification programme through identification and consultation with those parties on the selection of:

a) relevance determination criteria and process;

b) typical outcome of relevance determination process in terms of the declared sustainability information;

c) specified requirements and criteria applicable to the declared sustainability information;

a) materiality and levels of assurance;

b) preferred format of the declared sustainability information;

c) deliverable as outcome of the validation/verification being public or private.

• • 1. Transparency

C.1.4.1 Declared sustainable information is transparent for the applicable intended users.

C.1.4.2 Intended users as selected by the responsible party have transparency so they understand the underlying principles, assumptions and boundary conditions, relevance determination process associated with the declared sustainability information and in the validation/verification programme.

C.1.4.3 Transparency is sufficient and comprehensible to allow intended users as selected by the responsible party to:

a) evaluate and potentially compare declared sustainability information in relation to its coverage, level of detail, scientific validity and acceptance, and for use in performance monitoring and ranking amongst organizations, products and value chains;

b) determine whether the assurance opinion is self-declared or has been issued by a second or third party;

c) determine whether the declared sustainability information is consistent with specified requirements and criteria stated in the engagement agreement and validation/verification programme.

• • 1. Confidentiality

The responsible party that provides the declared sustainability information upholds the ownership and confidentiality of proprietary data and information, including the level of transparency to protect confidential business information, intellectual property rights or other legal obligations.

• 1. Sustainability information

C.2.1 Sustainability information is a generic concept that encompasses all the information that relates to sustainability matters applicable to the responsible party and, where the client is not the responsible party, to the client.

C.2.2 Sustainability information can be described in many ways and can be, but is not limited to:

a) quantitative or qualitative information;

b) defined units of measurement (metrics);

c) performance indicators;

d) statements on what an organization is doing with data points;

e) statements on what an organisation is doing without data points;

f) statements on aims in a specific sustainability matter with data points;

g) statements on aims in a specific sustainability matter without data points;

h) narrative reports and commentaries;

i) formal disclosures or declarations; etc.

C.2.3 Sustainability information can be aggregated and categorised.

• 1. Impact and dependencies

The responsible party uses sustainability information to identify:

a) impacts and dependencies in terms of:

i. effects on sustainability matters that are caused by the responsible party;

NOTE For example pollution caused by the responsible party (i.e. an outbound impact) or the responsible party’s management of its efficient use of energy (i.e. an internal impact);

ii. effects on sustainability matters of the responsible party that are caused by external sources;

NOTE For example the effect of climate change on the responsible party (i.e. an inbound impact).

and

b) the responsible party’s effectiveness in increasing positive impacts, and reducing negative impacts and dependencies, at a rate that is commensurate with intended users’ expectations and global needs.

NOTE 1 Dependencies relate to the organization’s access to necessary resources (such as water, energy, land, raw or processed materials), sufficient numbers of competent human resources, required technologies, etc.

NOTE 2 Information on the responsible party’s effectiveness is information on the trade-offs made in their decisions between impacts and dependencies and requires the quantification of those trade-offs using a common unit.

• 1. Intended user determination

The responsible party determines which are the intended users, their purpose and their planned decisions based on the declared sustainability information taking into account:

a) inputs such as:

i. the planned communication of the declared sustainability information (public, private, limited to certain intended users, internal);

ii. impact and dependencies of the responsible party organisation;

b) what criteria are to be used to select the intended users and process for determining their purpose and decisions;

c) decisions on whether the intended users include interested parties and if so, which interested parties are represented; and

d) processes to include that the outcome is documented and that the results can be reproduced.

NOTE See also Annex B on intended users.

• 1. Relevance determination process

The responsible party’s relevance determination process includes consideration of:

a) inputs such as:

i. sustainability matters, impacts and dependencies;

ii. intended users’ purpose and their purpose;

iii. interested parties as identified by the responsible party;

b) what criteria to be used to define relevance; and

c) ensuring the processes and outcome are documented and the results can be reproduced.

• 1. Declared sustainability information

C.6.1 Based on the outcome of C.2 – C.5 the responsible party collates, reviews and finalises the declared sustainability information ready for communication to intended users.

