Policy commitments
Practical guidance for preparing this disclosure. Use this card to identify datapoints, verify claims and organise supporting evidence. For exact requirements, always refer to the official GRI source.
↗ Share
This disclosure asks an organisation to explain the policy commitments that guide how it manages its material impacts, risks and opportunities. In practice, that means setting out the key policies it relies on, what they are intended to achieve, and how they connect to the organisation’s sustainability approach rather than just listing documents by name.
The practical focus is on whether those commitments are real and usable across the organisation. Reporters should make clear where the policies apply, whether they cover the whole organisation or only certain parts of it, and how they are communicated and embedded in day-to-day decision-making. If coverage is uneven, that should be clear too.
* This LRA educational guidance supports disclosure preparation. For the exact requirements, always refer to the official GRI source.
A quick mental checklist before you prepare this disclosure — tick each as you settle it.
| Datapoint | What to capture | Evidence hint | Owner |
|---|---|---|---|
| Responsible business policy basis | Summarise the organisation’s commitments on responsible business conduct and name the intergovernmental instruments those commitments draw on. | Approved policy text, policy register, or governance paper showing the referenced instruments. | Sustainability / Legal / Policy |
| Due diligence commitment | State whether the responsible business policy says the organisation will carry out due diligence. | Policy wording, board-approved policy summary, or internal policy matrix. | Sustainability / Legal / Risk |
| Precautionary approach | State whether the responsible business policy says the organisation will use a precautionary approach when making decisions. | Policy document, board paper, or compliance review noting the relevant clause. | Sustainability / Legal / Risk |
| Human rights commitment | State whether the responsible business policy explicitly includes respect for human rights. | Policy text and any approved summary used for reporting. | Sustainability / Legal / HR |
| Human rights scope | List the human rights standards or rights areas the organisation says its human rights commitment covers. | Human rights policy, supplier code, or policy annex that names the covered rights. | Sustainability / Legal / Human Rights |
| Priority stakeholder groups | Capture which stakeholder groups the organisation says it pays special attention to, including any at-risk or vulnerable groups. | Human rights policy, stakeholder policy, or impact assessment that names the groups. | Sustainability / Human Rights / DEI |
| Public policy links | Record the web links to the policy commitments where they are publicly available. | Published policy webpage, PDF URL, or intranet-to-public publication record. | Communications / Sustainability / Web |
| No public access reason | Explain why the policy commitments are not publicly available if no public link can be provided. | Internal approval note, confidentiality rationale, or legal restriction record. | Legal / Sustainability / Communications |
| Approval level | State which internal level approved each policy commitment and whether that was the highest decision-making level. | Board minutes, committee minutes, approval memo, or delegated authority record. | Governance / Company Secretariat / Legal |
| Policy reach | Describe how far each policy commitment applies across the organisation’s own activities and its external business relationships. | Policy scope statement, supplier standards, and any group-wide applicability note. | Sustainability / Procurement / Legal |
| Policy communication | Describe how the organisation shares the policy commitments with workers, business partners, and other relevant parties. | Induction materials, supplier communications, intranet posts, training records, or policy distribution logs. | HR / Procurement / Communications |
Show GRI 2-23 sub-elements (LRA working checklist)
- Set out how the policy is shared with employees, suppliers, and other relevant parties.
- State the responsible-business commitments and name the intergovernmental instruments they draw on.
- State whether the commitments include using a precautionary approach.
- State whether the commitments include carrying out due diligence.
- State whether the commitments include respect for human rights.
- Set out the organisation’s human-rights commitment, including which stakeholder groups it pays special attention to, such as at-risk or vulnerable people.
- Set out which internationally recognised human rights are covered by the human-rights commitment.
- If the policy commitments are not public, explain why they are not available.
- If the policy commitments are public, provide the relevant links.
- Explain how far the commitments apply across the organisation’s own operations and its business relationships.
- State where each commitment was approved in the organisation, and whether that was the most senior approval level.
LRA working checklist - paraphrased; see official source
- Set the reporting boundary first: decide which policy statements you will include, and make sure you cover every required topic — the business conduct commitments, the human-rights commitment, the named international references, due diligence, precautionary thinking, and the human-rights coverage details.
