Copyright © 2022 Everest Global, Inc.

We encourage you to share these materials internally within your company and its affiliates. In accordance with the license granted, however, sharing these materials outside of your organization in any
form—electronic, written, or verbal—is prohibited unless you obtain the express, prior, and written consent of Everest Global, Inc. It is your organization’s responsibility to maintain the confidentiality of
these materials in accordance with your license of them.
 ESG dimensions in the supply base

Objectives Organizations assess multiple parameters when selecting suppliers, and evergreen factors such as solution, references, and commercials have expanded to include Environmental, Social, and Governance (ESG) parameters. While in the
past, ESG parameters were mere check-the-box or good to have elements in the selection criteria, they are now becoming deal breakers (or makers in a few cases).

Organizations may need to highlight/deepen certain ESG attributes due to inherent industry factors. For instance, a mining company may prioritize Fair Labor Practices, while a CPG company may deepen material sustainability. However,
this tool to covers all aspects of ESG.

This document includes the following aspects:

- Key ESG dimensions and attributes that companies can assess in their supply base
- Guidance on how companies can assess their suppliers based on ESG attributes and examples of initiatives they can look for
- Key ESG metrics applicable to supply base selection and monitoring
- Questions to include in an RFP for supplier selection

Examples of initiatives undertaken by Examples of applicable ESG metrics for supplier

ESG dimensions ESG attribute How companies can assess this attribute in suppliers
outsourced services suppliers selection and ongoing monitoring
Decarbonization Companies can measure suppliers' carbon footprints through their compliance - Land reforestation projects with native species - Scope-wide CO₂ emissions reduction as % of
with outcomes defined within the Sustainable Development Goals (SDG) carbon - Rebuilding biodiversity baseline CO₂ emissions
reductions standard, which is based on actual reductions across scopes 1, 2, and - Total operational CO₂ emissions in metric tons
3 emissions*. These can be direct nature-based carbon removal such as - Roadmap duration for carbon neutrality (net zero)
reforestation, or indirect carbon removal activities such as engaging key suppliers
to reduce their emissions. Scope 3 emissions are a key metric for organizations, - Green buildings across locations
as it helps provide visibility across their services suppliers' supply chains. - Non-essential travel reduction
- Cloud computing

Energy profile (renewable vs. non-renewable) Companies can monitor whether suppliers use renewable electricity across - Meeting office energy needs through 100% - Renewable electricity procurement as % of total
service delivery locations and are conducting various energy conservation renewable electricity electricity consumption
projects, such as wind and hydroelectric projects. - Presence of renewable energy plants to generate
own power and energy
Energy efficiency Companies can track whether suppliers minimize emissions from the amount of - Use of electric vehicles for transportation - Energy conservation as % of total energy use
Environmental purchased electricity consumed by a company, which can be measured through - Energy efficient data center design - Savings from shifting to energy-efficient
energy rating agencies, an example being LEED (Leadership in Energy and - Software and deployment optimization equipment/buildings
Environmental Design), a green building rating system. - Energy consumption in remote work setups
- Energy consumption of network devices
- Algorithmic efficiency

