--- name: esg-compliance description: Manage ESG (Environmental, Social, Governance) compliance, workplace safety, regulatory reporting, and legal compliance programs. Use when handling regulatory requirements, safety incidents, compliance audits, or ESG reporting and strategy. Triggers on phrases like "ESG", "compliance", "regulatory", "workplace safety", "OSHA", "legal compliance", "audit", "regulatory reporting", "safety incident", "compliance training", "risk management", "EHS", "environmental compliance", "governance". --- # ESG & Regulatory Compliance Ensure workplace safety, regulatory compliance, and ESG reporting across the organization. ## Workflow 1. Maintain compliance calendar: Track regulatory deadlines, reporting requirements, audit schedules. 2. Conduct regular compliance training: Mandatory programs for all employees and role-specific training. 3. Monitor and audit: Internal audits, policy compliance checks, safety inspections. 4. Handle incidents: Safety incidents, compliance violations, regulatory inquiries. 5. ESG reporting: Collect data, prepare reports, publish results, set targets. 6. Continuous improvement: Update policies based on regulatory changes, audit findings, incidents. 7. Stakeholder communication: Board updates, employee education, external reporting. 8. Risk management: Identify emerging risks, mitigation strategies, insurance coverage. ## Compliance Calendar ``` ANNUAL COMPLIANCE CALENDAR ============================ Q1 (January – March): → I-9 audit (employment eligibility verification review) → OSHA 300 log posting (post previous year's data by Feb 1) → Anti-harassment training (mandatory refresher) → Data privacy training (GDPR/CCPA compliance refresher) → Benefits open enrollment follow-up (mid-year adjustments) → EEO-1 reporting preparation (if applicable) Q2 (April – June): → Safety training refresher (all employees) → Manager compliance training (legal updates) → Fire drill and emergency evacuation exercise → ESG data collection (first half-year) → Workplace accommodation review (ADA compliance) → Vendor compliance audit (supplier code of conduct) Q3 (July – September): → Mid-year compliance self-assessment → Security awareness training (phishing, data protection) → Conflict of interest disclosure (all employees, annual) → ESG data collection (second half-year) → Emergency preparedness review (business continuity plan update) → Export controls and sanctions training (if applicable) Q4 (October – December): → Annual compliance training completion audit → OSHA recordkeeping preparation → Benefits compliance review (ACA, ERISA) → ESG report preparation and publication → Policy review and updates (all HR policies) → Next year compliance calendar planning → Board ESG reporting MONTHLY: → Safety inspection (facilities) → Compliance incident review (any reports, near misses) → Training completion tracking (identify non-completers) → Regulatory change monitoring (subscribe to legal alerts) ``` ## Safety Management ``` WORKPLACE SAFETY PROGRAM ========================= SAFETY INCIDENT RESPONSE PROTOCOL: STEP 1: IMMEDIATE RESPONSE (within 1 hour) → Ensure safety of all individuals → Call emergency services if needed → Secure the area → Notify: Safety officer, HR, facility manager → Document: Initial facts, witnesses, photos STEP 2: INVESTIGATION (within 24–48 hours) → Safety investigator assigned → Interview witnesses and involved parties → Review: Safety records, training history, equipment logs → Identify: Root cause, contributing factors → Preserve evidence STEP 3: REPORTING (within regulatory deadlines) → Internal: Report to HR, legal, executive team → OSHA: Reportable within specified timeframes - Fatality: Within 8 hours - Hospitalization/amputation/loss of eye sight: Within 24 hours → Insurance: Workers' compensation claim filed → Employee: Communicate findings and corrective actions STEP 4: CORRECTIVE ACTION (within 1 week) → Address root cause (not just symptoms) → Update safety procedures if needed → Additional training for affected area → Equipment repair/replacement → Engineering controls if applicable STEP 5: FOLLOW-UP (within 30 days) → Verify corrective actions are effective → Monitor for similar incidents → Update safety metrics → Communicate lessons learned to broader organization SAFETY METRICS: → TRIR (Total Recordable Incident Rate): [Number] (industry benchmark: [Number]) → DART (Days Away, Restricted, or Transferred): [Number] → LTIR (Lost Time Incident Rate): [Number] → Near-miss reports: [Number] (encouraged — indicates proactive culture) → Safety training completion: [%] → Safety inspection findings resolved: [%] ``` ## ESG Reporting Framework ``` ESG REPORTING STRUCTURE ======================== ENVIRONMENTAL (E) METRICS: → Carbon emissions: Scope 1 (direct), Scope 2 (indirect energy), Scope 3 (value chain) → Energy consumption: Total kWh, % renewable energy → Water usage: Total gallons, water efficiency improvements → Waste management: Total waste, % diverted from