- Define what each item means in your own filing: separate the general conduct commitments from the specific human-rights promise, then map the human-rights promise to the rights it covers and the groups it is meant to protect, including any people who need extra attention because they may be at greater risk.
- Gather the source material that proves the content: use the approved policy text, board or committee papers, policy registers, intranet or public web pages, and any internal guidance that shows whether the commitments mention the required instruments, due diligence, precautionary approach, and respect for rights.
- Assemble the disclosure in the order the data points need: state the commitments, note whether the human-rights promise is specific and what it covers, add the public link where available or the reason it is not public, identify who approved each commitment and how senior that approval was, explain how far the commitments reach across your own operations and wider business ties, and describe how you share them with staff, partners, and other relevant groups.
- Record any gaps, exceptions, or changes clearly: if a commitment is not public, explain why; if wording, coverage, approval level, or communication method has changed since the last report, note what changed and when; keep the explanation tied to the actual policy evidence you hold.
- Check the final draft against the source documents line by line: confirm that every required point is answered, the wording matches the underlying policy position, the links work, the approval level is accurate, and the scope, coverage, and communication statements are consistent with the official records.
Translate the disclosure into an internal business question — then adapt it to your organisation's own language.
Use your organisation’s own policy names and governance terms first, then map them to the reporting disclosure. Avoid asking in framework language unless that is already how your team talks.
Please provide the GRI 2-23 policy commitments disclosure, including all required elements and the approval hierarchy.
Please send the current policy statements that cover responsible business conduct, plus the approval trail and how they are shared. For each one, include the policy name, what it covers, whether it mentions due diligence, precautionary approach, and human rights, which human rights topics and stakeholder groups it focuses on, who approved it, whether that was the top decision-making level, whether it is public, the link if it is, and how it is communicated to staff and external partners. Use your own policy names and internal terms, and we will map them for reporting.
Formal email template
Subject: Request for policy documents and approval details for reporting Hi [name/team], We are preparing the sustainability report and need a short evidence pack on the organisation’s policy statements about responsible business conduct. Please send, for each relevant policy or statement: - the document name and current version - the date it was approved and by whom - whether it is published externally, and if so the link - if it is not published, the reason it is kept internal - the parts of the business and business relationships it covers - how it is shared with workers, business partners, and other relevant groups - any note on whether the approval sat with the most senior decision-making level Please also confirm the wording used internally for these policies so we can map it correctly in the report. A simple table is fine. Please include the source file or link for each item, and check the official source before sign-off. Thanks, [preparer name]
Short Teams / Slack version
Hi [name/team] — could you share the policy pack for the report? We need the current policy names, approval date/approver, whether each one is public or internal-only, what it covers, and how it’s shared with staff and external partners. A table with links/source files is fine. Please use your own policy names and terms, and we’ll map them for reporting. Thanks, [preparer name]
Manufacturing
Context. A group with factories, contractors, and a supplier code managed by Legal and Procurement.
Adapted request. Please share the current code of conduct, supplier standards, and human rights statement, plus the approval record for each. We need to know what each document covers, whether it mentions due diligence or a precautionary approach, which human rights topics and at-risk groups it focuses on, whether it applies to our sites and suppliers, whether it is public, and how it is communicated to employees, contractors, and suppliers.
Example response. Attached table lists three documents: Code of Conduct, Supplier Standards, and Human Rights Statement. The Code and Human Rights Statement were approved by the board; Supplier Standards were approved by the executive committee. All three are public except the supplier onboarding guide, which is internal only because it contains commercial terms. Communication includes induction, annual refresher training, supplier onboarding packs, and the policy portal.
Financial services
Context. A regulated firm with a conduct policy, supplier policy, and public website policy library managed by Legal / Compliance.
Adapted request. Please provide the current conduct and human rights-related policy statements, the approval route for each, and the public links. We also need confirmation of whether they apply to the firm only or also to suppliers and other third parties, and how they are communicated to colleagues and external partners.
