Information Center for Issuers


Document Guidance 

Providing Supporting Evidence for the ESG Risk Rating Assessment

June 2024

What You Need to Know

This guidance will help you understand Morningstar Sustainalytics’ ("Sustainalytics") documentation requirements as we prepare your company's ESG Risk Rating assessment. We also hope to save you some time and effort as you consider and select the most appropriate supporting evidence to submit to Sustainalytics' Research Team.

Keep in mind that the information outlined here is intended as guidance only – it is not exhaustive. Your company’s unique characteristics, including its specific industry/subindustry, will influence the range of documents you decide to share with us or that the Research Team will access from public sources such as your corporate website.

These general guidelines on documentation are made available to all companies that Sustainalytics assesses.

The Fundamentals

Any documents submitted by companies to Sustainalytics as part of the ESG Risk Rating assessment process must have the following features: 

  • Authenticity: Company name and a date stamp, and/or review date.
  • Credibility: Details of corporate programmes, policies, initiatives, or practices that are fully implemented.
  • Official last version: The information must be complete and finalized. We will not accept any draft versions of a document.


Technical Requirements



We prefer to receive documents in English, but we will also accept this information in other languages. Non-English documents will be translated by our Research Team using an external translation tool.

If the context is unclear, we will ask you for clarification: you can assist with the translation and/or provide further details during the feedback stage. 



The documents submitted must be in the form of a PDF, which allows the use of tools such as data mining or translation (for non-English documents). We will not accept a secured/encrypted version of the documents such as a locked PDF. 

We do not accept documents via external file-sharing sites (e.g., iCloud, Google Drive,, Dropbox, etc.) that are not approved for Morningstar business.

    Types of Information

    Sustainalytics' ESG Research Team uses publicly available information to assess listed companies as part of our ESG Risk Rating research process. These public sources of information include company websites, annual reports, codes of conduct, press releases, corporate sustainability reports, and other sustainability-related documents. 

    Notably, if a document is easily found and downloadable from a company website, Sustainalytics likely has it, and you will not need to share it directly. 

    Companies can also submit any documents providing evidence of management policies and practices that are not yet readily available on the company website. Any such non-public information shared with Sustainalytics MUST be non-material. Each company is responsible for determining what is material or non-material. We define “non-material” as information that will not have an impact on a company’s enterprise value. 

    Please note, as of January 31st, 2023, we will not be able to accept documents via external file-sharing sites (e.g., iCloud, Google Drive,, Dropbox, etc.) that are not approved for Morningstar business.

    This table summarizes the information that Sustainalytics will accept from companies, including select examples. It also details our approach to assessing certain information and our expectations for companies.

    Information TypeDefinitionExamplesSustainalytics' ExpectationsUse of Information by Sustainalytics
    Publicly available
    Published on the company website or as part of a regulatory filing available to the public or publicly available from some other source.  
    • Annual reports; CSR reports 
    • Information included in official filings. 
    • Website information, including reports, policies, remuneration of corporate governance, financial information, group structure, etc.
    If a document is provided to Sustainalytics by a company and identified as already in the public domain, Sustainalytics will treat this document as public.
    Sustainalytics may reference details within any research products, following the standard citation rules. 
    Brief excerpts may be included within public documents, provided appropriate citation is in place.

    Accessible upon request 

    Not published on a website, but the company will share the information upon request and without restriction. 
    Policies, organizational charts.  
    Typically, such information is not published by companies to avoid information fatigue and promote a visitor-friendly approach.
    Documents received 
    by Sustainalytics will be treated as publicly available. 
    The company is expected to proactively inform Sustainalytics that the information can be disclosed upon request. 
    Sustainalytics may reference details within any research products, following the standard citation rules. 
    Brief excerpts may be included within public documents, provided appropriate citation is in place. 

