Issuer Gateway Knowledge Hub


Guidance on Documentation

ESG Risk Rating Assessment Process

January 2023

What You Need to Know

This guidance will help you understand Sustainalytics’ documentation requirements as we prepare your company's ESG Risk Rating assessment. We also hope to save you some time and effort as you consider and select the most appropriate supporting evidence to submit to Sustainalytics' Research Team.

Keep in mind that the information outlined here is intended as guidance only – it is not exhaustive. Among other things, your company’s unique characteristics, including your specific industry/subindustry, will influence the range of documents you decide to share with us or that the Research Team will access from public sources such as your corporate website.

Another key point is that these general guidelines on documentation are made available to all companies that Sustainalytics assesses. Our objective is to be fully transparent and to ensure that all companies are equally informed about these requirements.

The Fundamentals

Any documents submitted by companies to Sustainalytics as part of the ESG Risk Rating assessment process must have the following features: 

  • Authenticity: Company name and a date stamp, and/or review date.
  • Credibility: Details of corporate programs, policies, initiatives, or practices that are fully implemented.
  • Official last version: The information must be complete and finalized. We will not accept any draft versions of a document.

IMPORTANT: We do not accept documents, or any disclosure, created solely to satisfy our indicator requirements without reasonable assurance that the policies, programs or initiatives have been implemented.  

Technical Requirements



We prefer to receive documents in English, but we will also accept this information in other languages. Non-English documents will be translated by our Research Team using an external translation tool.

If the context is unclear, we will ask you for clarification: you can assist with the translation and/or provide further details during the feedback stage. 



We are unable to accept a secured/encrypted version of the documents such as a scanned file or locked (password-protected) PDF. The documents should be in a format that allows the use of tools such as data mining or translation. 

As of January 31st, 2023, we will no longer be able to accept documents via external file-sharing sites (e.g., iCloud, Google Drive,, Dropbox, etc.) that are not approved for Morningstar business.

    Types of Information

    Sustainalytics' ESG Research Team uses publicly available information to assess listed companies as part of our ESG Risk Rating research process. These public sources of information include company websites, annual reports, codes of conduct, press releases, corporate sustainability reports, and other sustainability-related documents. 

    Notably, if a document is easily found and downloadable from a company website, Sustainalytics likely has it, and you will not need to share it directly. 

    Companies can also submit any documents providing evidence of management policies and practices that are not yet readily available on the company website. Any such non-public information shared with Sustainalytics MUST be non-material. Each company is responsible for determining what is material or non-material. We define “non-material” as information that will not have an impact on a company’s enterprise value. 

    Please note, as of January 31st, 2023, we will not be able to accept documents via external file-sharing sites (e.g., iCloud, Google Drive,, Dropbox, etc.) that are not approved for Morningstar business.

    This table summarizes the information that Sustainalytics will accept from companies, including select examples. It also details our approach to assessing certain information and our expectations for companies.

    Information TypeDefinitionExamplesOur ExpectationsUse of Information
    Publicly available
    Published on the website or as part of a filing available to the public at large. 
    • Annual reports; CSR reports 
    • Information included in official filings. 
    • Website information, including reports, policies, remuneration of corporate governance, financial information, group structure, etc.
    Documents collected or received by  Sustainalytics will be  treated as publicly  available. 
    May be referenced in research products, following the standard citation rules. 
    Brief excerpts may be included within the public documents, provided appropriate citation is in place.

    Accessible upon request 

    Not published on the website, but the company will share the information upon request and without restriction. 
    Policies, organizational charts, breakdowns. 
    Typically, such information is not published by companies to avoid information fatigue and promote a visitor-friendly approach.
    Documents received 
    by Sustainalytics will be treated as publicly available. 
    The company is expected to proactively inform Sustainalytics that the information can be disclosed upon request. 
    May be referenced in research deliverables, following the standard citation rules. 
    Brief excerpts may be included within the external-facing documents, provided appropriate citation is in place. 

    Internal (non-material, non-public) 

    Information not published on the website and which the company may not share. 
    Although this information is not material (i.e., may not affect the price of the securities/ financial instrument), it may, 
    if widely disclosed, commercially affect the issuer.
    • Internal memos or reports 
    • Internal policies (i.e., the comprehensive anti-money laundering policy – which 
    if disclosed will enable potential offenders to identify the risk mitigation approach and avoid it; the discount policy). 
    • Organizational charts (if not included in the above categories). 
    Any such information a company is willing to share with Sustainalytics, should be marked by the company as Internal. 
    Internal information 
    may be shared with Sustainalytics in the following format: 
    • Name of document 
    • Table of content and/ or summary 
    • Excerpt of relevant section or screenshot. 

    May be referenced in research products, following the standard citation rules. 
    No excerpts may be included in the public documents. 
    Sustainalytics will not 
    share such information externally, that is, within reports that we publish and distribute to clients; however, Sustainalytics will not sign any confidentiality / Non-Disclosure Agreement (NDA) related to such documents. 


    Sustainalytics will NOT accept such information from companies to inform our ESG Risk Rating assessments.

