# The New ISO Directives to Combat Climate Change

In the current context of growing concern over climate change, organizations are called to review their strategies and integrate environmental analysis within their management systems. In this regard, the adoption of recent modifications to the Annex SL of ISO standards represents a significant opportunity to ensure that climate change becomes an integral part of corporate governance.

## A New Vision for the Organization

The modification primarily consists of the introduction of two fundamental requirements that influence the structuring of management systems. The first requirement, found in paragraph 4.1, concerns the organization’s need to understand its context, both internal and external, defining the issues that can influence the achievement of business objectives. Among these, the importance of identifying whether climate change is a relevant issue for the organization stands out.

The second requirement, described in paragraph 4.2, requires mapping the needs and expectations of stakeholders deemed significant for the management system. In this light, it is essential to observe that stakeholder expectations may include requirements related to climate change.

These new regulatory configurations establish a deep connection between the context in which the organization operates and the expectations of those who interact with it. In practice, the information gathered regarding the context should influence how climate change issues are addressed.

## An Integrated Approach to Regulations

The changes to Annex SL are not limited to what is described in paragraphs 4.1 and 4.2 but extend to additional aspects, impacting other significant requirements such as:

– **Information Security Policy** (requirement 5.2)
– **Objectives and Planning** (requirement 6.2)
– **Risk Analysis** (requirement 6.1)
– **Competence and Awareness** (requirements 7.2 and 7.3)
– **Documentation** (requirement 7.5)
– **Operations** (requirements 8.1, 8.2, and 8.3)
– **Monitoring and Measurement** (requirement 9.1.3)
– **Internal Audit** (requirement 9.2)
– **Management Review** (requirement 9.3)
– **Continual Improvement** (requirement 10.1)
– **Non-Conformity and Corrective Actions** (requirement 10.2)

Such changes represent an important step towards greater environmental responsibility for all organizations, which now need to incorporate climate-related considerations into their management systems.

## Measures to Address Climate Change in Information Security

Adapting information security management systems to contain environmental impact requires a multifaceted approach. A range of measures can be adopted in this respect, both technical and organizational, to contribute to sustainability. Some examples include:

### Organizational Measures

– **Use of Renewable Energy**: Opt for energy from renewable sources to power data centers and operating systems.
– **Purchase of Efficient Hardware**: Adopt devices with high energy efficiency ratings.
– **Promote Remote Work**: Reduce staff commutes and streamline workspaces.

### Technical Measures

– **Develop Efficient Code**: Write software that uses fewer resources, optimizing memory usage and reducing execution times.
– **Install Energy Recovery Systems**: Utilize facilities that generate energy from renewable sources.

These measures not only improve energy efficiency but also enhance the security and productivity of systems, creating a virtuous cycle that can lead to sustainable development.