Example response. The policy library includes a public Responsible Business Policy and an internal Third-Party Standards document. The Responsible Business Policy was approved by the board and is published on the website. The Third-Party Standards were approved by the risk committee and are internal only because they contain control details. Both are communicated through the intranet, onboarding, annual attestations, and supplier due diligence packs.
The full request pack — response form, data table, evidence metadata and sign-off — is in the Download Centre.
LRA training templates — adapt them to your organisation, and check the official source before sign-off.
This disclosure can be built by listing each policy commitment, noting the external principles it refers to, and recording whether it includes due diligence, a precautionary approach, and respect for human rights, together with the approval level, scope of application, communication methods, and any public link or reason for non-public status.
Taken together, the data show how the organisation frames responsible business conduct in policy, how formally those commitments are authorised, how widely they apply, and how the organisation makes them known to people inside and outside the business.
If the picture changes from one period to the next, explain whether that is because policies were updated, approval moved to a different level, coverage was broadened or narrowed, links were added or removed, or communication practices changed.
GRI 2-23 Policy commitments — [location / page] / [notes]
Professional preparation tools and forms for GRI 2-23. Each download includes a concise “How to use” guide.
| Claim | Risk | Evidence to check |
|---|---|---|
| The information reported for this disclosure reconciles to the underlying source records. | What is reported cannot be traced back to the systems or documents it was drawn from, or does not tie out to them. | calculation_workbook reconciling the reported value to source_system_export |
| The information reported for this disclosure is current as at the reporting date. | The disclosure reflects a different period, a cut-off before the reporting date, or stale data carried over from a prior period. | approval_record showing the data cut-off date and the period covered |
| The scope behind the information reported for this disclosure is applied consistently. | Parts of the organisation are silently in or out of scope, or the scope differs from the prior period without that change being explained. | methodology defining the scope and a site_register of what it covers |
| Everything in scope is included in the information reported for this disclosure — nothing material is left out. | Parts of the population that should be reported are omitted, understating or overstating the disclosure. | site_register of the full population vs the calculation_workbook of what was actually included |
- The governing policy or written commitment behind this disclosure
- A methodology / definition note setting out how the disclosure was scoped and prepared
- Source-system exports the figures or facts were drawn from
- The internal approval / sign-off record for the disclosure before publication
- Minutes or records evidencing the relevant engagement or consultation
- The information is presented without a date or as-at point.
- The scope or boundary of the statement is left undefined.
- Key terms are used inconsistently across the report.
- Material changes since the previous period are not disclosed.
- Assertions are made without supporting detail or a source record.
- Boilerplate is used that does not actually answer what is asked.
- Wrong policy owner
The data request goes to the wrong team, so the person who actually holds the policy register, approval record, or web link is never asked.
- Framework language only
The collector asks for the item using reporting jargon instead of the organisation’s own policy names, so the source team cannot match the request to their records.
- No boundary set
The team never agrees which policies, entities, or business relationships are in scope, so some commitments are counted twice while others are left out.
- Wrong time basis
Evidence is pulled from a different reporting period or approval date than the one being reported, so the dataset does not line up with the year under review.
- Mixed counting basis
One spreadsheet combines policy-level records, approval-level records, and communication records in a single count, which makes the figures impossible to reconcile.
- Source labels lost
The original file names, document titles, or system tags are stripped away during collection, so no one can trace each data point back to the source.
- Separate groups merged
Policies that should stay distinct, such as different commitment types or different stakeholder groups, are merged into one population and the detail is lost.
- Missing evidence trail
The collector saves the content but not the supporting metadata, such as who approved it, when it was approved, or where it was published, so later review is blocked.
- No sign-off record
The draft data set is circulated without a named reviewer or approval trail, so there is no clear record that the source information was checked before disclosure drafting.
- What counts as a policy change after a deal or disposal
Use the reporting cut-off you apply elsewhere, then explain whether newly acquired or sold parts of the business are included, excluded, or shown separately and why.
- When local policy language differs by country
If the same commitment is written differently across jurisdictions, describe the common substance, note any country-specific differences, and explain which version you treat as the main one for reporting.