Waste management Companies can assess suppliers' waste reduction initiatives through compliance - E-waste / office furniture / paper reusing or - % of nonhazardous waste by weight sent for reuse,
with a plastic waste reduction program that enables robust impact assessment of recycling recycling, or recovery
new or scaled-up waste collection and recycling projects. - Elimination of single-use plastics across delivery - % by weight of total IT product waste sent by
locations supplier's product end-of-life operations to a landfill or
incineration for treatment
Water conservation Companies can check whether suppliers reduce the impact of flooding, drought, - Water recycling at owned sites - % annual reduction in water withdrawals at data
and water scarcity on their business and people in high-risk areas and measure - On-site water treatment facilities centers and other large delivery locations in water-
and reduce water use across delivery locations. - Initiatives curbing the use of bottled water stressed regions
- % water recycled at owned sites
Impact sourcing Companies can inquire whether suppliers specifically hire workers from - Partnerships with impact sourcing specialists such - % of employees from underprivileged communities
underrepresented communities, such as rural or underdeveloped areas or refugee as DesiCrew in South India - % of employees who are refugees
communities. Many large outsourcing services suppliers partner with impact - Prosperity hubs in rural regions
sourcing specialists to companies that prioritize an impact sourcing model include
Ascensos, Webhelp, and Teleperformance.
 Diversity, Equity, Inclusivity, and Belonging Companies can ensure that their suppliers are certified through third-party - Partnerships with veteran hiring agencies such as - % of employees that are diverse, i.e., Black,
(DEI&B) certification agencies to record diversity within their organizations. While the Hire a Veteran, diverse workforce employment Indigenous, (and) People of Color (BIPOC) per US
supplier can be diverse (e.g., minority-owned or women-owned), workforce agencies such as DiversityJobs, or firms focused on standards of diversity or Black, Asian and minority
diversity is also an important parameter. This parameter can be assessed either undiscovered talent looking for a second chance ethnic (BAME) per UK standards of diversity across
through hiring practices, age, gender, disabilities, cultural background, race, such as people with a criminal background or technical, managerial, and executive roles
religion, gender, and sexual orientation, or while ensuring a culture of inclusion is community college / Historically Black Colleges and - % of diverse suppliers in the providers' supply base
in place and the workforce prides itself on reflecting a variety of backgrounds and Universities (HBCU) recruitment such as Kelly33
experiences. - Initiatives to hire and upskill Persons with
Disabilities (PwD)

Social/digital upskilling Upskilling is important for ESG as suppliers that digitally/socially upskill their - Leadership training in emotional intelligence (EQ) - Total investments in Learning and Development
workforces ensure continuity of the workforce for society. Training talent has - Upskilling/reskilling initiatives (L&D) initiatives ($)
become key as the pandemic has increased the digital skills gap. - Total hours employees spend in L&D programs
worldwide
- Percentage of employees digitally upskilled

Employee health, well-being, and safety Companies can track whether suppliers follow laws, rules, regulations, - Business ethics helpline support - Survey results on employee conduct
professions, programs, and workplace efforts to protect employees' and the - Surveys governing employee conduct - Occupational, health, and safety-related costs
Social public's health and safety, as well as the environment, from hazards associated - Mental well-being initiatives such as awareness due to fatalities, incidents, and accidents
with the workplace. Companies can monitor whether suppliers monitor ethics, and support programs - Training cost of maintaining safety
ensure workplace safety, and can also measure suppliers' compliance with fair - Employee pulse surveys - Percentage of supply chain vetted for child labor or
labor principles including workplace standards compliance monitoring, workforce - Employee safety policies including sexual harsh labor conditions
grievance mechanisms, and commitment to engage with relevant labor non- harassment prevention Employee feedback/ratings on public websites (e.g.,
governmental organizations, trade, or other civil society institutions. Glassdoor) or internal surveys
- Productivity levels
- Working hours
- Attrition rate
- Presence of supplier in lists of best companies to
work

Community impact Companies can measure suppliers' philanthropic contributions through the - Mission or higher purpose of the business (or lack - Worldwide retiree/employee hours dedicated to
number of employee hours spent volunteering across initiatives, the supplier's thereof) volunteering across philanthropic initiatives
monetary contributions across education, health, cultural, environmental, and - Employee volunteering initiatives - Contributions to philanthropic issues ($)
human services-related CSR foundations, and provision of valuable resources to - Livelihood enhancement projects through - Contributions to local communities ($)
local communities to help them thrive, such as public health resources and upskilling in under-developed communities - Number of members of society upskilled
educational capacity-building funds. - Partnerships with local social impact foundations

