Review and revision

The ISEAL Code of Good Practice for Sustainability Systems (‘the ISEAL Code’) v1.0 came into effect on 1 March 2024, followed by an 18-month transition period for ISEAL Code Compliant organisations to align their systems to the ISEAL Code.

About the review and revision process

The ISEAL Code of Good Practice for Sustainability Systems (‘the ISEAL Code’) is reviewed every four years. The next review will take place no later than March 2028.

ISEAL’s Technical Committee are responsible for oversight of the revision process, including the decision of whether a revision to the ISEAL Code is needed. Outside of the review and revision cycle, editorial and non-substantive changes can be made at any time when identified as necessary, with input from ISEAL’s Technical Committee.

The ISEAL Code v1.1

The ISEAL Code v1.1 is a minor update which includes editorial and non-substantive changes that improve the clarity and intent of requirements.  It was published and came into effect from September 2025.

The changes do not affect the performance levels or expectations for compliance, and instead aim to address three objectives:

To provide greater clarity on requirements relevant to remediation

To improve consistency with ISEAL’s guidance on structuring data sharing and licensing agreements and chain of custody models and definitions

To provide additional guidance and editorial improvements

These objectives were informed by reviewing stakeholder feedback received since the ISEAL Code v1.0 came into effect on 1 March 2024. Feedback included technical queries and clarification requests submitted to ISEAL, and reflections from ISEAL Code Compliant organisations about the process of aligning their systems to the ISEAL Code. ISEAL’s Technical Committee provided input on how to address this feedback and approved these changes.

Further down this page, you can view a comparison of the clauses and glossary definitions between ISEAL Code v1.1 and v1.0, covering all requirements and guidance impacted by these changes.

All clause changes in v1.1 of the ISEAL Code

Blue text indicates content that is new. Orange text indicates content that has been adapted.

 

ISEAL Code v1.1  ISEAL Code v1.0  Relevant objective 
1.4: Intended role in corporate due diligence 

Desired outcome: The scheme owner has defined the role it intends the scheme to play in corporate due diligence. 

The scheme owner decides how its scheme is intended to support corporate sustainability due diligence and publicly documents the specific supporting roles it intends to play. 

Guidance: By publicly documenting how the scheme can be used by companies to support their due diligence responsibilities, the scheme owner is providing clarity on the extent and limitations of its role. The scheme can choose to play no role in due diligence but should still define and document this decision.

Guidance: The OECD Guidelines for Multinational Enterprises, OECD Due Diligence Guidance for Responsible Business Conduct and UN Guiding Principles on Business and Human Rights set out internationally agreed standards on responsible business conduct and the key principles, steps and practical actions for companies.

 1.4: Intended role in corporate due diligence 

Desired outcome: The scheme owner has defined the role it intends the scheme to play in corporate due diligence. 

The scheme owner decides how its scheme is intended to support corporate sustainability due diligence and publicly documents the specific supporting roles it intends to play.  

As part of this decision, the scheme owner determines what role it intends to play, if any, in the remediation of adverse impacts on human rights or environmental issues identified through implementation of its scheme, e.g., through auditing or monitoring

Guidance: By publicly documenting how the scheme can be used by companies to support their due diligence responsibilities, the scheme owner is providing clarity on the extent and limitations of its role. The scheme can choose to play no role in due diligence but should still define and document this decision. 

 1, 3 

 
2.2: Good governance 

Desired outcome: The scheme owner has good governance practices in place. 

The scheme owner has the following policies in place that apply to its governing and decision-making bodies, staff, and consultants:  

  1. impartiality policy (which should address conflicts of interest) 
  2. diversity, equity, and inclusion policy 
  3. safeguarding policy 
  4. whistleblower protection policy  
  5. complaints policy
     

Guidance: A complaints policy is intended to govern complaints raised by staff, consultants, and those serving on its governing and decision-making bodies. The handling of complaints raised by clients and implementing partners such as assurance providers is governed by the dispute resolution system (3.5).]

 2.2: Good governance 

Desired outcome: The scheme owner has good governance practices in place. 

The scheme owner has the following policies in place that apply to its governing and decision-making bodies, staff, and consultants:  

  1. impartiality policy (which should address conflicts of interest)  
  2. diversity, equity, and inclusion policy  
  3. safeguarding policy  
  4. whistleblower protection policy  
  5. grievance policy
     

Guidance: A grievance policy is intended to govern grievances raised by staff, consultants, and those serving on its governing and decision-making bodies. The handling of grievances raised by clients and implementing partners such as assurance providers is governed by the dispute resolution system (3.5).
3.5: Dispute resolution system 

Desired outcome: The scheme owner has impartial and accessible mechanisms in place for resolving complaints and grievances. 