- Where a team or entity sits on the boundary of scope
For joint ventures, franchises, agents, contractors, or other close relationships, state the practical rule you used to decide inclusion and disclose any exclusions at the edge of the perimeter.
- Choosing the timing basis for approval and publication
If approval, launch, or public posting happened at different times, state which date you use for the disclosure and explain the basis for that choice.
- Deciding between exact figures and estimates
Where you cannot verify every policy link, approval level, or communication route directly, say what was checked, what was estimated, and how material gaps were handled.
- Handling privacy limits in communication reporting
If naming specific worker groups, partners, or vulnerable populations would create privacy or safety issues, aggregate the information and explain the level of grouping used.
- Setting the level of detail for human-rights coverage
When the commitment refers to broad rights or a long list of protected groups, state the categories you grouped together and make clear any important exclusions or overlaps.
- Explaining whether the commitment reaches beyond owned operations
If the policy also covers suppliers, distributors, contractors, or other linked parties, spell out which relationships are covered in practice and where the commitment stops.
- Dealing with mixed approval levels across commitments
If different commitments were signed off by different parts of the organisation, list each one with its approval point and note whether any sits below the most senior level.
- Using rounded or summarised wording for public links and access
If you provide a landing page, document library, or grouped link rather than a direct file, explain how a reader can reach the relevant policy and whether any parts are restricted.
Synthetic, written by LRA — not from a company report, not text from any standard.
We have set out our responsible-conduct policy in a public code that points to the recognised human-rights due-diligence expectations, the recognised responsible-business guidance, and the ILO core labour standards; it also says we carry out due diligence, apply a precaution-first approach where impacts are uncertain, and respect human rights across our operations and value chain. Our human-rights commitment covers civil, political, economic, social and cultural rights, with extra attention to migrant workers, women in lower-paid roles, young workers, and people with disabilities.
- The code was approved by the board, which is the most senior approval level for this set of commitments, and it applies to our own sites as well as suppliers, contractors and other business links.
- The policy pack is available on our website at synthetic example links: https://example.com/policy-code, https://example.com/human-rights-policy; we share it through induction, annual refresher training, supplier onboarding, contract clauses, and internal notices to relevant teams and managers.
Our sustainability policy refers to the recognised sustainability principles, the OECD guidance for multinational enterprises, and the ILO labour standards, and it states that we expect risk-based due diligence, a precautionary mindset for serious or irreversible harm, and respect for human rights in day-to-day decisions. The human-rights section covers the full range of internationally recognised rights and gives particular attention to seasonal workers, agency workers, smallholder suppliers, and communities near our depots and transport routes.
- These commitments were signed off by the executive committee rather than the board, so they are not approved at the most senior level, and they are intended to cover our operations plus key trading relationships.
- The policies are not posted publicly because they are embedded in internal governance documents and supplier manuals; we communicate them through manager briefings, e-learning, supplier packs, onboarding materials, and periodic reminders from procurement and HR.
How to turn the collected data into a draft disclosure. Suggested visuals and a GRI content-index line generated from this disclosure's datapoints.
Suggested visuals
- Policy coverage by topic — table: Which responsible-business topics are covered in the organisation’s policy set, including human rights, due diligence, precautionary approach, and the external principles or instruments the policies draw on.
- Approval level and governance sign-off — bar: Where each policy was approved inside the organisation, and whether approval came from the most senior decision-making level.
- Policy scope across the business — stacked bar: How far each commitment applies across the organisation’s own operations and across its business relationships.
- Communication channels for policy rollout — bar: How the commitments are shared with employees, commercial partners, and other relevant audiences.
- Public availability of policy documents — donut: The split between commitments that are publicly accessible with links provided and those that are not public, with the stated reason for non-public status.
- Human rights commitment detail — table: Which internationally recognised rights are covered by the specific human-rights commitment, and which stakeholder groups, including people at higher risk or in vulnerable situations, are given special attention.
What separates a figure from a disclosure.
We set out our policy commitments for responsible business conduct, including the intergovernmental instruments they draw on, whether we use due diligence and the precautionary approach, and whether we commit to respect human rights.