C.6.2 The client is the entity that requests validation/verification for the declared sustainability information.

C.6.3 The responsible party determines if the declared sustainability information is to be disclosed to another party that are not the intended users. If so, the responsible party determines who that other party is.

C.6.4 The responsible party determines if the declared sustainability information is to be disclosed and if so, what elements of the declared sustainability information are to be disclosed. The rationale for the determination is available to the validators and verifiers.

NOTE All declared sustainability information can be disclosed or just some of it.

C.6.5 Declared sustainability information can be:

a) qualitative or quantitative or both;

b) based on historical data and information; or on assumptions, estimates and projections of future outcomes; or a mixture of both (in the case of the latter, a mixed engagement can be appropriate);

c) represented by different forms (written material only or only graphs, or only photos, or only videos or only audio or a mixture of media);

d) in one language or in more than one language;

e) comprised of different formats or outputs such as: printed material, websites, webtools, PDF report, etc;

f) disclosed in full, in part, or not at all;

g) envisioned for specific intended users (which could be a small or larger group) or disclosed to specific interested parties or to internal users.

• 1. Disclosed sustainability information

C.7.1 In accordance with the definition 3.1.5, disclosed information is sustainability information that is made available to parties external to the responsible party.

C.7.2 Disclosed sustainability information can be, in full or in part, or not at all, declared sustainability information.

C.7.3 When providing disclosed sustainability information, the responsible party is expected to ensure that it clearly identifies and distinguishes between any elements of the disclosed sustainability information that is also declared sustainability information and may be the subject of validation/verification activities, including any resulting assurance opinion. From that part of the disclosed sustainability information which is not the subject of validation/verification activities, including any resulting assurance opinion.

C.7.4 Figure C.1 illustrates the possible intersections between disclosed sustainability information and declared sustainability information.

Figure C.1 — Possible intersections between declared sustainability information and disclosed sustainability information

1. 
   (informative)
   
   Deliverables from validation and verification activities
   1. General

D.1.1 The process to deliver assurance opinions is different from that of non-assurance deliverables.

D.1.2 Issue of an assurance opinion requires the completion of all steps of the validation/verification process, including review and decision.

D.1.3 The process for non-assurance deliverables includes as a minimum the pre-engagement, engagement, planning and execution steps of the validation/verification process.

D.1.4 Results from execution activities of the validation/verification process can be issued as non-assurance deliverables. The validation/verification body ensures that the included activities (e.g. specific execution activities or review activities of the evidence and findings) are part of the engagement agreement.

D.1.5 Table 1 indicates the correspondence of possible deliverables to the validation/verification process.

Table D.1 — Completed validation/verification process steps and types of deliverable

D.1.6 The process of agreed-upon procedures (3.3.25) allows for validation/verification activities that report on results of evidence gathering activities, including review in a non-assurance deliverable.

D.1.7 For non-assurance deliverables, specific rules apply to the client for making reference to and making use of the deliverable (e.g. regarding responsibility for the specified requirements and criteria related to the purpose of the deliverables and disclosure including public disclosure). These rules are specified in the deliverable and in the engagement agreement with the client.

• 1. Agreed-upon procedures

D.2.1 Agreed-upon procedures (AUP) is an engagement agreement used when the client does not require assurance on the declared sustainability information but requires a validator/verifier to test specific aspects using verification techniques. Validation/verification activities using AUP may be more or less extensive than validation/verification activities that result in assurance opinions. AUP are determined by the client. However, the validator/verifier may provide advice on the ability to effectively perform the procedures. The AUP need to be documented and agreed to.

D.2.2 The validator/verifier provides in a report only the results of the AUP and no assurance opinion. The client evaluates the report and draws its own conclusions. The report contains the AUP and the results, including the errors and exceptions identified, even if rectified.

NOTE Agreed-upon procedures are described in ISAE 4400^[51].

• 1. Report

D.3.1 A report as a non-assurance deliverable includes as a minimum, the results from the process steps pre-engagement, engagement, planning and execution and should identify the activities covered. It can identify nonconformities without any further action by the responsible party. This information is reported to the client without providing an assurance opinion being provided.

NOTE Terms for the issued deliverable are, for instance, “evidence report”.

