How To Build An ESG Policy That Works

Customers, investors and even big supply chain partners increasingly want to see how businesses manage their environmental impact, treat people fairly and run the company responsibly. That’s where an ESG policy comes in.

For small businesses in Australia, an ESG policy isn’t about box‑ticking. Done right, it helps you set clear standards, manage risk, win tenders and build trust with your team and customers.

In this guide, we’ll unpack what an ESG policy is, what to include, the steps to create one, key Australian legal touchpoints, and the documents that bring your policy to life day‑to‑day.

What Is An ESG Policy (And Why Small Businesses Need One)?

ESG stands for Environmental, Social and Governance. An ESG policy is a short, practical document that explains your business’ commitments and expectations in these three areas, and how you’ll put them into practice.

For small businesses, the benefits are real:

• Align your team around clear standards and procedures.
• Reduce legal and operational risk by addressing issues proactively.
• Strengthen your reputation with customers and partners (especially larger corporates who assess suppliers on ESG).
• Support long‑term value by focusing on efficiency, compliance and culture.

Think of your ESG policy as a roadmap. It sets goals, assigns responsibilities and links to the policies, contracts and processes that make those goals achievable.

What Should An ESG Policy Include?

There’s no one‑size‑fits‑all. Your policy should match your size, industry, risk profile and resources. However, most small business ESG policies cover the following building blocks.

Environmental

• Resource use: practical targets for energy, water and materials (e.g. switching to LED lighting, reducing packaging, optimising delivery routes).
• Waste and emissions: how you measure and reduce waste, manage recycling and minimise emissions from operations and transport.
• Compliance: a commitment to follow relevant environmental laws, licences and local council requirements.
• Suppliers: sustainable purchasing principles (e.g. prioritising recycled materials or suppliers with credible certifications).

Social

• Fair work and safety: your approach to safe workplaces, fair pay, and meeting obligations under the Fair Work regime and WHS laws.
• Diversity, inclusion and anti‑discrimination: standards of behaviour and hiring practices, supported by clear reporting channels for concerns.
• Customer focus and product responsibility: honest marketing, quality control, and accessible support and complaints handling.
• Community engagement: any local initiatives, volunteering days or charity partnerships that matter to your brand.
• Data and privacy: how you protect personal information and manage cyber risks, supported by a robust Privacy Policy and security practices.

Governance

• Leadership and accountability: who owns ESG in your business (e.g. a director or manager), how often you review progress, and how decisions are recorded.
• Ethics and conflicts: expected conduct, gifts and benefits rules, and how you manage conflicts of interest.
• Whistleblowing and speaking up: safe channels to report issues, supported by a formal Whistleblower Policy where appropriate.
• Risk management and compliance: key risks (legal, reputational, operational) and how you monitor them.
• Board or owner oversight: how policies align with your Company Constitution and decision‑making processes (even if you’re a sole director, write down how you’ll track and review ESG items).

How To Create An ESG Policy: A Step‑By‑Step Plan

Start small and keep it practical. Here’s a simple roadmap you can tailor to your business.

1) Map Your Risks And Priorities

List your main ESG impacts and risks. You could consider:

• Where you use the most energy, water or materials.
• Waste streams and how you currently dispose or recycle.
• Workforce practices (rostering, training, safety) and any past incidents.
• Customer promises (warranties, claims handling, data handling).
• Supplier risks (e.g. ethical sourcing for key inputs or labour hire).

Prioritise 3-5 areas that matter most to your business and stakeholders. That focus will make your policy achievable.

2) Set Clear, Measurable Commitments

Turn priorities into simple commitments:

• Short‑term actions (next 3-6 months): “replace all halogen lights,” “roll out respectful workplace training,” “review supplier code.”
• 12‑month targets: “reduce waste to landfill by 30%,” “respond to all customer complaints within 2 business days.”
• Metrics you can track: a monthly energy bill, number of incidents, resolution times, supplier audit pass rates.

Be realistic. It’s better to start with a few commitments you’ll actually meet than a long list you can’t resource.

3) Assign Roles And Build Processes

Nominate a single owner for each ESG area (even if that’s you). Then document the process: what needs to happen, how often, and where records will be kept. For example, “Operations Manager to review waste invoices quarterly and propose improvements.”

Where needed, link your ESG policy to supporting policies (e.g. bullying and harassment, cyber security, procurement) so expectations are consistent across the business.

4) Draft The Policy (2-4 Pages Is Enough)

Your policy can be short. Use plain English and include:

• Purpose and scope (who it applies to-staff, contractors, suppliers).
• Environmental, Social and Governance commitments (bullet points work well).
• Responsibilities (owners, managers, staff) and escalation pathways.
• References to supporting documents (e.g. code of conduct, safety procedures, complaints process).
• Review cadence (e.g. annually) and how you’ll report progress.

5) Consult, Train And Publish

Share the draft with your team and, if appropriate, a trusted client or supplier for a quick sanity check. Run a short team briefing to explain what’s changing, why it matters and how you’ll measure progress. Publish the policy internally and, if it helps with tenders or customer trust, add a summary to your website or capability statement.

6) Review And Improve

Schedule an annual review. Capture what’s working (celebrate wins) and where targets should be updated. ESG is a journey-iterating once a year helps you keep it real and relevant as your business grows.

What Laws And Standards Should You Consider In Australia?

Your ESG policy isn’t a legal document by itself-but it should point to the laws and standards you’ll follow. Here are the common touchpoints for Australian small businesses.

Truthful Marketing And Green Claims

Marketing must be accurate and not misleading. This includes sustainability claims (e.g. “eco‑friendly,” “carbon neutral”). Misleading conduct breaches the Australian Consumer Law-particularly the prohibition on misleading or deceptive conduct under section 18. Keep claims specific and evidence‑based, and document the proof you rely on (certifications, audits, purchase records).