Accessibility Firms can assess whether suppliers have established workplace accessibility - Digital accessibility targets - Share of PwD workforce employed
standards and practices to make their equipment and premises accessible to - Review and update of all internal marketing and - Products meeting standards such as WCAG (set of
PwD. communications processes to ensure creation of website accessibility guidelines) and ADA (a civil
accessible content rights law)
Consumer rights Firms can assess whether suppliers have a reputation for consumer friendliness, - Receptive to consumer sentiments over the - Customer review/feedback
service responsiveness, and a limited history of consumer protection issues service delivery lifecycle - Increasing sales from existing customers
including lawsuits and regulatory penalties.
Board-level governance Organizations can prioritize suppliers that have an accountable management - Executive compensation tied to metrics that drive - Executive compensation, bonuses, and perks
teams and boards with significant personal incentive to ensure the company long-term business value, not short-term EPS - Percentage of independent directors on the board
performs well on these metrics. growth - Percentage of whistleblower complaints addressed
- Presence of a dedicated board sub-committee on
matters related to ESG and risk management
- Annual sustainability reporting following standards
of organizations such as Sustainability Accounting
Standards Board (SASB), Climate Disclosure
Sustainability Board (CDSB), Global Reporting
Initiative (GRI), and International Integrated
Reporting Council (IIRC)
 Risk management Companies can monitor whether suppliers integrate environmental and social risk - Sustainability risk reporting - Risk reporting efficiency for social and environmental
factors into existing risk management frameworks. Examples of good risk - Risk disclosure regulations risks
management practices include measuring the impact of environmental events on - Extent of risk mitigation planning for people and
operations or employee well-being and safety and understanding how the supplier planet factors
can help the organization manage environmental and social risks in services
sourcing delivery.

Transparency/disclosure Companies can track whether suppliers comply with all internal policies without - Ethics and compliance training - Presence of audit policies and compliance
exception, and/or are subject to applicable protection laws or industry-specific - ESG certifications committees
regulations, regardless of local business culture or practices. Policies may include - Enforcement of audits -% completion rates for compliance training
employee code of conduct, anti-corruption, information security, data privacy, and - Enforcement of audits/checks
system security policies. Companies can also assess whether suppliers have - Independent assurance from external authorities on
relevant ESG certifications (examples include women-owned business ESG matters
certifications from Women's Business Enterprise National Council and Top
Workplaces with D&I initiatives from Mogul) and undertakes regular ESG audits.

Governance Stakeholder engagement Companies can assess whether suppliers have a stakeholder engagement - Identification of key stakeholder groups - Outcomes of engagement process
strategy that is connected to its business strategy and demonstrates how the - Integrated reporting
company is responsive to key stakeholders' legitimate needs and concerns. Many - Conflict resolution process
suppliers have formalized the implementation of a stakeholder engagement policy,
from defining the ownership and governance process to developing the
engagement plan, key frequencies, method, and channel.

Code of conduct Companies can assess whether suppliers' code of conduct policies provide - Code of conduct policy covering conflict of interest, - Number of disciplinary actions over a period of time
employees the guidance they need to maintain the company's integrity and acts company confidential information, and responsible
as a resource for employees to do business with the highest level of integrity, social media usage
armed with clear standards and helpful examples and information about where to
go when they need guidance about ethical decision-making or compliance
concerns.

Data privacy Companies can assess suppliers' data privacy policies around proper handling of - Data privacy impact assessments - Timeliness in adopting regulatory changes and
sensitive data, including personal data and other confidential data, such as - Data management throughout the lifecycle delivering privacy-safe data to intended stakeholders
financial data and intellectual property data. Suppliers should clearly state who will (collection, usage, transit, rest) - Number of sensitive data categories applicable in the
be processing the data and the data processing terms throughout the data context of their business
management lifecycle. - Presence of data processing / data distribution terms