We set out our policy commitments for responsible business conduct, naming the intergovernmental instruments they draw on, stating that we use due diligence and the precautionary approach, and explaining that our human-rights commitment covers internationally recognised rights and gives particular attention to at-risk groups.
We set out our policy commitments for responsible business conduct, naming the intergovernmental instruments they draw on, confirming that we use due diligence and the precautionary approach, and explaining that our human-rights commitment covers internationally recognised rights and at-risk groups; the board approved them this year, they apply across our own operations and business relationships, they are published on our website, and we brief workers, business partners and other relevant parties through induction, supplier onboarding and annual refreshers.
Real reports where this topic is disclosed. The confidence label shows how closely each match maps to GRI 2-23 — these are report practice, not exact disclosure examples.
| Company | Sector · Country | Year | Match | Page | Report | Assurance | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Interconexión Eléctrica S.A. E.S.P. | Electric Utilities / IPP / Energy Traders · Colombia | 2024 | Partial | p. 88 →p. 141 →p. 59 → | ISA Integrated Management Report 2024 → | ey | |||||||||||||||||||||||||||||||||||||
Evidence in Interconexión Eléctrica S.A. E.S.P.’s reportWhat the report shows Interconexión Eléctrica S.A. E.S.P.'s 2024 Integrated Management Report includes coverage of certain narrative items related to sustainability disclosures, such as references to intergovernmental instruments on page 140 and details on due diligence processes and complaint handling on page 142. The report also describes how stakeholder engagement has influenced company actions on page 144. However, several narrative items, including (a-iii), (a-iv), (b-i), (b-ii), (d), and (e), are not found or clearly addressed in the report.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||||||||||||||
| Oberoi Realty Limited | Real Estate · India | 2025 | Topic-family | p. 67 →p. 88 →p. 20 → | ESG Report FY 2024-25 → | EY | |||||||||||||||||||||||||||||||||||||
Evidence in Oberoi Realty Limited’s reportWhat the report shows Oberoi Realty Limited’s ESG Report FY 2024-25 provides covered evidence of policy commitments related to its Code of Conduct on page 126, indicating embedding of these commitments and associated processes. Partial context is given on due diligence processes and employee training on page 36, as well as human rights risk management and monitoring on page 102, though no headline values are presented. Several narrative items, including specific disclosures under (a-iii), (b-ii), (d), (e), and (f), are not found or remain unclear in the report.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||||||||||||||
| Globalvia | Ground Transportation — Highways and Railtracks · Spain | 2025 | Partial | p. 86 →p. 104 →p. 108 → | Globalvia Sustainability Report 2025 → | — | |||||||||||||||||||||||||||||||||||||
Evidence in Globalvia’s reportWhat the report shows Globalvia's 2025 Sustainability Report provides coverage on its business conduct policies, including prevention and detection of corruption and bribery (p.106), and its commitment to human rights (p.104). The report also includes a message from the General Manager addressing policy commitments and due diligence (p.113). However, several narrative items related to other aspects of the disclosure are not found or unclear in the report, indicating gaps in the coverage of certain required elements.
Evidence-based summary of this company’s own report — not a disclosure template to copy, and not a compliance verdict. Datapoint coverage
Source trail
|
|||||||||||||||||||||||||||||||||||||||||||
A reporting lead has a draft policy pack that mentions the UN Guiding Principles and the OECD Guidelines, but the human rights section was copied from an old supplier code and does not say whether the company’s own policy covers due diligence or the precautionary approach. The board paper is due for sign-off next week.What should the preparer check before finalising the disclosure on the policy pack?
A sustainability manager is drafting the human rights part of the report. The company has a short statement saying it respects human rights, but the team has not yet agreed whether it covers all internationally recognised rights or only a narrower set linked to operations in three countries.How should the preparer handle the scope of the human rights commitment?
The legal team says the policy is on the intranet, but the external website only has a summary page. The report team is unsure whether to include a link, note that the full text is internal, or say the policy is unavailable to the public.What is the right way to present public access to the policy commitments?
A group policy was approved by the audit committee, while the parent company’s board later endorsed the same wording for the wider group. The communications team also wants to say the policy applies to employees, joint ventures, and key suppliers, but the current draft only mentions employees and direct suppliers.What should the preparer confirm about approval level and coverage before publishing?