    Internal (non-material, non-public) 

    Information not published on a company website and which the company may not share. 
    Although this information is not material (i.e., may not affect the price of the securities/ financial instrument), it may, 
    if widely disclosed, commercially affect the issuer.
    • Internal memos or reports 
    • Internal policies (i.e., the comprehensive anti-money laundering policy – which 
    if disclosed will enable potential offenders to identify the risk mitigation approach and avoid it; the discount policy). 
    • Organizational charts (if not included in the above categories). 
    Any such information a company is willing to share with Sustainalytics, should be marked by the company as Internal. 
    Internal information 
    may be shared with Sustainalytics in the following format: 
    • Name of document 
    • Table of content and/ or summary 
    • Excerpt of relevant section or screenshot. 

    Sustainalytics may reference details within any research products, following the standard citation rules. 

    No excerpts may be included in public documents. 

    Sustainalytics will not share such information externally, that is, within reports that we publish and distribute to clients.

    Sustainalytics will not sign any confidentiality / Non-Disclosure Agreement (NDA) related to such documents. 


    Sustainalytics will NOT accept such information from companies to inform our ESG Risk Rating assessments.

    Examples include the following: 

    • Business Contracts 
    • Portfolios 
    • List of clients, providers, business partners. 
    • Finance data, if not disclosed on material non-public information (MNPI). 


    Not applicableNot applicable

    Inside information/Material non-public information (MNP) 

    Material Information or inside information refers to any information that 
    may have a positive or negative impact 
    on the market price 
    of the company’s securities and could be reasonably expected to be considered relevant by reasonable investors in their investment decision-making. 


    Sustainalytics will NOT accept such information from companies to inform our ESG Risk Rating assessments. 

    Examples include the following:

    • Operating business performance 
    • Changes in control and control agreements 
    • Changes in management and supervisory boards 
    • Changes in auditors or any other information related to the auditors’ activity 
    • Operations involving the capital or issue of debt securities or warrants to buy or subscribe to securities 
    • Decisions to increase or decrease the share capital 
    • Mergers, splits, and spin-offs 


    Not applicableNot applicable

    List of Documents

    Here is a general list of documents that are typically used during Sustainalytics' ESG Risk Rating assessment process. This list is not exhaustive. You may submit other relevant supporting documents that are not listed here, as long as they meet Sustainalytics’ criteria.

    Keep in mind that Sustainalytics does not consult external websites for documentation A common example is a company CDP report posted on the Carbon Disclosure Project (CDP) website. Sustainalytics will only use the CDP report if it is posted on the company website or provided directly to Sustainalytics. 

    Please note that the documents listed below are provided as examples only. The decision to use a document rests with the Morningstar Sustainalytics' Research Team.  


    Annual/Sustainability/Integrated Reports
  • Annual Report
  • Integrated Annual Report
  • Corporate Social Responsibility (CSR) Report
  • Sustainability Report
  • Annual Report ‘Yuka Shoken Hokokusho’ (for Japanese public companies)
  • Form 10 – K (for US public companies)
  • Form 20 – F (for foreign companies listed on US exchanges)

    Policy and Code of Conduct  
  • Code of Conduct
  • Code of Ethics
  • Sustainability Policy
  • Health and Safety Policy
  • Supplier Code of Conduct
  • Environmental (Management) Policy
  • Green Procurement Policy
  • Whistle Blower Policy
  • Privacy Policy
  • Data Privacy/Security Policy
  • Human Rights Policy
  • Anti-Bribery and Corruption Policy
  • Conflict Minerals Policy
  • Supplier Diversity Policy
  • Community Relations Policy
  • Other relevant policies on company website or as a standalone document
  • CSR Initiatives ISO Certification & Disclosure
  • Global Reporting Initiative (GRI) and Index (membership)
  • EU Transparency Register (membership)
  • UN Global Compact (membership)
  • UN Principles of Responsible Investment (PRI) (membership)
  • Equator Principles (membership)
  • United Nations Environment Program Finance Initiative (UNEP FI)
  • Environmental Management System Standard and/or Environmental Management System Manual and any associated certifications (i.e., ISO 14001)
  • Health and Safety Management System Standard and/or Health and Safety Management System Manual and any associated certifications (i.e., OHSAS 18001) CDP reports (formerly known as Carbon Disclosure Project)– i.e., Climate Change Response and Water Security
  • Any international system certifications related to environmental or social performance (i.e., ISO 27001) or governance performance (ISO 37001) certification specifically for bribery and corruption)
  • Quality Management Standards (i.e., ISO 9001 or industry equivalent)
  • Product and Safety Standards or certifications held.