Information security Companies can check if suppliers ensure the security of personal data, for - Employee training to track social engineering - Time taken to patch/fix identified vulnerabilities
example, so that data is not leaked due to user error or external attack. Suppliers attacks based on the severity of risks
should have a department that monitors social engineering attacks such as - Existing data security infrastructure - Presence of protocols, user training, and policies to
specialized phishing attacks or security breaches. manage/rectify security incidents
- Mean time reduction for the security monitoring and
hunting teams to identify incidents in the environment
- Continuous compliance with standards such as ISO
27001-2, ISO 27036-2, and ISO 27701:2019

* Scope 1 are direct Greenhouse Gas (GHG) emissions, while scope 2 covers indirect electricity GHG emissions such as the GHG emissions from the generation of purchased electricity consumed by a company. Scope 3 covers other indirect GHG emissions
such as transportation of purchased fuels and use of other vendors' products and services.
 RFP questionnaire: ESG attributes

Serial No. ESG dimensions ESG attribute Questions

1 Environmental Environmental Which local environmental regulations do you need to comply with? Please note any instances in which you have defaulted in the past five years.
2 What accreditations and certifications do you hold in environment and sustainability? Examples include ISAE 3410 for GHG emissions, LEED for green buildings,
Environmental General Green C certification, and the Institute for Green Business Certification.
3 Environmental General Have you been recognized or received awards in the environment and sustainability area?
4 Environmental General Do you measure your environmental footprint across your organization and your supply base?
5 Do you measure your carbon footprint (scope 1, 2, and 3)? Can you share data on your total operational carbon emissions? If you undertake CDP reporting, please
Environmental Decarbonization share relevant reports.
6 Environmental Decarbonization Have you set a target to become a Net Zero company (with net positive impact)? If yes, by when?
7 Environmental Decarbonization Are you undertaking any projects to reduce the environment's carbon footprint such as reforestation or preservation of biodiversity?
8 Environmental Decarbonization Are you engaging your key suppliers to reduce their carbon emissions? If yes, how?
9 What percentage of your office energy needs do you meet through renewable energy?
Environmental Energy profile (renewable vs. non-renewable)
10 Are you undertaking any projects to increase the use of renewable energy across communities such as hydroelectric projects?
Environmental Energy profile (renewable vs. non-renewable)
11 Environmental Energy efficiency Are you undertaking any initiatives to conserve energy across your service delivery locations?
12 Please detail your waste management, recycling, and reduction programs. Are you undertaking any initiatives to improve your waste reduction across service delivery
Environmental Waste management locations?
13 Environmental Waste management How do you manage your equipment and products when they have reached end of life?
14 Environmental Waste management Do you monitor hazardous and non-hazardous waste generation at your sites? If yes, can you please share this data?
15 Please detail your water conservation, recycling, and usage reduction programs. Are you undertaking any initiatives to improve your water conservation across
Environmental Water conservation service delivery locations, such as onsite water treatment?
16 Environmental Water conservation Are you undertaking any initiatives to conserve water across communities such as providing flood relief to high risk locations?
17 Do you monitor the annual reduction in water withdrawals at your data centers and other large delivery locations in water-stressed regions? If yes, can you please
Environmental Water conservation share this data?
18 Environmental Water conservation Do you monitor the annual increase in water recycled at your sites? If yes, can you please share this data?
19 Social General Have you been recognized or received awards in the areas like ethical labor practices, supplier diversity, impact sourcing, supplier safety, etc.?
20 Social General Have you been recognized or received awards related to your workplace policies such Great Places to Work?
21 Do you have initiatives that target hiring from marginalized communities (impact sourcing)? If yes, please answer the following questions:
a) What are the target groups?
b) How does this effort intentionally benefit your company and the communities you hire from?
Social Impact sourcing c) Are there special efforts for impact workers such as skilling, workplace accommodation, and career development?
d) What is the scale of these initiatives?
e) Do you have relevant certifications related to impact sourcing initiatives?