Privacy And Cyber Security

If you collect personal information (names, emails, phone numbers, payment details), you should set out how you collect, use and secure it in a clear Privacy Policy. Consider your security posture too-who has access, how data is stored, and your plan for handling cyber incidents. A formal Data Breach Response Plan makes your response faster and reduces harm if something goes wrong. It’s also worth understanding your obligations around data retention laws in Australia.

Workplace Relations And Safety

Social impact starts with fair, safe and respectful workplaces. This means meeting minimum entitlements under the Fair Work system, using the right agreements with staff, and implementing practical policies that support your culture.

At minimum, you should have a clear Workplace Policy for conduct, bullying and harassment, and written agreements with your team (e.g. an Employment Contract for employees). Make sure your rostering, leave practices and payroll align with award requirements where applicable, and that your WHS processes match the work your people actually do.

Environmental Compliance

Environmental obligations can vary by state and local council (e.g. trade waste, noise, chemicals, signage, development approvals, waste transport). Your ESG policy should confirm that you’ll identify and comply with relevant permits and approvals before you start or change activities. Keep copies of licences and service agreements (e.g. licensed waste contractors) and note their renewal dates.

Supply Chain Standards

Larger customers may ask you to confirm ESG practices in your supply chain. Even if you’re not caught by specific regimes (like modern slavery reporting), it’s smart to set minimum supplier standards, ask simple due diligence questions and include ESG clauses in supplier contracts (e.g. ethical sourcing, compliance with labour laws, termination for serious breaches). Start with your highest‑risk or highest‑spend suppliers.

Governance, Reporting And Decision‑Making

Governance doesn’t have to be complex. Note how ESG issues are escalated and recorded (e.g. director meetings or owner reviews), and ensure your policy sits neatly alongside your corporate rules-such as your Company Constitution-and any board or management resolutions.

Turning Policy Into Practice: Training, Reporting And Improvement

An ESG policy is only useful if it’s lived. Here’s how to make it practical without creating red tape.

Train For The Real Work

• Run short, targeted sessions (30-45 minutes) that match roles-e.g. warehouse waste sorting, frontline respectful conduct, managers on handling complaints.
• Use checklists for recurring tasks (store shutdown energy checks, incident reporting steps, supplier onboarding questions).
• Record attendance and store materials so new starters can be onboarded quickly.

Build Light‑Touch Reporting

• Pick 3-5 KPIs you can actually track monthly or quarterly (e.g. electricity kWh, recycling rate, complaints resolved within 2 days, training completion).
• Use a one‑page dashboard or simple spreadsheet; highlight actions, owners and deadlines.
• Share wins-this reinforces positive behaviour and keeps momentum.

Close The Loop

• Collect feedback from staff and key customers on what’s working and where friction exists.
• Review incidents or complaints to spot patterns and update your processes accordingly.
• Refresh targets annually so they stay ambitious but achievable.

Key Legal Documents To Support Your ESG Policy

Your ESG policy sets direction. The following contracts and policies make it operational. Not every business will need them all, but most will rely on several of these.

• Privacy Policy: Explains how you collect, use and secure personal information-central to your data and customer trust commitments. A comprehensive Privacy Policy is essential if you collect any customer or staff data.
• Data Breach Response Plan: A clear, step‑by‑step plan to contain, assess, notify and review after a cyber incident, aligning with your governance and risk processes. See Data Breach Response Plan.
• Workplace Policy Suite: Policies covering conduct, bullying and harassment, discrimination, complaints and grievance handling, and safety expectations. Start with a practical Workplace Policy that fits your team.
• Employment Agreements: Clear contracts with employees and contractors set expectations around conduct, confidentiality, IP and termination-foundations of the “Social” pillar. Use a written Employment Contract for all hires.
• Whistleblower Policy: A structured process for reporting misconduct confidentially and safely. Even small businesses benefit from a simple, trusted channel-see Whistleblower Policy.
• Supplier Terms or Code of Conduct: Include ESG expectations (compliance with laws, ethical sourcing, safety standards) and audit/termination rights for serious breaches.
• Customer Terms: Clear service or sales terms (including refunds, warranties and support) support fair dealing under the Australian Consumer Law and reduce disputes. If you sell online, ensure your Website Terms and Conditions are up to date.
• Marketing and Claims Checklist: A simple internal checklist that requires evidence files for sustainability claims, reducing the risk of breaching the Australian Consumer Law.
• Governance Aids: Keep your corporate settings tidy (e.g. director decisions, delegations) and ensure practices align with your Company Constitution.

Remember, these documents work best when they’re tailored to your operations and explained to your team. If you’re unsure which ones you need right now, prioritise the ones that address your highest risks and customer expectations.

Key Takeaways

• An ESG policy helps small businesses set clear standards for environmental impact, social practices and governance-supporting compliance, trust and long‑term value.
• Keep it practical: focus on a handful of priorities, set measurable commitments, assign owners and link to everyday processes.
• In Australia, align your policy with key legal touchpoints like truthful marketing under the Australian Consumer Law, privacy and cyber security, fair work and safety, environmental permits and supplier standards.
• Turn policy into action with short training, simple KPIs and an annual review cycle to capture improvements.
• Back up your policy with the right legal documents-such as a Privacy Policy, Workplace Policy, Employment Contracts, Whistleblower Policy, customer terms and a Data Breach Response Plan-so expectations are clear and enforceable.
• Start small, be consistent, and build over time-the best ESG policy is the one your business can actually live every day.

If you’d like a consultation on creating or updating an ESG policy for your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.