See how companies actually report GRI 2-23 — drawn from their own published reports, with the exact pages, and an LRA AI-assistant that works through it with you. Available to LRA Community members and to students throughout their platform access.
How this disclosure maps across the major reporting frameworks.
For GRI 2-23, what data points do I need to gather before I start drafting the disclosure?
The page lists the main datapoints to prepare, including policy basis, due diligence commitment, precautionary approach, human rights commitment and scope, stakeholder groups, public policy links, access restrictions, approval level, policy reach and how the policy is communicated. Use that list as your collection checklist before you draft. ↑ section
How do I use the step-by-step preparation section for GRI 2-23 in practice?
Use it as a working sequence: confirm the disclosure topic, collect the listed datapoints, check the assurance claims, then build the evidence pack and draft output. It is designed to help you move from raw information to a reviewable draft. ↑ section
What should I include in the evidence pack for GRI 2-23 so it is assurance-ready?
The page includes a five-item evidence pack to support assurance readiness. Use it to assemble the documents and records that back up the datapoints, the claims to verify and the final draft. ↑ section
What are the assurance claims I need to test for GRI 2-23?
The page sets out four claims to verify, each with a linked risk and evidence point. Use them to check whether the disclosure is supported, consistent and traceable before sign-off. ↑ section
How do I avoid the common reporting gaps in a GRI 2-23 disclosure?
The page highlights common mistakes so you can spot missing scope, weak evidence, unclear ownership or incomplete communication detail early. Use that section as a pre-submission quality check. ↑ section
Who should own the GRI 2-23 disclosure in my organisation?
The page is set up for practitioners to assign ownership across ESG, HR, policy or data owners, depending on where the underlying information sits. Use the datapoint list and evidence pack to decide who can confirm each item. ↑ section
How do I decide the scope for the policy reach and human rights scope datapoints in GRI 2-23?
The page asks you to prepare both policy reach and human rights scope, so you need to define what parts of the organisation, workforce or value chain the policy covers. Keep the scope consistent across the narrative, table and evidence pack. ↑ section
What does the page mean by public policy links and no public access reason for GRI 2-23?
These are separate datapoints to prepare: one captures whether the policy connects to public policy, and the other explains why the policy is not publicly accessible if that applies. The page does not add extra rules, so use the wording and evidence from your own records. ↑ section
How do I turn the GRI 2-23 data into a draft disclosure?
The page includes draft-output support with visualisation ideas, narrative starters and a GRI content-index line. Use those to convert your collected data into a short narrative, a simple table if needed and a traceable index entry. ↑ section
Can I use the synthetic example on the GRI 2-23 page as a template for my own disclosure?
Yes, but only as an illustrative guide. The example is synthetic, so you should replace it with your own internally consistent data and evidence. ↑ section
- GRI 2-23 workbook download: what is the Prep & Assurance workbook for and how should I use it?
- Where do I find the printable Library Card PDF for GRI 2-23 and what is it for?
- What should I check before I say the GRI 2-23 disclosure is assurance-ready?
- How do I evidence approval level and policy communication for GRI 2-23?
- What are the most common mistakes people make when drafting GRI 2-23?
- How do I use the from company reports table on the GRI 2-23 page?
- What narrative starters does the GRI 2-23 page give for the draft output?
- How should I document due diligence commitment for GRI 2-23?
- How do I show responsible business policy basis in a GRI 2-23 draft?
- What evidence should I keep for priority stakeholder groups in GRI 2-23?
- How do I make sure the GRI 2-23 data table is internally consistent?
- Does the GRI 2-23 page give an ESRS or ISSB mapping I can rely on?
Get a practical answer for your reporting context. Your first answer is free — create a free account to continue the conversation.
Sources, status and disclaimer
This LRA assistance tool is designed for educational and internal data-collection purposes. It is not an official interpretation of the GRI Standards, IFRS Sustainability Disclosure Standards or EU CSRD/ESRS requirements. When applying these frameworks in professional practice, users should consult and double-check the official standards, guidance and applicable regulatory sources.