22 Do you partner with or subcontract to impact sourcing specialists (companies where the primary talent strategy is impact sourcing)? If yes, please answer the
following questions:
Social Impact sourcing a) Please name these firms
b) What is the scale of these partnerships?
23 Social DEI&B Please provide the firm's vision and overall policy across diversity & inclusion.
24 What percentage of your employees are diverse across technical, managerial, and executive roles in the following areas:
a) Women
Social DEI&B b) Minorities
c) Veterans
d) LGBTQ

25 Social DEI&B Please detail your parental leave policies and explain how you manage your workforce once they return from such breaks.
26 Social DEI&B Does the firm have a formal diversity and inclusion policy or initiative? If so, please provide.
27 Social DEI&B Does the firm have a stated diversity and inclusion goal, mandate, and/or targets? If yes, do you have targets for the next 5-10 years?
28 Social DEI&B Is your leadership compensation tied to the fulfillment of the firm's diversity and inclusion goals?
29 Social DEI&B Does the firm have a formal mentorship program for diverse employees?
30 Social DEI&B Does the firm work with organizations that promote the attraction and retention of diverse employees?
31 Social DEI&B Please provide details on the firm's efforts to promote, attract, and retain diverse employees.
32 Social DEI&B Please provide the names of any third-party organizations/affiliations the firm supports in the area of DEI&B (if applicable).
33 Social DEI&B What accreditations and certifications do you hold in supplier diversity?
34 What initiatives do you undertake to ensure employees do not feel discriminated against with respect to age, gender, disabilities, cultural background, race, religion,
Social DEI&B gender, and sexual orientation?
35 Social Social/digital upskilling Do you have a responsible automation strategy such as upskilling and placement support?
36 Social Social/digital upskilling What L&D initiatives are in place across technical, managerial, and executive roles? How many hours do employees spend in L&D worldwide?
37 How do you ensure workplace safety? Please provide your Lost Time Injury Rate (LTIR) (if available) and list the initiatives you have in place to reduce LTIR and
Social Employee health, well-being, and safety ensure employee health and mental wellbeing.
38 Social Employee health, well-being, and safety Please elaborate on your workforce grievance mechanisms.
39 Social Employee health, well-being, and safety What accreditations and certifications do you hold in fair labor practices?
40 Have there been any claims of sexual or general harassment, misconduct, or discrimination against any current or former firm employees (while employed by the firm)
Social Employee health, well-being, and safety within the last five years? Please provide details, if so.
41 Social Employee health, well-being, and safety Do you conduct regular employee satisfaction surveys? If yes, please share the results of your latest survey.
42 Social Employee health, well-being, and safety What is your employee attrition/fluctuation rate? Has it increased/decreased in the previous year?
43 Social Employee health, well-being, and safety Are you undertaking any practices to improve employee retention?
44 Social Employee health, well-being, and safety Please describe what kind of ESG training the firm offers employees. code of conduct policies across its employees and monitors ethics.
45 Social Employee health, well-being, and safety Do you have policies in place such as employee code of conduct and monitoring of ethics?
46 Social Community impact How do you meet your firm's CSR objectives? Is there dedicated leadership support to ensure CSR compliance? Please share your CSR policy.
47 Social Community impact Which Sustainable Development Goals (SDGs) are you addressing?
48 Social Community impact How many hours do employees spend volunteering for CSR activities worldwide? Do you have an employee volunteering forum?
49 Social Community impact What areas, such as education, health, livelihood, are included in your firm's CSR coverage?
50 Social Community impact Do you partner with any social impact foundations to meet social objectives? If yes, please name them and explain how you engage with them.
51 Do you undertake any community-building activities such as providing education in local areas or ensuring public health funds? If yes, please detail these initiatives
Social Community impact and explain if you have any partnerships with local social impact foundations.
52 Social Community impact How do these initiatives positively impact your business? ###
53 Social Accessibility How do you create an inclusive and accessible workplace that supports PwD? Do you have specific workplace accessibility standards?