D.3.2 Where the report includes results of review activities, it is based on the completed evidence gathering plan and satisfactory management of any nonconformities. The results are then reviewed and specific findings are identified and reported to the client.

NOTE Terms for the issued deliverable are, for instance, “findings report”.

1. 
   (informative)
   
   Assurance and types of assurance opinions
   1. General

E.1.1 Assurance is used to describe confidence in a conclusion based on sufficient appropriate evidence, including the outcome of measurement or evaluation of the declared sustainability information against specified requirements and criteria, and that there are no material errors, omissions or misrepresentations.

E.1.2 The degree of confidence can be described as distinct level of assurance (e.g., reasonable, limited) (see E.3)

E.1.3 The intended level of assurance governs the depth of detail that is designed into the evidence gathering plan and applied during execution of the validation/verification.

• 1. Assurance of declared sustainability information

E.2.1 Providing assurance on declared sustainability information by validation/verification can be related to the functional approach to conformity assessment. According to ISO/IEC 17000, the process is divided into functions, which can be applied to declared sustainability information as follows:

a) Selection relates to the planning and preparation activities in order to collect or produce all the information and input needed for the subsequent determination function. Selection activities include consideration of the specified requirements and criteria and choice of the most appropriate validation/verification activities and can vary widely in number and complexity.

NOTE The “selection” function of validation/verification comprises the process steps pre-engagement, engagement, and planning (see ISO/IEC 17029:2019, Annex B).

b) Determination activities aim at gathering evidence in order to develop complete information regarding the declared sustainability information fulfilling the specified requirements and criteria and meeting the applicable preconditions.

NOTE The “determination” function of validation/verification comprises the process step execution based on the process steps s pre-engagement, engagement, planning (see ISO/IEC 17029:2019, Annex B).

c) Review refers to the consideration of the suitability, adequacy, and effectiveness of selection and determination activities – and the gathered evidence as results of these activities – with regard to fulfilment of specified requirements and criteria by the declared sustainability information. The review constitutes the final stage of checking before taking the decision.

d) Decision is the conclusion, based on the results of a review, that fulfilment of specified requirements and criteria has or has not been demonstrated including that applicable preconditions have been met.

e) Attestation is the issuance of an assurance opinion, based on a decision that fulfilment of specified requirements and criteria has been demonstrated including that applicable preconditions are met. The scope of an assurance opinion specifies the range or characteristics of declared sustainability information covered by attestation.

E.2.2 The assurance opinion is the result of a full conformity assessment. However, the execution of validation/verification processes can end at each of the defined conformity assessment functions. i.e. at the end of the conformity assessment function ‘determination’ an evidence report may be issued without any assurance opinion being given; or at the end of the conformity assessment function ‘review’; a findings report may be issued without any assurance opinion being given. These non-assurance deliverables, include AUP reports, are described in Annex D.

• 1. Levels of assurance

E.3.1 The level of assurance is used to describe the degree of confidence in the validated/verified declared sustainability information relating to the objectives and scope of the validation/verification, the specified requirements and criteria, and the executed validation/verification activities (e.g. depending on the process followed, the time spent or the resources available).

E.3.2 The engagement agreement identifies the level of assurance (e.g. reasonable or limited) and the conditions to achieve it. The level of assurance, where applicable, is specified in the engagement agreement in relation to the specified requirements and criteria for the declared sustainability information and for the conduct of the validation/verification.

E.3.3 Irrespective of the level of assurance agreed upon, the engagement agreement identifies the level of uncertainty, which is acceptable in the declared sustainability information. This depends on the risk tolerance of the intended users and, if applicable, those expected to experience impacts if one of the intended users is acting in their interests.

• 1. Types of assurance opinion
     1. General

The term assurance statement encompasses:

a) assurance information; and

b) assurance opinion.

NOTE 1 See ISO 14019-2 clause 10 for more detail in relation to verification.

NOTE 2 In case of a mixed engagement, the body can issue more than one assurance opinion or issue assurance opinion(s) and a report of factual findings.

