Chief Information Officer (CIO and CISO)

One of the biggest challenges organizations face on their ESG journey is the ability to get standardized, reliable data sources to fuel data-driven decisions. CIOs have a central role to play with ESG data, from developing a modern tech infrastructure to navigating the ESG risk data landscape. They identify, mine, enrich and maximize the utility of ESG data across the enterprise, leading to responsible growth, stakeholder trust and customer confidence. The CIO works closely with the CISO, who can act as the company’s chief trust officer, ensuring that the company’s privacy and its intellectual property (IP) are secured.

What are the top 3 things the CIO should activate immediately?

What are the top 3 things the CISO should activate immediately?

What are the CIO and CISO’s key considerations with respect to ESG risk?

Data protection

It’s critical to think about data and information from a disclosure and privacy perspective.

In today’s ESG-driven environment, organizations exist to comb through data to disclose companies that do not adhere to ESG standards. This is a new threat organizations must contend with. Further, malicious actors have a new threat vector: the data can potentially be tampered with, stolen or leaked.

Related case study

Global meat and poultry company:

 A global meat and poultry company with over 40 distribution centers and outside cold storage facilities needed a way to effectively track and manage contract tracing of their employees and provide off-site quarantine accommodations for individuals who were infected.

 The solution would need to include medical surveillance, identification of infected individuals and ongoing administration and tracking of those individuals to make sure they were properly cared for and could eventually return safely to work.

 The EY organization established a strategic alliance with a software company to create a digital platform that accomplished: 

  •  Confidential, mobile-enabled tracking of employee health, including temperature monitoring, testing and self-assessments
  •  Mobile-enabled inspections of COVID-19 exposure risks, including pre-populated criteria from reputable health organizations
  •  Management and tracking of COVID-19 corrective actions and compliance tasks 
  •  Detailed reporting and immediate notification of COVID-19 issues

Vet and verify

Some companies are sharing reports and metrics to demonstrate their commitment to ESG and how they are faring at a moment in time. It’s important that the data being shared has been properly verified and vetted for public consumption, even if it’s not being shared openly. Releasing inaccurate information could cause reputational harm and might be difficult to walk back. There are actors who might want to tamper with data or steal data and release it on their timetable. Every angle for potential intrusion must be considered and addressed.

How EY can help

Sustainability and ESG
EY is committed to making business work for sustainability and making sustainability work for business.
 

Eliminate the bias

If AI-based systems are being used to collect, assess and analyze data, it’s critical that biases are removed from the datasets and algorithms.