landfill, recycling rate → Environmental incidents: Spills, violations, fines → Targets: Net zero by [year], 50% reduction by [year] SOCIAL (S) METRICS: → Workforce diversity: Representation by gender, race, age, disability, veteran status → Employee engagement: Survey scores, retention rates → Health and safety: TRIR, safety incidents, wellness program participation → Training: Hours per employee, skills development investment → Human rights: Supply chain audits, vendor compliance → Community: Volunteer hours, charitable giving, local impact GOVERNANCE (G) METRICS: → Board composition: Diversity, independence, expertise → Ethics: Code of conduct training completion, reported violations, resolution rate → Data security: Breaches, compliance certifications (SOC 2, ISO 27001) → Executive compensation: Pay ratio, ESG-linked compensation → Risk management: Risk assessment frequency, mitigation effectiveness → Transparency: Reporting frequency, third-party assurance REPORTING FRAMEWORKS: → GRI (Global Reporting Initiative): Comprehensive sustainability reporting → SASB (Sustainability Accounting Standards Board): Industry-specific standards → TCFD (Task Force on Climate-related Financial Disclosures): Climate risk → UN SDGs (Sustainable Development Goals): Alignment and contribution → CSRD (Corporate Sustainability Reporting Directive): EU compliance (if applicable) ``` ## Compliance Training ``` MANDATORY COMPLIANCE TRAINING PROGRAM ======================================= COURSE 1: Anti-Harassment and Anti-Discrimination Audience: All employees (annual), Managers (annual + advanced module) Duration: 45 minutes (employees), 90 minutes (managers) Content: → What constitutes harassment and discrimination → Company policies and reporting procedures → Bystander intervention → Manager responsibilities (prevention, response, documentation) → Case studies and scenarios Completion: Required within 30 days of hire, annual refresher Assessment: Knowledge check (80% passing score) COURSE 2: Data Privacy and Security Audience: All employees Duration: 30 minutes Content: → Data classification (public, internal, confidential, restricted) → Phishing awareness and reporting → Password and device security → GDPR/CCPA basics (what employee needs to know) → Incident reporting procedures Completion: Required within 30 days of hire, annual refresher Assessment: Phishing simulation test COURSE 3: Code of Conduct and Ethics Audience: All employees Duration: 30 minutes Content: → Company values and code of conduct → Conflicts of interest → Gifts and entertainment policy → Anti-corruption and anti-bribery → Whistleblower protections and reporting channels Completion: Required within 30 days of hire, annual refresher Assessment: Scenario-based quiz COURSE 4: Workplace Safety Audience: All employees (general), Facility-specific (role-based) Duration: 45 minutes (general), varies (role-based) Content: → Emergency procedures (fire, medical, natural disaster) → Ergonomics and workstation safety → Incident reporting → Role-specific hazards (lab safety, equipment operation, etc.) Completion: Required within 14 days of hire, annual refresher Assessment: Emergency procedure quiz COURSE 5: Manager Compliance (advanced) Audience: All people managers Duration: 90 minutes Content: → Legal responsibilities of managers → Performance documentation requirements → Accommodation and leave management → Investigating complaints → Retaliation prevention → Recordkeeping and confidentiality Completion: Required within 60 days of promotion to manager, annual refresher Assessment: Case study assessment TRACKING: → Automated reminders: 14 days, 7 days, 3 days, due, overdue → Escalation: Manager notified → HR notified → Executive notified (if > 30 days overdue) → Dashboard: Real-time completion tracking by department, role, overall → Integration: HRIS flags non-completers for restriction on certain actions ``` ## Integration Points - Compliance platforms (Saiente, Navex, PolicyTech): Training delivery, policy management - EHS platforms (Cority, Enablon): Safety tracking, incident management - HRIS: Employee records, training completion, compliance status - ESG data platforms (WalkMe, Sphera): Data collection, reporting - Document management: Policy version control, acknowledgment tracking - Risk management systems: Risk assessment, mitigation tracking - Audit management: Internal and external audit coordination ## Edge Cases - **Multi-jurisdiction**: Different laws in each state/country; localized training and policies - **Remote workforce**: Home office safety assessments; virtual training; local emergency procedures - **Contractors and temporary staff**: Included in training? Clarify scope of coverage - **Regulatory changes**: Rapid policy update process; communication within 30 days of change - **Audit findings**: Remediation timeline tracking; root cause analysis; systemic fixes - **Whistleblower reports**: Enhanced protections; independent investigation; no-retaliation monitoring