NOTE 3 Subclause E.4.2 – E.4.10 pertain solely to types of assurance opinion.0

• • 1. Context

Assurance opinion covers the following:

a) limitation (see clause 3.3.17 for scope limitation and ISO 14019-2 clause 6 and clause 10);

b) any nonconformity with specified requirements and criteria of the agreed validation/verification programme;

c) in addition, for verification, individual or aggregated material misstatements (see 3.3.12) in the declared sustainability information (see 3.1.4);

d) in addition, for validation, individual or aggregated material misstatements (see 3.3.12) in the reasonableness of the assumptions, limitations and methods that support the declared sustainability information (see 3.1.4).

NOTE 1 Limitations on the validation/verification process are only acceptable when such limitations do not impact the validation/verification body's ability to reach an overall conclusion. Such limitations are noted under key matters (see E.4.5). In some cases, such limitations may necessitate the body withdrawing from the validation/verification when allowed for in the engagement agreement or issue a disclaimer of opinion.

NOTE 2 Validation opinion relates to material misstatements in, and reasonableness of, the assumptions, limitations and methods that support the declared sustainability information (future looking) and/or any scope limitations that impact the professional judgement of the validator regarding material misstatements in, and reasonableness of, the assumptions, limitations and methods or conformity with specified requirements and criteria.

NOTE 3 In the case of validation there can be one or more misstatements in the assumptions, limitations and methods that supports the declared sustainability information which may or may not impact the professional judgement of the validator as to whether the assumptions, limitations and methods that support the declared sustainability information is free from material misstatements. See clause E.4.9 for examples related to validation.

NOTE 4 Verification opinion relates to material misstatements in the declared sustainability information (historical) and/or any scope limitations that impact the professional judgement of the verifier regarding material misstatements or conformity with specified requirements and criteria.

NOTE 5 In the case of verification declared sustainability information can be thought of as the aggregation of sustainability information.

NOTE 6 In the case of verification there can be one or more misstatements in the sustainability information which may or may not impact the professional judgement of the verifier as to whether the declared sustainability information is free from individual material misstatements. See clause E.4.10 for examples related to verification.

• • 1. Opinion – limitations and types

E.4.3.1 A verification opinion, in relation to material misstatements and/or limitations, is based on the declared sustainability information, the agreed assurance scope, objective, specified requirements and criteria in the agreed verification programme; intended users and their purpose; the outcome of evidence gathering and the professional judgement of the verifier.

E.4.3.2 A validation opinion, in relation to material misstatements and reasonableness of assumptions, limitations and methods that support the declared sustainability information and/or limitations, is based on the assumptions, limitations and methods in the declared sustainability information, the agreed assurance scope, objective, specified requirements and criteria in the agreed validation programme; intended users and their purpose; the outcome of evidence gathering and the professional judgement of the validator.

E.4.3.3 Opinions are labelled as:

a) unmodified opinion – in cases where there are no individual material misstatements and no limitations in the declared sustainability information; or

b) modified opinion – in cases where there are individual material misstatements and/or limitations in the declared sustainability information.

E.4.3.4 The types of modified opinion relate to the following questions and consequences.

a) In the case of verification:

i. Are there any individual material misstatements in the declared sustainability information? If yes, this results in an adverse opinion; and

ii. Are there any scope or other limitations that has significantly affected the outcome of the verification? If yes, this results in a disclaimer of opinion.

b) In the case of validation:

i. Are there any individual material misstatements in the assumptions, limitations and methods that support the declared sustainability information or are the assumptions, limitations and methods not reasonable? If yes, this results in an adverse opinion; and

ii. Are there any scope or other limitations that has significantly affected the outcome of the validation / verification? If so, this results in a disclaimer of opinion.

NOTE The language above is intended to provide clarity for intended users and interested parties about what the opinion relates to (i.e. individual material misstatement and/or limitations).

Table E.1 — Misstatement, individual material misstatement and limitation linked to opinion language

• • 1. Modified assurance opinion related to individual material misstatement and/or limitations

E.4.4.1 A modified assurance opinion is issued when in the validators’/verifiers’ professional judgement:

a) limitation exists and the effect on the declared sustainability information (verification) or the assumptions, limitations and methods that supports the declared sustainability information (validation) could be material; in such cases, the validator/verifier issues a disclaimer of opinion; or

b) declared sustainability information (verification) is materially misstated; in such cases the verifier issues an adverse opinion; or

c) assumptions, limitations and methods that support the declared sustainability information (validation) related to future activities is materially misstated and not reasonable; in such cases the validator issues an adverse opinion.

