ESG data management — collection, verification, audit-readiness
How UK companies manage ESG data from source to disclosure. Collection across the three pillars; calculation under GHG Protocol; governance and sign-off workflow; framework mapping; audit-readiness for ISSA (UK) 5000 assurance from 2026. The infrastructure UK SRS S2 demands from 2027.
The data backbone of ESG reporting
UK SRS S2, FCA Listing Rules, SECR and ISSA (UK) 5000 assurance all rest on the same underlying ESG data. The data infrastructure is the long-lead-time investment that determines reporting quality.
The five-layer ESG data architecture
Source data, calculation, governance, framework mapping, output. Each layer has its own quality, control and audit requirements.
- 1. Source data layer Raw inputs
- Where ESG data originates: utility bills (Scope 2 electricity, gas), fleet management systems (Scope 1 mobile combustion), travel-management systems (Scope 3 business travel), procurement / ERP systems (Scope 3 purchased goods), HR systems (workforce metrics), supplier-provided data (Scope 3 across multiple categories). Quality control: documentation of source, frequency, completeness checks.
- 2. Calculation layer Methodology
- GHG Protocol Corporate Standard for emissions, with DESNZ (UK Government) conversion factors updated annually for UK SECR and UK SRS S2. Calculation engine logs methodology, factor source, factor date and assumptions per calculation. For broader ESG: pillar-specific methodologies (GRI 401 for workforce, GRI 207 for tax transparency).
- 3. Governance and workflow layer Controls
- Approval workflow with role-based permissions: data owner enters; reviewer approves; controller signs off; CSO / CFO authorises final disclosure. Change logs preserve every revision. Aligned with internal controls under the UK Corporate Governance Code and forthcoming Audit Reform requirements.
- 4. Framework mapping layer Multi-output
- Same underlying data set mapped to UK SRS S1/S2, IFRS S1/S2, ESRS, GRI, CDP and SASB without duplicate collection. The leading ESG software platforms maintain framework mappings as standards evolve. Reduces preparation time and ensures consistency across disclosure channels.
- 5. Output layer Disclosure
- Annual report disclosures (UK SRS S2 NFSIS, TCFD section, strategic-report content), separate sustainability report (GRI), CDP questionnaire submissions, ESG rating questionnaires (MSCI, Sustainalytics), investor presentations, regulatory returns (SECR ENRG return, gender pay gap, modern slavery statement).
Six steps to ESG data infrastructure
From baseline assessment to audit-ready operation. Typically 12 to 18 months end-to-end, with iterative refinement in years two and three.
What ISSA (UK) 5000 will demand
The FRC’s sustainability assurance standard under development for 2026 codifies what auditors will look for. Designing data infrastructure for audit-readiness is the cheapest way to satisfy it.
- Source documentation Foundation
- Every reported data point traceable to source: utility bill, fleet record, supplier confirmation, payroll system, board minute. Sample-tested by auditor. Missing source = assurance failure.
- Calculation methodology Method
- Methodology, conversion factors, and assumptions documented per calculation. GHG Protocol references explicit. DESNZ factor versioning preserved. Logged changes with rationale.
- Change controls Governance
- Every revision logged with timestamp, user, reason. Restatement policy documented. Material restatements explained in narrative disclosure.
- Sign-off chain Approval
- Documented role-based approval at data owner, reviewer, controller and authoriser levels. Aligned with delegated authority framework. Increasingly extended to board-level sign-off on annual ESG disclosure.
- Materiality and boundary disclosure Scope
- Operational vs financial control boundary disclosed. Material subsidiaries listed. Joint ventures and associates treated consistently with financial statements. Exclusions justified.
- Materiality assessment evidence Process
- Stakeholder engagement records; materiality matrix; methodology documentation; board approval. Required under UK SRS S1 and increasingly expected by auditors.
Current UK assurance standards
ISAE 3000 (Revised) — assurance engagements other than audits or reviews of historical financial information — is the current UK standard for sustainability assurance, applied at limited assurance level by most providers.
ISAE 3410 — GHG emissions assurance — is the GHG-specific standard.
The FRC's ISSA (UK) 5000, under development for 2026, will be the UK-specific sustainability assurance standard.
UK SRS S2 disclosures from 2027 will increasingly attract third-party assurance under ISSA (UK) 5000.
ESG data management — frequently asked
What it covers, what data systems UK companies need, how to verify ESG data, and what’s mandatory in the UK.
What is ESG data management?
ESG data management is the systematic collection, calculation, verification, storage and disclosure of environmental, social and governance data — to support sustainability reporting, ESG ratings, investor engagement and increasingly mandatory disclosure under UK SRS S2 and SI 2022/31.
It covers Scope 1/2/3 GHG emissions, workforce metrics, governance KPIs and other material ESG topics.
What data systems do UK companies need for ESG reporting?
Five components: (1) source-data collection (utility bills, fleet, supplier emissions, HR systems); (2) calculation engine (GHG Protocol Corporate Standard with DESNZ conversion factors); (3) governance and approval workflow; (4) framework mapping (UK SRS, IFRS S1/S2, ESRS, GRI, CDP); (5) reporting output (annual report, NFSIS, ESG ratings questionnaires).
Larger UK companies use dedicated software (Workiva, Watershed, Persefoni).
Smaller companies often start with spreadsheets.
How do you verify ESG data?
Three layers: (1) internal controls — source data verified against original documents (utility bills, supplier confirmations); (2) management review with sign-off workflow; (3) third-party assurance under ISAE 3000 (limited assurance) or ISAE 3410 (GHG-specific).
The FRC's ISSA (UK) 5000 sustainability assurance standard will codify the third-party layer from 2026.
Audit-readiness is the design principle — every data point should be traceable to source.
What ESG data is mandatory in the UK?
SECR (since 2019): UK energy use, Scope 1+2 GHG emissions, intensity ratio, energy efficiency narrative — for ~11,900 large companies.
SI 2022/31 (since 2022): TCFD-aligned climate metrics for ~2,500 companies with 500+ employees.
FCA Listing Rules (since 2021/2022): TCFD-aligned climate disclosure for ~1,200 listed issuers.
Gender Pay Gap Reporting Regulations 2017: median and mean pay gaps.
Modern Slavery Act 2015: annual statement for >£36m turnover.
The ESG guide set
From data management, continue to software, strategy, criteria and the broader frameworks.
ESG reporting — UK hub
Three-layer UK system; UK SRS backbone.
ToolingESG software comparison
Major platforms reviewed for UK SRS compliance.
StrategyESG strategy
Board-level ESG integration and target-setting.
CriteriaESG criteria
Practical criteria per pillar.
StandardsESG standards
UK SRS, FCA SDR, SECR, SI 2022/31.
FrameworksESG frameworks — UK comparison
UK SRS, GRI, SASB, TCFD, CDP, ESRS compared.