Hey Procurement Managers — Vendor Sustainability Is the New SOC 2

Procurement managers understand the importance of data security. In recent years, there have been several high-profile data breaches that have weakened our collective faith in internet businesses. And so, before procurement managers entrust their sensitive company data with a third party, they do their homework. They review compliance certifications — SOC 2, ISO 27001, etc. — to build confidence that their prospective business partners are going to treat their data with appropriate care.

⁠Sustainability reporting is following in the path of security compliance. In the same way that you entrust your sensitive company data with your vendors, you also entrust your climate reputation with your vendors. For most businesses — especially in retail, tech, and services — your supply chain typically makes up 90+ percent of your total emissions. That means that one of your biggest levers to manage your environmental footprint and protect your climate reputation is supplier selection.

The vendor intake flow, including security, legal, and sustainability review

In the past, climate wasn’t a top priority for many companies, but it’s fast becoming one. If the SEC’s proposed rule changes go into effect later this year, companies will soon be required to disclose their greenhouse gas emissions, including supply chain emissions. Procurement managers today are flying blind, buying goods and services without knowing the carbon price tag. When you onboard a vendor, their emissions become your emissions. And beyond regulatory pressure, customers are increasingly demanding action — in a recent IBM report, 57% of customers said they would change providers to reduce environmental impact, and 71% would pay a price premium for sustainable brands. This is why a growing number of companies, including Walmart, Microsoft, and Salesforce, are contractually requiring suppliers to disclose their emissions and set science-based reduction targets. Salesforce in particular is working collaboratively with their suppliers, targeting full compliance by 2024.

Better tools lead to better outcomes

It’s still early days. But this supply chain pressure (spurred on by growing regulatory and consumer pressure) is accelerating.

In this sense, too, there are parallels to security compliance. The SOC 2 standard was originally introduced in 2009; a few short years later, and SOC 2 became table stakes for every company handling consumer data. GDPR is another example; in 2018, the EU data protection regulation went from something nobody had heard of, to cookie disclosures embedded on nearly every website on the internet.

Google Trends chart showing the exponential growth of interest in GDPR

These shifts happen fast, but it takes awhile for the tools to catch up. Not so long ago, security compliance was a cottage industry of consultants and checklists. In 2014 when we started our last company, Abacus, we spent long hours every month manually filling out security questionnaires for different sales prospects. Fortunately for startups today, tools like Vanta have largely streamlined and automated this compliance work, with realtime monitoring and dashboards.

For sustainability reporting, we’re going through a similar transition, building out and automating the tooling to meet growing demand. Smaller businesses in particular need scalable, affordable, relatively automated solutions.

Procurement managers: what you can do today

Now is a great time to start incorporating sustainability into your procurement process:

  • First, let your current and prospective vendors know this is one of your buying criteria. You might be surprised by the response. After Salesforce contractually required all their suppliers to disclose greenhouse gas emissions and set reduction targets, Patrick Flynn, Salesforce’s head of sustainability, reported “believe it or not, the feedback was overwhelmingly positive. Our suppliers welcomed that pressure, because they have real tangible proof the customer wants this, this is happening, we need to take action. So more than anything we had responses back like ‘how do I become the first to comply?’.”
  • Before you sign that next big contract, look the vendor up on Bend (this is free, and always will be).
  • If the prospective vendor has a public profile, great! You can easily convert your contract value into a CO2e estimate. Have they set a Net Zero or Reduction commitment? How does their climate program compare to their competitors?
  • If your prospective vendor doesn’t yet have a public profile, ask them about it (just as you’d ask them for their SOC 2 certification). We’d be happy to help get your vendors onboarded at Bend. Onboarding is fast enough that it's feasible to get suppliers live with actionable climate data before you wrap your parallel legal and security reviews. 🙋‍♀️
  • To really push things forward, consider following the Salesforce / Microsoft / Walmart playbook, adding environmental requirements to your procurement contracts.