E.4.4.2 The validator/verifier includes in the opinion, as applicable, a clear description of the limitation and/or the sustainability information and/or assumptions, limitations and methods in the declared sustainability information that causes that the individual material misstatement(s) or limitations.

• • 1. Amplification for the intended users

There are three types of amplifications as follows:

a) Emphasis of matters draws the intended users’ attention to elements of the declared sustainability information that, in the verifiers’ professional judgment, is of such importance that it is fundamental to intended users’ understanding of the declared sustainability information; or draw intended users’ attention to assumptions, limitations and methods in the declared sustainability information that, in the validators’ professional judgment, is of such importance that it is fundamental to intended users’ understanding of the declared sustainability information. There are no individual material misstatement in the declared sustainability information in this case.

b) Key matters highlights elements not included in the declared sustainability information, that in the verifiers’ professional judgment, is relevant to intended users’ understanding of the engagement, the verifier’s responsibilities or the assurance opinion; or assumptions, limitations and methods which is not included in the declared sustainability information that, in the validators’ professional judgment, is relevant to intended users’ understanding of the execution, the validator’ responsibilities or the assurance opinion. In these cases, the lack does not result in individual material misstatement in the declared sustainability information.

NOTE Key matters include the lack of representation from interested parties.

c) Findings stating the lack in the declared sustainability information (verification) or assumptions, limitations or methods (validation) that results in potential material misstatement in the declared sustainability information or potential for the intended user’s decision to be influenced by the lack in the declared sustainability information.

• • 1. Opinion when changes have been made to the declared sustainability information to state that there are material misstatements

In cases where the responsible party adds a statement to the declared sustainability information to identify and describe that the declared sustainability information is materially misstated (verification) or that assumptions, limitations and methods that supports the declared sustainability information are materially misstated and/or not reasonable (validation), the validator/verifier expresses an adverse opinion in terms of the underlying sustainability information (verification) or the underlying assumptions, limitations and methods (validation) and the specified requirements and criteria.

• • 1. Quantitative and qualitative information

The term misstatements as defined (see 3.3.11) includes both quantitative and qualitative information. Clause 5.2, Annexes B and C deal with the process for evaluating misstatements and material misstatements for quantitative and qualitative information both of which require professional judgement.

• • 1. Misstatements – how may they be considered

Table E.2 — examples of misstatements, individual material misstatement and pervasive misstatements

• • 1. Validation - examples of misstatement in underlying assumptions, limitations and methods supporting the declared sustainability information or limitations that may or may not result in an adverse opinion or disclaimer of opinion

The following are examples and intended to facilitate understanding of the challenge and professional judgement that a validator needs to make to determine if there are individual material misstatements in the assumptions, limitations or methods that supports the declared sustainability information or limitations in the execution. These are examples and do not provide the full context which may well impact the opinion that a validator reaches.

• • 1. Verification - examples of misstatement in underlying sustainability information or limitations that may or may not result in an adverse opinion or disclaimer of opinion

The following are examples. There are intended to facilitate understanding of the challenge and professional judgement a verifier needs, to determine if there are individual material misstatements in declared sustainability information or limitations in the execution. These are examples and do not provide the full context which may well impact the opinion a verifier reaches.

1. 
   (informative)
   
   Reference to assurance opinions and use of marks
   1. General

Validation/verification of declared sustainability information can result in responsible parties making reference to the findings, conclusions, reports and assurance opinions issued by validation/verification bodies. Validation/verification bodies have the responsibility (see ISO/IEC 17029:2019, 10.3) to establish rules governing references made by responsible parties to validation/verification and governing the use of marks.

• 1. References to assurance opinions
     1. General

In its rules, the body should distinguish between “short-form” and “long-form” references to validated or verified declared sustainability information. The body should require that any use of a short-form reference include or make reference to a long-form reference.