    Examples include the following: 

    • Business Contracts 
    • Portfolios 
    • List of clients, providers, business partners. 
    • Finance data, if not disclosed on material non-public information (MNPI). 


    Not applicableNot applicable

    Inside information/Material non-public information (MNP) 

    Material Information or inside information refers to any information that 
    may have a positive or negative impact 
    on the market price 
    of the company’s securities and could be reasonably expected to be considered relevant by reasonable investors in their investment decision-making. 


    Sustainalytics will NOT accept such information from companies to inform our ESG Risk Rating assessments. 

    Examples include the following:

    • Operating business performance 
    • Changes in control and control agreements 
    • Changes in management and supervisory boards 
    • Changes in auditors or any other information related to the auditors’ activity 
    • Operations involving the capital or issue of debt securities or warrants to buy or subscribe to securities 
    • Decisions to increase or decrease the share capital 
    • Mergers, splits, and spin-offs 


    Not applicableNot applicable

    Fiscal Year of the Assessment

    Sustainalytics determines the fiscal year of the assessment based on the main documents – such as the Annual Report and Sustainability/CSR Report – available at the time of research. The reporting year should align with the publication year of these reports. 

    We will not incorporate new versions of these documents once we have commenced an ESG Risk Rating assessment. If an important document, such as the Annual or Sustainability Report, is due to be published in the near term, we will consider postponing the research process until that information is available.

    List of Documents

    Here is a general list of documents that are typically used during Sustainalytics' ESG Risk Rating assessment process. This list is not exhaustive. You may submit other relevant supporting documents that are not listed here, as long as they meet Sustainalytics’ criteria.

    Keep in mind that Sustainalytics does not consult external websites for documentation (e.g., CDP's website, formerly the Carbon Disclosure Project. In this case, the CDP report would need to be shared with Sustainalytics by the company when they provide their documentation).

    Please note that the information below is provided as guidance only and the final decision on whether to use a document rests with Sustainalytics' Research Team.  

    Annual/Sustainability/Integrated ReportsCorporate Governance Documents (For Public Companies)
  • Annual Report
  • Integrated Annual Report
  • Corporate Social Responsibility (CSR) Report
  • Sustainability Report
  • Annual Report ‘Yuka Shoken Hokokusho’ (for Japanese public companies)
  • Form 10 – K (for US public companies)
  • Form 20 – F (for foreign companies listed on US exchanges)
  • Proxy Statement
  • Semi-annual Report
  • Quarterly Report
  • Corporate Governance Report
  • Remuneration Report
  • AGM/EGM Notice
  • AGM/EGM Minutes
  • AGM/EGM Vote Results
  • Amendments to the Articles of Association
  • Amendments to the Bylaws
  • Corporate Governance Guidelines
  • Committee Charter
  • Board of Directors Charter
  • Diversity Policy
  • Related Party Transactions Policy

    Policy and Code of Conduct  
  • Code of Conduct
  • Code of Ethics
  • Sustainability Policy
  • Health and Safety Policy
  • Supplier Code of Conduct
  • Environmental (Management) Policy
  • Green Procurement Policy
  • Whistle Blower Policy
  • Privacy Policy
  • Data Privacy/Security Policy
  • Human Rights Policy
  • Anti-Bribery and Corruption Policy
  • Conflict Minerals Policy
  • Supplier Diversity Policy
  • Community Relations Policy
  • Other relevant policies on company website or as a standalone document
  • CSR Initiatives (Industry Relevant)ISO Certification & Disclosure
  • Corporate Website
  • Global Reporting Initiative (GRI) and Index (membership)
  • EU Transparency Register (membership)
  • UN Global Compact (membership)
  • UN Principles of Responsible Investment (PRI) (membership)
  • Equator Principles (membership)
  • United Nations Environment Program Finance Initiative (UNEP FI)
  • Environmental Management System Standard and/or Environmental Management System Manual and any associated certifications (i.e., ISO 14001)
  • Health and Safety Management System Standard and/or Health and Safety Management System Manual and any associated certifications (i.e., OHSAS 18001) CDP reports (formerly known as Carbon Disclosure Project)– i.e., Climate Change Response and Water Security
  • Any international system certifications related to environmental or social performance (i.e., ISO 27001) or governance performance (ISO 37001) certification specifically for bribery and corruption)
  • Quality Management Standards (i.e., ISO 9001 or industry equivalent)
  • Product and Safety Standards or certifications held
  • Indicator-Specific Guidance

    Sustainalytics’ methodology covers the following types of Management Indicators:

    • Policy
    • Programs and Management Systems
    • Disclosure and Compliance
    • (Quantitative) Performance

    Each Management Indicator requires distinct types of supporting evidence. The following details are provided as guidance only.  