54 How do you leverage technology to ensure your workplace centers and work from home setups provide a space where PwD can interact comfortably? Please detail
Social Accessibility your digital accessibility standards. Do you follow standards such as WCAG, ADA, or others?
55 Social Consumer rights Do you track customer feedback on a regular basis? If yes, please share feedback from your marquee clients.
56 Social Consumer rights Have you had any consumer protection issues including lawsuits and regulatory penalties? If yes, please provide details.
57 Do you conduct sustainability awareness training for your employees? If yes, please provide details around the education material and training pedagogy.
Governance General
58 Governance Board-level governance Do you have an ESG committee that reports to the company’s board to monitor and govern the firm's ESG policies and execution?
59 Governance Board-level governance Does your firm have an existing ESG policy in place? If there is no current policy, please describe your plan or explain the rationale.
60 What methods does your firm use for internal oversight and reporting on the level of ESG incorporation across the organization? Do you follow reporting standards
Governance Board-level governance such as Sustainability Accounting Standards Board (SASB), Climate Disclosure Sustainability Board (CDSB), Global Reporting Initiative (GRI), International
Integrated Reporting Council (IIRC), or any others?
61 Please explain how your firm verifies that its ESG policies are being followed for the solutions/offerings that is/are the subject of this questionnaire, as well as at the
Governance Board-level governance firm level.
62 Governance Board-level governance Is your leadership team's compensation tied to the fulfillment of the firm's ESG targets?
63 Governance Board-level governance Does your firm employ any ESG professionals? If yes, please share their profiles.
64 Have there been any changes to your firm's/team's ESG incorporation process over the past 12 months such as additional resources or information sources?
Governance Board-level governance
65 Governance Board-level governance Does your firm have an established ESG framework? If yes, how do you ensure that it is being followed in services sourcing?
66 Please provide details on your focus areas for innovation or continuous improvement to drive sustainable business. How do you plan to achieve your goals in these
Governance Board-level governance areas? Please share some references where you have partnered with your clients to improve sustainability performance such as continuous improvement and
innovation.
67 Governance Board-level governance Please provide details on how your firm will add value to our business by contributing to our ESG goals.
68 Please describe what ESG data, research, third-party consultants, resources, tools, and practices your firm/team uses. How are these incorporated into the risk
Governance Risk management management process?
69 Governance Risk management Are there any sustainability (ESG) risks and impacts of your business in the potential outsourcing model? If yes, what are your risk mitigation strategies?
70 Governance Transparency/disclosure Which ESG initiatives do you participate in such as GRI, UNGC, CDP, SASB)? Please provide any certifications you have received related to ESG objectives.
71 Has your firm or product(s) undergone any type of ESG audit? If so, please indicate who conducted it, when it was last conducted, the scope of the audit, and the
Governance Transparency/disclosure repeat frequency .
72 Governance Transparency/disclosure Please detail the compliance training you have in place.
73 Governance Transparency/disclosure Do you have performance targets for your risks and impacts? Do you audit or report these targets?
74 Governance Transparency/disclosure Do you monitor your suppliers and sub-contractors the sustainability performance? If yes, how regularly do you audit them?
75 Do you have a stakeholder engagement process in place for all influential stakeholders, i.e., those groups that affect and/or could be affected by an organization's
Governance Stakeholder engagement activities, products, or services?
76 Governance Code of conduct Do you have a code of conduct policy in place for your employees? If yes, please share it.
77 What are your policies to ensure proper handling of sensitive data including personal and other confidential data, such as financial data and intellectual property?
Governance Data privacy
78 Governance Data privacy Please detail your data processing / data distribution terms throughout the data management lifecycle.
79 Governance Information security Do you have a department that monitors social engineering attacks such as phishing?
80 Governance Information security Do you train your employees to generate alerts in the event of a social engineering attack?