NOTE “Include” means that the long-form reference is provided in proximity to the short-form reference in the same medium. “Make reference to” means that a reference to the location of the long-form reference in another medium (e.g. website) is provided in proximity to the short-form reference.

Acceptable references for validated or verified declared sustainability information are provided in Table F.1.

Table F.1 — Acceptable references for validated or verified declared sustainability information

• • 1. References to verification on product statements based on life cycle assessment of products

Verification bodies should apply separate rules for references to mixed engagement of verification and AUP for declared sustainability information that are based on the life cycle assessment of products. References are provided in Table F.2.

Table F.2 — References to verification and AUP for declared sustainability information based on the life cycle assessment of products

• 1. Use of marks

The rules governing the use of marks should include the use of marks designed to ensure that the responsible party does not use the mark to imply that declared sustainability information not subject to validation or verification has been validated or verified. For example, use of a body’s mark may include affixing it in a responsible party’s sustainability information report next to a description of verified or validated sustainability information. It is not permitted to use the body’s mark on declared sustainability information which contain information that has not been validated or verified. Examples of the acceptable and unacceptable use of marks are illustrated in Table F.3.

Table F.3 — Examples of acceptable and unacceptable use of marks

1. 
   (informative)
   
   Examples of reports of factual findings (AUP reports)
   1. General

G.1.1 This annex provides examples of reports of factual findings that can be issued as the outcome of engagement agreement using agreed-upon procedures (AUP). Reports of factual findings are issued as the result of an AUP engagement agreement because issuing an opinion (and thereby providing assurance) is not an option with this type of agreement.

G.1.2 A report of factual findings should include the scope of the subject matter addressed by the procedures, the criteria used for performing them (e.g. ISO 14064-3:2019, Annex C), and the purpose and limitations associated with the agreed-upon verification activities. A report of factual findings should include a statement that the report is to be used solely by the intended users who have agreed upon the procedures.

G.1.3 The body should report all findings from the application of AUP.

G.1.4 The body should state in its report of factual findings that had it performed additional evidence-gathering procedures or performed a validation or verification of the sustainability information, other matters might have come to its attention that would have been reported.

G.1.5 Verifiers who use this agreement type should ensure that the elements given in Table G.1 are included in each report of factual findings.

Table G.1 — Example of an agreed-upon procedures report content

• 1. Example of a report of factual findings for a company destroying ozone-depleting substances

The intended user in this example is a company that sought a report on its performance with respect to the operating parameters described in the Code of Good Housekeeping approved by the Montreal Protocol for facilities destroying ozone-depleting substances (ODS).

Bibliography

[1] ISO 9001, Quality management systems — Requirements

[2] ISO 14001:2015, Environmental management systems — Requirements with guidance for use

[3] ISO 14016, Environmental management — Guidelines on the assurance of environmental reports

[4] ISO 14017:2022, Environmental management — Requirements with guidance for verification and validation of water statements

[5] ISO 14019:202x, Validation and verification of sustainability information

[6] ISO 14020:2022, Environmental statements and programmes for products — Principles and general requirements

[7] ISO 14026:2017, Environmental labels and declarations — Principles, requirements and guidelines for communication of footprint information

[8] ISO 14030‑1, Environmental performance evaluation — Green debt instruments — Part 1: Process for green bonds

[9] ISO 14030‑3, Environmental performance evaluation — Green debt instruments — Part 3: Taxonomy

[10] ISO 14030‑4:2021, Environmental performance evaluation — Green debt instruments — Part 4: Verification programme requirements

[11] ISO 14033, Environmental management — Quantitative sustainability information — Guidelines and examples

[12] ISO 14044, Environmental management — Life cycle assessment — Requirements and guidelines

[13] ISO 14046, Environmental management — Water footprint — Principles, requirements and guidelines

[14] ISO 14050, Environmental management — Vocabulary

[15] ISO 14064‑1, Greenhouse gases — Part 1: Specification with guidance at the organization level for quantification and reporting of greenhouse gas emissions and removals

[16] ISO 14064‑2, Greenhouse gases — Part 2: Specification with guidance at the project level for quantification, monitoring and reporting of greenhouse gas emission reductions or removal enhancements

