Back

Include environmental requirements in the analysis of the external environment.


CONTROL ID
12965
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Analyze the external environment in which the organization operates., CC ID: 12799

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization should consider the activities, business relationships, stakeholders, and sustainability context of all the entities it controls or has an interest in (e.g., subsidiaries, joint ventures, affiliates), including minority interests. (§ 1. Step 1. ¶ 2, GRI 3: Material Topics 2021)
  • Economic, environmental, human rights, and other societal challenges at local, regional, and global levels related to the organization's sectors and the geographic location of its activities and business relationships (e.g., climate change, lack of law enforcement, poverty, political conflict, water… (§ 1. Step 1. Sustainability context ¶ 1 Bullet 1, GRI 3: Material Topics 2021)
  • Analyze influencing factors in the external context including: - Industry forces - Market - Technology - Societal - Regulatory and legal - Geopolitical - Environmental - Third-party relationships - External opportunities and threats (as part of SWOT (OCEG GRC Capability Model, v. 3.0, L1.1 Analyze the External Context, OCEG GRC Capability Model, v 3.0)
  • ensuring the integration of the environmental management system requirements into the organization's business processes; (§ 5.1 ¶ 1 c), ISO 14001:2015 - Environmental management systems — Requirements with guidance for use, Third Edition)
  • While not defined as stakeholders, the natural environment and society as a whole should also be considered by the governing body in its decision-making because they affect or will be affected by the organization's activities. (§ 4.2.5 ¶ 2, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • legal, regulatory, natural environment, social and economic context; (§ 5 ¶ 5 Bullet 2, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • In determining the value generation model, the governing body should understand the context in which the organization operates over time, including stakeholder expectations, regulatory frameworks, technological change, and the present and potential future natural environment, social and economic iss… (§ 6.2.3.1 ¶ 3, ISO 37000:2021, Governance of organizations — Guidance, First Edition)
  • social, cultural and environmental contexts; (§ 4.1 ¶ 2 bullet 5, ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • social, cultural, and environmental contexts; (§ 4.1 ¶ 2 bullet 2, ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • external and internal expectations for the organization's environmental responsibility. (§ 6.3.3 ¶ 4 Bullet 3, ISO/IEC 23894:2023, Information technology — Artificial intelligence — Guidance on risk management)