    Corporate Governance Documents (Public Companies only)
    • Proxy Statement
    • Semi-annual Report
    • Quarterly Report
    • Corporate Governance Report
    • Remuneration Report 
    • AGM/EGM Notice
    • AGM/EGM Minutes
    • AGM/EGM Vote Results
    • Amendments to the Articles of Association
    • Amendments to the Bylaws
    • Corporate Governance Guidelines
    • Committee Charter
    • Board of Directors Charter
    • Diversity Policy
    • Related Party Transactions Policy


    Indicator-Specific Guidance

    Sustainalytics’ ESG Risk Rating methodology includes the following four categories of Management Indicators:

    • Policy
    • Programmes and Management Systems
    • Disclosure and Compliance
    • Performance

    Each Management Indicator category requires distinct types of supporting evidence. The following details are provided as guidance only.  

    Policy Indicators

    • Measure the strength and quality of an issuer’s policy commitment to addressing material ESG issues.
    • A set of clearly articulated commitments to which the company, the employees, or other parties are required to comply. The role of a policy is to demonstrate awareness in relation to a certain topic, express a commitment to address that topic and outline the measures taken in that direction.
    Document requirements
    • A policy can be stand-alone or integrated with other policies (e.g.: Code of Conduct; Business Principles; Environment, Quality and Health and Safety Policy). 
    • A set of specific clear commitments; formulated as commitments 
    • The commitments must be relevant for the company’s line of business (e.g.: policy committing not to drill in the Arctic is irrelevant for a food company). 
    • To ensure the policy has been fully implemented, the documents’ approval date should be at least one month before the research start date. 
    • Validity: the policy date stamp cannot be older than five years; regular reviews are expected (annual or bi-annual).
    • New versions of policies or updates will not be accepted after the research start date. 
    Evidence of CommitmentSustainalytics assesses a company’s own commitments as stated in official policies rather than the legislation of the country which the company is headquartered in. Hence, country-specific legislation cannot be considered as evidence of a company’s commitment.


    Programme Indicators

    These indicators are designed to evaluate a company’s operational systems for managing a company’s material ESG risks. These indicators are aligned with and/or informed by recognized management systems, such as the ISO 9001 quality standard or the ISO 14001 environmental management standard. 

    Common assessment criteria include: 

    • Executive accountability 
    • Risk/impact assessment
    • Training or other initiatives to ensure compliance with policies 
    • Objectives/targets
    • Monitoring, measurement, reporting
    • Incident investigation and corrective action.

    Indicator examples: 

    • GHG Reduction Programme
    • Environmental Management System
    • Diversity Programmes
    • Cybersecurity Programmes

    • Bribery and Corruption Programmes.

    Document requirements
    Programmes and initiatives should be executed by the entity to be researched. Refer to the section below: Corporate Entity and Assessment Scope.

    The following Programme Indicators include criteria that require public disclosure:
    o S. Product and Service Safety Programme: Public reporting on product/service safety issues.
    o S. Product and Service Safety Programme: Public reporting on product/service safety issues. 
    o G.1.4.7 Clinical Trial Programme: Public reporting on monitoring outcomes, violations and corrective action.
    o S.3.1.13 Ethical Marketing Promotion: Public reporting on monitoring outcomes violations and corrective action.

    TimeframeThe initiatives must be fully implemented before the research start date and must align with the fiscal year of the assessment.