[17] ISO 14046:2014, Environmental management — Water footprint — Principles, requirements and guidelines

[18] ISO 14064‑3:2019, Greenhouse gases — Part 3: Specification with guidance for the verification and validation of greenhouse gas statements

[19] ISO 14065:2020, General principles and requirements for bodies validating and verifying environmental information

[20] ISO 14066:2023, Environmental information — Competence requirements for teams validating and verifying environmental information

[21] ISO 14067:2018, Greenhouse gases — Carbon footprint of products — Requirements and guidelines for quantification

[22] ISO 15489‑1, Information and documentation — Records management — Part 1: Concepts and principles

[23] ISO 19011:2018, Guidelines for auditing management systems

[24] ISO/IEC 17000, Conformity assessment — Vocabulary and general principles

[25] ISO/IEC 17021‑1:2015, Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements

[26] ISO/IEC 17030, Conformity assessment — General requirements for third-party marks of conformity

[27] ISAE 3000, Assurance engagements other than audits or reviews of historical financial information

[28] UNEP. Handbook for the Montreal Protocol on Substances that Deplete the Ozone Layer. Seventh Edition. United Nations Environment Programme (UNEP), 2006

[29] International Standard on Sustainability Assurance (ISSA) 5000, General Requirements for Sustainability Assurance Engagements

[30] ISO 10987:2012, Earth-moving machinery — Sustainability — Terminology, sustainability factors and reporting

[31] ISO 13065:2015, Sustainability criteria for bioenergy

[32] ISO 15392:2019, Sustainability in buildings and civil engineering works — General principles

[33] ISO 17889‑1:2021, Ceramic tiling systems — Sustainability for ceramic tiles and installation materials — Part 1: Specification for ceramic tiles

[34] ISO 20400:2017, Sustainable procurement — Guidance

[35] ISO 20611:2018, Adventure tourism — Good practices for sustainability — Requirements and recommendations

[36] ISO 21401:2018, Tourism and related services — Sustainability management system for accommodation establishments — Requirements

[37] ISO 21930:2017, Sustainability in buildings and civil engineering works — Core rules for environmental product declarations of construction products and services

[38] ISO 26000, Guidance on social responsibility

[39] ISO 32210:2022, Sustainable finance — Guidance on the application of sustainability principles for organizations in the financial sector

[40] ISO 37109:2023, Sustainable cities and communities — Recommendations and requirements for project developers — Meeting ISO 37101 framework principles

[41] ISO 53001, Sustainable development goal management systems - Requirements

[42] ISO Guide 82:2019, Guidelines for addressing sustainability in standards

[43] ISO/AWI 37010, General Principles for ESG Disclosure

[44] ISO/AWI 7019‑1, Rare earth sustainability — Part 1: Mining, separation and processing

[45] ISO/AWI 9287, Lithium sustainability across the value chain: concentration, extraction, separation, conversion, recycling, & reuse

[46] ISO/DIS 37125, Sustainable cities and communities – Environmental, social, and governance (ESG) indicators for cities

[47] ISO/DIS 59014, Environmental management and circular economy — Sustainability and traceability of secondary materials recovery — Principles and requirements

[48] ISO/IEC AWI/TR 20226, Information technology — Artificial intelligence — Environmental sustainability aspects of AI systems

[49] ISO/PAS 50010:2023, Energy management and energy savings — Guidance for net zero energy in operations using an ISO 50001 energy management system

[50] IWA 19:2017 Guidance principles for the sustainable management of secondary metals

[51] ISRS 4400, Engagements to Perform Agreed-Upon Procedures Regarding Financial Information

[52] ISO 37000:2021, Governance and ethics

[53] ISO 37001:2016, Anti-bribery management systems-Requirements with guidance for use

[54] ISO/DIS 37003, Fraud Control Management Systems — Guidance for organizations managing the risk of fraud

[55] ISO 37005:2024, Governance of organizations — Developing indicators for effective governance

[56] ISO 37301:2021/Amd 1, Compliance management systems — Requirements with guidance for use — Amendment 1: Climate action changes

[57] ISO/CD 37303, Compliance management — Guidelines for competence management