The scheme owner has a documented dispute resolution system that is open and accessible to all stakeholders and that facilitates and supports the impartial handling and remediation of complaints and grievances about clients, members, implementing partners, and the scheme itself. The procedure governing the dispute resolution system includes timelines by which complaints and grievances are to be assessed. 

At a minimum, the system accepts complaints and grievances related to standards development and maintenance, assurance processes and decisions, codes of conduct or policies of association for clients or members, and claims processes and controlled claims. 

The scheme owner ensures that the confidentiality of a complainant is protected when requested by the complainant or when it is otherwise prudent. 

The scheme owner retains overall responsibility for management of the dispute resolution system and ensures that implementing partners have their own dispute resolution systems that feed into the overall approach, so that complaints and grievances are submitted and managed at the appropriate level. 
 

Guidance: The conditions under which it would be prudent to protect the confidentiality of complainants or aggrieved parties even when not specifically requested to do so could be defined by the dispute resolution system or by other organisational policies, e.g., safeguarding policy.

Guidance: When considering human rights violations in particular, the scheme is encouraged in design and review of the dispute resolution system to consider the eight effectiveness principles set out in the UN Guiding Principles on Business and Human Rights (UNGPs), guidance from the UN Office of the High Commissioner for Human Rights Accountability and Remedy Project.

 3.5: Dispute resolution system 

Desired outcome: The scheme owner has impartial and accessible mechanisms in place for resolving complaints and grievances. 

The scheme owner has a documented dispute resolution system that is open and accessible to all stakeholders and that facilitates and supports the impartial handling and remediation of complaints and grievances about clients, members, implementing partners, and the scheme itself. The procedure governing the dispute resolution system includes timelines by which complaints and grievances are to be assessed. 

At a minimum, the system accepts complaints and grievances related to standards development and maintenance, assurance processes and decisions, codes of conduct or policies of association for clients or members, and claims processes and controlled claims. 

The scheme owner ensures that the confidentiality of a complainant is protected when requested by the complainant or when it is otherwise prudent. 

The scheme owner retains overall responsibility for management of the dispute resolution system and ensures that implementing partners have their own dispute resolution systems that feed into the overall approach, so that complaints and grievances are submitted and managed at the appropriate level. 
 

Guidance: The conditions under which it would be prudent to protect the confidentiality of complainants or aggrieved parties even when not specifically requested to do so could be defined by the dispute resolution system or by other organisational policies, e.g., safeguarding policy.

 
3.7: Role in remediation 

Desired outcome: The scheme owner has defined the role(s) it intends to play in addressing remediation. 

The scheme owner determines what role it intends to play, if any, in the remediation of adverse impacts on human rights or environmental issues identified through implementation of its scheme, e.g., through auditing or monitoring.  
 

Guidance: An effective dispute resolution system in which grievances can be raised (3.5) is the minimum role a scheme must play in remediation. This clause requires scheme owners to consider the additional roles it could play in remediation, such as acting as a remedy enabler (e.g., mechanisms to refer certain types of grievances to judicial authorities) or a remedy provider (e.g., working with state and regulatory agencies to provide remedy). ISEAL’s learning report on remedying human rights abuses in supply chains is a useful resource for how schemes can play a role in remediation.

 1.4: Intended role in corporate due diligence 

Desired outcome: The scheme owner has defined the role it intends the scheme to play in corporate due diligence. 

The scheme owner decides how its scheme is intended to support corporate sustainability due diligence and publicly documents the specific supporting roles it intends to play.  

As part of this decision, the scheme owner determines what role it intends to play, if any, in the remediation of adverse impacts on human rights or environmental issues identified through implementation of its scheme, e.g., through auditing or monitoring
 

Guidance: By publicly documenting how the scheme can be used by companies to support their due diligence responsibilities, the scheme owner is providing clarity on the extent and limitations of its role. The scheme can choose to play no role in due diligence but should still define and document this decision. 
4.5: Data governance 

Desired outcome: Governance and use rights of data are clear. 

The scheme owner defines who has rights to different types of data within the scheme scope, including what data is available to whom and under what conditions. For data that is available externally, the scheme owner makes this information publicly available. 

 4.5: Data governance 

Desired outcome: Ownership and governance of data is clear. 

The scheme owner defines who owns different types of data within the scheme scope and what data is available to whom and under what conditions. For data that is available externally, the scheme owner makes this information publicly available. 
4.7: Access to data 

Desired outcome: The scheme owner has access to the data it needs to support effective implementation of its scheme. 

The scheme owner takes steps to address any barriers preventing its access to, or use of data required for implementation of its scheme, e.g., through contracts with implementing partners. This includes having the necessary permissions for access and use of relevant data. 