    Policy Indicators

    • Measure the strength and quality of an issuer’s policy commitment to addressing material ESG issues.
    • A set of clearly articulated commitments to which the company, the employees, or other parties are required to comply. The role of a policy is to demonstrate awareness in relation to a certain topic, express a commitment to address that topic and outline the measures taken in that direction.
    Document requirements
    • A policy can be stand-alone or integrated with other policies (e.g.: Code of Conduct; Business Principles; Environment, Quality and Health and Safety Policy). 
    • A set of specific clear commitments; formulated as commitments 
    • The commitments must be relevant for the company’s line of business (e.g.: policy committing not to drill in the Arctic is irrelevant for a food company). 
    • To ensure the policy has been fully implemented, the documents’ approval date should be at least  one month before the research start date. 
    • Validity: the policy date stamp cannot be older than five years; regular reviews are expected (annual or bi-annual).
    • New versions of policies or updates will not be accepted after the research start date. 
    Other detailsSustainalytics assesses a company’s own commitments as stated in official policies rather than the legislation of the country which the company is headquartered in. Hence, country-specific legislation cannot be considered as evidence of a company’s commitment.


    Programs and Management Systems Indicators

    • These evaluate a company’s operational systems for managing its material ESG issues. These indicators are aligned and reflective of recognized management systems, such as the ISO 9001 quality standard or the ISO 14001 environmental management standard. Their assessment is based on the following criteria:
      • Managerial responsibility; risk/impact assessment; training or other initiatives to ensure compliance with policies; objectives or targets; monitoring and measurement, and incident investigation and corrective action.
    • Examples: GHG (greenhouse gas) Reduction Program, Environmental Management System, Diversity Programs, Cybersecurity Program, Bribery and Corruption Programs.
    Document requirements
    • Programs and initiatives should be executed by the entity Sustainalytics is researching and cover 50% or more of the company’s operations in order to be considered valid.
    • If the entity is a group, it is expected that 50% or more of the group's companies are covered. In cases where the program or initiative is applicable only to certain sites, please provide the details so the percentage or scope is clear.
    TimeframeThe initiatives must be fully implemented before the research start date and must align with the fiscal year of the assessment.

    Disclosure and Compliance Indicators 

    These indicators assess whether companies are sufficiently transparent to investors about their ESG risks and management practices. Typically, they assess the company’s use of generally recognized practices, such as reporting using the Global Reporting Initiative (GRI) structure and including the fulfillment of respective requirements (e.g.: providing transparency on pay structures associated with ESG targets). 

    Document requirements
    • Due to the nature of this indicator, we expect the document to be publicly available and that official sources are consulted. E.g., for the indicator “Global Compact Signatory”, the Global Reporting Initiative’s official website will be consulted.
    • In other cases, the company is expected to make the information publicly available in its reporting. E.g., gender pay disclosure; tax disclosure.
    • Covering the fiscal year of the assessment OR 
    • Covering the latest information available OR
    • Covering the last three years of assessment in cases where the indicator reveals a trend. However, the last year disclosed should be the year of assessment.

    (Quantitative) Performance Indicators 

    These indicators measure the effectiveness of policies, programs and management systems, and are tracked yearly to show a trend over time. For example, the carbon intensity trend tracks a company’s carbon emissions over time to provide information regarding the effectiveness of its carbon emissions reductions programs. 

    Document requirements
    • There is no specific format regarding the type of document to be provided. The requirements relate instead to the  type  of data to be provided.
    • E.g.: CDP (formerly Carbon Disclosure Project) reports are accepted – i.e., Climate Change and Water Security. (Please note, Sustainalytics does not consult the CDP website directly; however, we assess that information if you send it  specifically for consideration as part of the documentation provided. 
    • The company’s disclosure of emissions or water in documents such as the Annual Report or Sustainability Report is accepted. 
    • Internal tracking documents are also accepted.

    Centralized Indicators follow a specific baseline year. These indicators include:


    Carbon research:  
    E.1.9 Carbon Intensity
    E.1.10 Carbon Intensity Trend


    Water research:  
    E.1.2.7 Water Intensity
    E. Water Intensity Trend
    E. Fresh Water Intensity for Generators


    AIR emissions research:  

    E.1.13 SOx Intensity
    E.1.14 NOx Intensity 




    Trend Indicators incorporate the baseline year and an additional three years of reporting.

    Corporate Entity and Assessment Scope

    Corporate documents and disclosure should relate to the specific entity that is being researched.

    1. If the assessment is focused on the Parent company, we expect that most of the documents presented will cover all the subsidiaries or business units within different regions, countries, or production sites. Ideally, the percentage should be disclosed to help Sustainalytics' Research Team assess the level of control and accountability.

    2. If documents on the Parent company cover only certain sites, these details should be clearly listed. Also, depending on the indicator, information on the subsidiary(ies) may be only partially incorporated.

    3. Formal policies that are applicable only to subsidiaries of the Parent company may be incorporated partially, depending on the indicator.

    4. If a Subsidiary is being assessed, documents from the Parent company can be incorporated but only partially and depending on the type of indicator. This depends on the control level, a proxy for which is the ownership percentage.

    Sharing Information Internally

    Sustainalytics allows our various ESG Research and Stewardship Services engagement teams to share relevant ESG management performance information. ESG management performance information. Each product team will use and reflect the information shared, according to the applicable independent process and methodology. 

    Sustainalytics is committed to responsible data processing and ensuring adequate data protection across all group entities. See Sustainalytics’ privacy policy for more information.