Vendor ESG Assessment Questionnaire Template

ESG vendor assessments have shifted from optional sustainability surveys to mandatory due diligence components. New SEC climate disclosure rules, EU CSRD requirements, and supply chain transparency laws make third-party ESG data collection a compliance requirement, not a PR exercise.

The challenge: standardizing ESG evidence collection across hundreds of vendors while maintaining assessment efficiency. Generic sustainability surveys generate unusable data. Industry-specific questionnaires miss cross-cutting risks. Too many questions create vendor fatigue; too few miss material exposures.

This template framework addresses the standardization problem through modular question sets, automated scoring logic, and clear evidence requirements. You'll map ESG controls to your existing vendor risk tiers, automate follow-up workflows, and generate audit-ready documentation for regulatory examinations.

Core Template Structure

The baseline ESG assessment contains 75 questions across three pillars:

Environmental (25 questions)

Carbon Management

• Scope 1, 2, and 3 emissions tracking
• Science-based reduction targets
• Renewable energy usage percentage
• Carbon offset verification

Resource Efficiency

• Water consumption metrics
• Waste diversion rates
• Circular economy initiatives
• Biodiversity impact assessments

Evidence Requirements:

• CDP disclosure reports
• Third-party carbon audits
• ISO 14001 certification
• Energy procurement contracts

Social (30 questions)

Labor Practices

• Living wage calculations
• Collective bargaining coverage
• Safety incident rates (TRIR/DART)
• Training hours per employee

Diversity & Inclusion

• Board and leadership demographics
• Pay equity audit results
• Supplier diversity spend
• Accessibility compliance (WCAG 2.1)

Human Rights

• Child labor monitoring
• Forced labor indicators
• Conflict mineral sourcing
• Indigenous rights protocols

Evidence Requirements:

• OHSAS 18001/ISO 45001 certification
• Third-party social audits (SMETA, SA8000)
• Diversity data reports
• Whistleblower complaint logs

Governance (20 questions)

Ethics & Compliance

• Anti-corruption training completion
• Third-party risk management maturity
• Data privacy controls
• Cybersecurity incident history

Board Oversight

• ESG committee charter
• Executive compensation ESG linkage
• Stakeholder engagement frequency
• Materiality assessment process

Evidence Requirements:

• Ethics hotline statistics
• Board meeting minutes (ESG topics)
• ISO 27001/SOC 2 reports
• GDPR compliance documentation

Industry-Specific Modules

Financial Services Extensions

Add 15-20 questions covering:

• Sustainable finance commitments
• ESG investment screening criteria
• Climate scenario analysis (TCFD)
• Equator Principles adoption
• Green bond framework

Regulatory alignment: EU Taxonomy, SFDR, Basel III climate risk guidelines

Healthcare Modifications

Include 20-25 questions addressing:

• Pharmaceutical waste management
• Clinical trial diversity
• Access to medicines programs
• Antimicrobial resistance strategies
• Patient data privacy (beyond HIPAA)

Regulatory alignment: FDA diversity action plans, DEA controlled substance protocols

Technology Sector Additions

Incorporate 15-20 questions on:

• Responsible AI governance
• E-waste recycling programs
• Data center PUE metrics
• Content moderation practices
• Digital divide initiatives

Regulatory alignment: EU AI Act, Right to Repair legislation, NIST AI Risk Management Framework

Scoring Methodology

Weighted Scoring Model:

• Environmental: 30% (increase to many for manufacturing)
• Social: 35% (increase to a significant number of for labor-intensive sectors)
• Governance: 35% (increase to a substantial portion of for financial services)

Risk Tier Integration:

Vendor Tier	ESG Assessment Depth	Reassessment Frequency
Critical	Full 75+ questions	Annual
High	50 question subset	18 months
Medium	30 question subset	24 months
Low	Self-attestation only	36 months

Materiality Thresholds:

• Critical findings: Modern slavery indicators, environmental violations, corruption
• High findings: No reduction targets, <20% board diversity, no ESG governance
• Medium findings: Limited disclosure, immature programs, no third-party verification
• Low findings: Documentation gaps, process improvements needed

Implementation Best Practices

1. Pilot Program Design Start with 10-15 vendors across risk tiers. Test question clarity, evidence availability, and scoring calibration. Expect most response rate on first distribution.

2. Evidence Automation Configure document upload requirements:

• Accept CDP, DJSI, MSCI submissions as pre-population
• Parse sustainability reports for automatic field completion
• Link to public registries (EPA, OSHA, SEC EDGAR)

3. Vendor Communication Provide vendors:

• 30-day completion timeline
• Evidence checklist upfront
• Scoring transparency
• Improvement roadmaps post-assessment

4. Internal Stakeholder Alignment ESG assessments touch multiple teams:

• Procurement: Contract clause updates
• Legal: Regulatory mapping
• Sustainability: Target setting
• Finance: Cost implications

Create RACI matrix before launch. Procurement owns distribution, sustainability owns scoring, TPRM owns risk decisions.

Common Implementation Failures

Over-engineering the questionnaire: 200+ questions guarantee low completion rates. Stick to material risks for your industry.

Treating all vendors equally: A $50K software vendor needs different ESG scrutiny than a $50M manufacturing partner.

No consequence management: Collecting ESG data without remediation plans or contract implications wastes everyone's time.

Manual everything: Excel-based ESG assessments don't scale. Invest in DDQ platforms with ESG modules.

One-and-done mentality: ESG maturity improves over time. Annual reassessments capture progress and maintain pressure.

Regulatory Compliance Mapping

SOC 2 Type II: ESG questionnaires support CC3.1 (risk assessment) and CC9.2 (vendor management) criteria. Document ESG scoring in your vendor risk register.

ISO 27001:2022: Annex A.15.1 addresses supplier relationships. ESG assessments demonstrate "interested party" requirement consideration.

GDPR Article 28: Data processor ESG practices impact controller liability. Include data ethics questions for technology vendors.

Modern Slavery Act: Social pillar questions directly support UK/Australian MSA statement requirements. Archive responses for annual reporting.

EU CSRD: Double materiality assessment requires vendor ESG data. This template provides upstream value chain inputs.

Frequently Asked Questions

How do I handle vendors who refuse ESG assessments?

Document refusal in your risk register, flag for contract renegotiation, and consider alternative suppliers. For critical vendors, escalate through procurement leadership and reference regulatory requirements.

Should ESG scores impact vendor selection decisions?

Yes, but proportionally. Weight ESG at 10-a notable share of total vendor score initially, increasing as program matures. Critical ESG failures (modern slavery, environmental crimes) should be automatic disqualifiers.

What's the minimum viable ESG questionnaire length?

30 questions covering material risks across E, S, and G. Focus on evidence-based questions versus policy existence. Quality over quantity drives actionable insights.

How do I validate vendor-provided ESG data?

Require third-party certifications where available, cross-reference public disclosures, conduct sampling audits for critical vendors, and use news monitoring for controversy tracking.

Can I use industry standard ESG questionnaires?

Yes, but customize. EcoVadis, CDP, and DJSI provide strong foundations. Add 10-20 company-specific questions addressing your material risks and regulatory requirements.

How often should I update the ESG questionnaire template?

Annually at minimum. Quarterly reviews for regulatory changes. Major updates when new frameworks emerge (TNFD, SBTN) or regulations activate (SEC climate rules).