    Disclosure and Compliance Indicators 

    The following indicators are designed to assess whether companies meet widely recognized reporting standards:

    o E.1.2.4 Oil Spill Disclosure and Performance
    o E.1.6 Scope of GHG Reporting 
    o S.1.3.2 Gender Pay Disclosure
    o S.2.1.12 Drug Promotion Standards
    o S.3.2.3 US Drug Price Transparency
    o S.2.1.2 Signatory to Responsible Business Alliance (RBA)
    o S.3.2.2 Trial Data Transparency
    o S.4.4.2 Systemic Risk Reporting
    o G.1.4 Tax Disclosure 
    o G.2.1 ESG Reporting Standards
    o G.2.2 Verification of ESG Reporting
    o G.1.3.3 UNEPFI Signatory
    o G.1.3.5 Equator Principles Signatory
    o G.3.3.1 Transparency on Government Payments
    Document requirements
    All documents for Disclosure and Compliance Indicators should be in the public domain.

    Sustainalytics applies the criteria cited above when assessing either private or public companies. 

    In general, the document should provide evidence of the most recent disclosure. This includes any of the following:  
    • Fiscal year of the assessment.
    • Covering the latest information available.
    • Covering the last 3 years of assessment in cases where the indicator reveals a trend. However, the last year disclosed should be the year of assessment. For additional details about any specific indicator, please consult Issuer Relations. Licensed Rating Clients should consult their Corporate Experience project manager.


    Performance Indicators 

    These indicators measure the effectiveness of policies, programmes and management systems, and are tracked yearly to show a trend over time. For example, the carbon intensity trend tracks a company’s carbon emissions over time to provide information regarding the effectiveness of its carbon emissions reduction programmes. 

    Document requirements
    • There is no specific format regarding the type of document to be provided. The requirements relate instead to the type of data to be provided.
    • E.g.: CDP (formerly Carbon Disclosure Project) reports are accepted – i.e., Climate Change and Water Security. (Please note, Sustainalytics does not consult the CDP website directly; however, we assess that information if you send it specifically for consideration as part of the documentation provided. 
    • The company’s disclosure of emissions or water in documents such as the Annual Report or Sustainability Report is accepted. 
    • Internal tracking documents are also accepted.

    Centralized Indicators follow a specific baseline year. These indicators include:


    Carbon research:  
    E.1.9 Carbon Intensity
    E.1.10 Carbon Intensity Trend


    Water research:  
    E.1.2.7 Water Intensity
    E. Water Intensity Trend
    E. Fresh Water Intensity for Generators


    AIR emissions research:  

    E.1.13 SOx Intensity
    E.1.14 NOx Intensity 




    Trend Indicators incorporate the baseline year and an additional three years of reporting.

    Corporate Entity and Assessment Scope

    Corporate documents and disclosure should relate to the specific entity that is being researched.

    1. If the assessment is focused on the Parent company, we expect that most of the documents presented will cover all the subsidiaries or business units within different regions, countries, or production sites. Ideally, the percentage should be disclosed to help Sustainalytics' Research Team assess the level of control and accountability.

    2. If documents on the Parent company cover only certain sites, these details should be clearly listed. Also, depending on the indicator, information on the subsidiary(ies) may be only partially incorporated.

    3. Formal policies that are applicable only to subsidiaries of the Parent company may be incorporated partially, depending on the indicator.

    4. If a Subsidiary is being assessed, documents from the Parent company can be incorporated but only partially and depending on the type of indicator. This depends on the control level, a proxy for which is the ownership percentage.

    Sharing Information Internally

    Sustainalytics allows our various ESG Research and Stewardship Engagement Services teams to share relevant ESG management performance information. Each product team will use and reflect the information shared, according to the applicable independent process and methodology. 

    Sustainalytics is committed to responsible data processing and ensuring adequate data protection across all group entities. For more information, see our Privacy and Cookie Policy ( and an overview of our Security Practices.