← Back to Guides

Creating ESG Policy Documents Customers Expect

Creating ESG Policy Documents Customers Expect

The questionnaire asks: "Do you have an environmental policy?" You don't. Or you have something informal that's never been written down. Or there's a paragraph somewhere in an employee handbook from 2018.

Now you need to decide: create a policy, or answer "no" and accept the scoring penalty.

Policies matter in ESG assessments because they demonstrate systematic thinking. A company with documented policies has considered issues formally, committed to positions, and created accountability. This is different from—and scored higher than—ad hoc practices with no documented framework.

Here's what ESG policies actually need to contain and how to create credible documents without extensive resources.

What Makes a Policy Credible

Customers and assessment platforms evaluate policies on several criteria:

Scope and coverage. Does the policy address relevant topics comprehensively? An environmental policy should cover more than just recycling. A safety policy should address more than fire exits.

Specificity. Does it make concrete commitments? "We are committed to sustainability" means nothing. "We will track and reduce our energy consumption annually" means something.

Applicability. Is it appropriate for your company size and operations? A 30-person service company doesn't need the same policy as a 3,000-person manufacturer.

Currency. When was it last updated? Policies from 2017 suggest neglect. Policies reviewed annually demonstrate active management.

Authorization. Is it signed by leadership? This indicates organizational commitment, not just someone in a back office writing documents.

Implementation evidence. Does reality match the policy? Assessors may check. A policy claiming zero waste tolerance for safety violations is undermined by evidence of ignored incidents.

The Core Policies

Most ESG assessments ask about these policies. Prioritize creating them in this order:

1. Environmental Policy

What it should cover:

  • Commitment to environmental responsibility
  • Compliance with environmental regulations
  • Energy efficiency and emissions reduction
  • Waste minimization and recycling
  • Pollution prevention
  • Continuous improvement commitment
  • Employee responsibility and awareness
  • Review and update process

Example structure (1-2 pages): Introduction stating commitment → Scope (what operations/locations are covered) → Key commitments (3-5 specific bullet points) → Responsibilities (who oversees implementation) → Review cycle → Signature and date

What to avoid:

  • Generic statements without specifics
  • Commitments you can't actually keep
  • Industry jargon without explanation
  • Copying competitor policies verbatim

2. Health and Safety Policy

What it should cover:

  • Commitment to employee safety and wellbeing
  • Compliance with health and safety regulations
  • Risk assessment and hazard identification
  • Incident reporting and investigation
  • Training and competency requirements
  • Emergency preparedness
  • Continuous improvement
  • Management responsibility

Example structure: Leadership commitment statement → Legal framework reference → Key responsibilities (management, supervisors, employees) → Core practices (risk assessment, training, incident reporting) → Review cycle → Signature and date

3. Code of Conduct / Ethics Policy

What it should cover:

  • Ethical business behavior expectations
  • Anti-corruption and anti-bribery
  • Conflicts of interest
  • Fair dealing with customers, suppliers, competitors
  • Confidentiality and data protection
  • Reporting concerns (whistleblowing)
  • Consequences of violations

Example structure: Purpose and scope → Core values → Specific expectations by topic → Reporting mechanisms → Enforcement → Acknowledgment requirement → Signature and date

4. Supplier Code of Conduct

What it should cover:

  • Expectations for supplier behavior
  • Labor standards (wages, hours, child labor, forced labor)
  • Health and safety requirements
  • Environmental expectations
  • Business ethics and anti-corruption
  • Compliance with laws
  • Right to audit or assess
  • Consequences of non-compliance

Example structure: Introduction and applicability → Labor and human rights requirements → Environmental requirements → Ethics requirements → Compliance and monitoring → Signature/acknowledgment process

5. Anti-Corruption / Anti-Bribery Policy

What it should cover:

  • Zero tolerance for corruption and bribery
  • Definition of prohibited conduct
  • Gifts and hospitality guidelines
  • Political contributions
  • Facilitation payments
  • Third-party due diligence
  • Reporting and investigation
  • Consequences

Example structure: Policy statement → Definitions → Prohibited activities → Acceptable practices → Due diligence requirements → Reporting procedures → Consequences → Training requirement

Creating Policies Quickly

You don't need weeks to create credible policies. Here's a fast track:

Day 1: Outline and draft (2-3 hours per policy)

Use a simple template:

  1. Purpose: Why this policy exists (2-3 sentences)
  2. Scope: Who and what it covers (1 paragraph)
  3. Policy statements: 4-6 specific commitments (bullet points acceptable here)
  4. Responsibilities: Who does what (brief)
  5. Compliance and reporting: How violations are handled
  6. Review: When the policy will be reviewed
  7. Authorization: Signature block for leadership

Write in plain language. Avoid legal jargon unless you have legal review. Better to be clear and simple than complex and confusing.

Day 2: Review and refine (1-2 hours per policy)

Read your draft critically:

  • Would you know what to do based on this policy?
  • Are commitments realistic and achievable?
  • Does it reflect what you actually do or plan to do?
  • Is anything missing that customers obviously expect?

Get one other person to review for clarity.

Day 3: Authorize and finalize (1 hour total)

Add date and version number. Get leadership signature. Convert to PDF. Add to your policy library.

Three days of focused work can produce the core policies most questionnaires require.

What Policies Don't Require

Legal review: For basic operational policies in most jurisdictions, internal development is fine. If your policy creates legal obligations or liability concerns, consult legal—but most standard ESG policies don't need this.

Board approval: For SMEs without formal boards, leadership sign-off (owner, managing director, CEO) is sufficient.

External consultation: You don't need a consultant to write basic policies. Use publicly available examples as reference (many companies publish their policies), adapt to your situation.

Perfection: A good-enough policy that exists beats a perfect policy that never gets created. You can improve it next year.

Making Policies Real

A policy document alone is necessary but not sufficient. Assessors may ask:

How is this policy communicated? "All employees receive the policy during onboarding and it's posted on our internal system" is a credible answer.

How is compliance monitored? "Management reviews key metrics quarterly and investigates any reported concerns" demonstrates implementation.

When was it last reviewed? Include review dates on the document. Annual review is typical.

What training supports it? Basic awareness training—even informal—shows implementation.

The policy creates the framework. Evidence of implementation makes it credible.

Common Policy Mistakes

Copying generic templates without adaptation: Policies should reflect your actual operations. A manufacturing-focused environmental policy doesn't fit a consulting firm.

Making commitments you don't keep: If your policy says "all employees receive annual safety training" and they don't, you've created audit risk.

Forgetting to date and version: Undated policies look unprofessional. Version numbers show active management.

Creating policies for policies' sake: Don't create a "Biodiversity Policy" if biodiversity has nothing to do with your operations. Focus on policies relevant to your business.

Never updating: A 2019 policy reviewed in 2025 looks neglected. Build annual review into your calendar.

Policy vs. Practice

Sophisticated assessors distinguish between:

Policy only: Document exists, unclear if implemented. Scores some points but limited.

Policy + practice: Document exists and evidence shows implementation. Scores well.

Practice without policy: You do the right things but haven't documented them. Scores poorly because it's not verifiable.

The goal is policy + practice. Create documents that describe what you actually do (or commit to doing), then ensure you do it.

For areas where you have good practices but no policy, document what you're already doing. This is often faster than creating aspirational policies—you're writing down reality, not inventing commitments.

Need a system for this? ESG Passport lets you track ESG data year-round and respond to any questionnaire in hours — not weeks. Free ESG tracking for life. Pro turns your data into finished reports with 200+ automated answer templates.

Need to respond to an ESG questionnaire?

Upgrade to Pro€199/yearStart Free — Tracking For Life

Or try our free calculators