 4.7: Access to data 

Desired outcome: The scheme owner has access to the data it needs to support effective implementation of its scheme. 

The scheme owner takes steps to address any barriers preventing its access to, or use of data required for implementation of its scheme, e.g., through contracts with implementing partners. This includes having the necessary permissions from data owners for the use of their data. 
7.3: Assessment methodology 

Desired outcome: Procedures support consistent and competent implementation of each type of assessment 

The scheme owner defines requirements and procedures for each type of assessment implemented within the assurance system, addressing at least the following: 

  1. frequency and intensity of assessment 
  2. knowledge, skills, and experience required in an assessor or assessment team   
  3. minimum set of criteria or requirements that need to be checked in every assessment 
  4. the role of remote auditing techniques within the assessment 
  5. a means or parameters for calculating the time needed for an assessment 
  6. sources of data and information that feed into the assessment; this includes specification of how stakeholders are to be consulted, as one source of information 
  7. how data sources are to be combined to provide an understanding of sustainability performance and risk, and how this informs the assessment process 
  8. minimum content of assessment reports including, at least, a list of non-conformities 
  9. timelines for submission of completed reports, following assessments 
  10. how to consider exceptions to the standard or assessment process 

Guidance: The scheme owner can also choose to define the minimum evidence needed to assess criteria or requirements.

Guidance: It is recommended the methodology also addresses how an assessor or assessment team should respond if adverse impacts on human rights or environmental issues outside the scope of standards compliance are identified, including the role of the dispute resolution system (3.5) in handling complaints and grievances.

 7.3: Assessment methodology 

Desired outcome: Procedures support consistent and competent implementation of each type of assessment 

The scheme owner defines requirements and procedures for each type of assessment implemented within the assurance system, addressing at least the following: 

  1. frequency and intensity of assessment 
  2. knowledge, skills, and experience required in an assessor or assessment team   
  3. minimum set of criteria or requirements that need to be checked in every assessment 
  4. the role of remote auditing techniques within the assessment 
  5. a means or parameters for calculating the time needed for an assessment 
  6. sources of data and information that feed into the assessment; this includes specification of how stakeholders are to be consulted, as one source of information 
  7. how data sources are to be combined to provide an understanding of sustainability performance and risk, and how this informs the assessment process 
  8. minimum content of assessment reports including, at least, a list of non-conformities 
  9. timelines for submission of completed reports, following assessments 
  10. how to consider exceptions to the standard or assessment process 

Guidance: The scheme owner can also choose to define the minimum evidence needed to assess criteria or requirements.

 

 

All glossary changes in v1.1 of the ISEAL Code

Blue text indicates content that is new. Orange text indicates content that has been adapted.

 

Term  ISEAL Code v1.1  ISEAL Code v1.0  Relevant objective 
Assurance system 

Similar terms:  

conformity assessment (system/scheme), certification (system/scheme) 

 A systematic approach to carrying out assurance in which a set of requirements, rules and procedures are consistently applied. 

Note: In the context of this Code, ‘assurance system’ in assessment methodology requirements (7.3) applies to the assessment of clients. Oversight requirements for assessing the performance of assurance providers are included in the oversight mechanism (7.18) 

 Adapted from ISO/IEC 17000:2020  A systematic approach to carrying out assurance in which a set of requirements, rules and procedures are consistently applied.  Adapted from ISO/IEC 17000:2020 
Chain of custody 

 

 A means by which inputs, outputs, and associated attributes are transferred, monitored and controlled as they move forward through each step in the supply chain.  Adapted from ISO 22095:2020  The custodial sequence that occurs as ownership or control of the material supply is transferred from one custodian to another in the supply chain.  Adapted from WB, WWF Alliance for Forest Conservation and Sustainable Use, 2002 
Competence  The quality of having sufficient knowledge, judgement, and skill for a particular duty.  Adapted from ISO 9000:2015  The quality of having sufficient knowledge, judgement, or skill for a particular duty.    Adapted from ISO 9000:2015 
Data rights 

Similar terms: data ownership 

 The possession, authority over, and responsibility for data assets. Data rights determine the scope and approach to governance and accountability for data management.   ISEAL  –  – 
Traceability  The ability to track and verify the history and location of a material’s movement through defined stages of production, processing and distribution.  Adapted from ISO 22095:2020 

  • The ability to trace something as it moves through a process. The completeness of the information about every step in a process chain allows for verification of information related to the origin of the material. 
 ISEAL 

Credibility Principles

The Credibility Principles define the core values of credible and effective sustainability systems. They were used as a reference point in the development of the ISEAL Code.

Find out more