CD ISO 14019-2 2024-01-29 v5 Clean

ISO 14019-2:2024(E)
ISO 14019-2:2024(E)
ISO TC 207/SC 2/JWG 1
Date: 2024-01-29
Validation and verification of sustainability information —

Part 2: Verification process
Validation et vérification des informations sur la durabilité —

Partie 2 : Processus de vérification
CD1
Warning for WDs and CDs
This document is not an ISO International Standard. It is distributed for review and comment. It is subject to
change without notice and may not be referred to as an International Standard.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of
which they are aware and to provide supporting documentation.
© ISO 2024 – All rights reserved

ISO 14019-2:2024(E)
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission
can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: [email protected]
Website: www.iso.org
Published in Switzerland
© ISO 2024 – All rights reserved 1

ISO 14019-2:2024(E)
Contents
Foreword .......................................................................................................................................................................... 4
Introduction .................................................................................................................................................................... 5
1 Scope .......................................................................................................................................................................... 7
2 Normative references .......................................................................................................................................... 7
3 Terms and definitions ......................................................................................................................................... 7
4 Pre-engagement..................................................................................................................................................... 7
4.1 General ...................................................................................................................................................................... 7
4.2 Required information .......................................................................................................................................... 8
4.3 Suitability of specified requirements and criteria .................................................................................... 8
4.4 Relevance determination process and rational purpose ....................................................................... 9
4.5 Common understanding ................................................................................................................................... 10
4.6 Conditions not met after acceptance of the engagement ...................................................................... 10
4.7 Objectives ............................................................................................................................................................... 10
4.8 Type of deliverable ............................................................................................................................................. 10
4.9 Specification of scope, requirements, and criteria ................................................................................. 10
4.10 Materiality ....................................................................................................................................................... 11
4.11 Level of assurance......................................................................................................................................... 11
4.12 Inherent limitations ..................................................................................................................................... 11
4.12.1 General.............................................................................................................................................................. 11
4.12.2 Evaluating consequences of inherent limitation ............................................................................... 12
5 Engagement ........................................................................................................................................................... 12
6 Planning .................................................................................................................................................................. 12
6.1 Verification team selection .............................................................................................................................. 12
6.2 Strategic analysis................................................................................................................................................. 13
6.2.1 General.............................................................................................................................................................. 13
6.2.2 Context for the strategic analysis ............................................................................................................ 13
6.2.3 Strategic analysis approach ...................................................................................................................... 13
6.2.4 Output from and review of strategic analysis..................................................................................... 14
6.3 Risk assessment ................................................................................................................................................... 14
6.3.1 General.............................................................................................................................................................. 14
6.3.2 Context for risk assessment ...................................................................................................................... 15
6.3.3 Process for risk assessment ...................................................................................................................... 15
6.3.4 Output from and review of the risk assessment ................................................................................ 16
6.4 Assessment of materiality ................................................................................................................................ 16
6.4.1 Process for assessing materiality............................................................................................................ 16
6.4.2 Output of assessing materiality ............................................................................................................... 17
6.5 Evidence gathering activities .......................................................................................................................... 17
6.5.1 General.............................................................................................................................................................. 17
6.5.2 Designing evidence gathering activities ............................................................................................... 17
6.5.3 Use of the responsible party’s information system and control .................................................. 18
6.5.4 Evidence gathering for quantitative information ............................................................................. 19
6.5.5 Evidence gathering for qualitative information ................................................................................ 19
6.5.6 Evidence-gathering techniques ............................................................................................................... 19
6.5.7 Process for evidence gathering ................................................................................................................ 20
6.5.8 Verification plan ............................................................................................................................................ 20
6.5.9 Evidence-gathering plan ............................................................................................................................ 21
6.5.10 Approval of verification plan and evidence gathering plan .......................................................... 21
6.6 Scope limitations ................................................................................................................................................. 21
2 © ISO 2024 – All rights reserved

ISO 14019-2:2024(E)
7 Execution ............................................................................................................................................................... 22
7.1 General ................................................................................................................................................................... 22
7.2 Communication ................................................................................................................................................... 22
7.3 Insufficient Information ................................................................................................................................... 23
7.4 Intentional Misstatement or Noncompliance ........................................................................................... 23
7.5 Determination of evidence .............................................................................................................................. 23
8 Review .................................................................................................................................................................... 23
9 Decision .................................................................................................................................................................. 24
10 Assurance statement ......................................................................................................................................... 24
10.1 General ............................................................................................................................................................. 24
10.2 Unmodified assurance statement ........................................................................................................... 24
10.3 Modified assurance statement................................................................................................................. 24
10.4 Adverse assurance statement .................................................................................................................. 25
10.5 Disclaiming the issuance of an assurance statement ...................................................................... 25
11 Facts discovered after issue of the verification statement .................................................................. 25
12 Records ................................................................................................................................................................... 26
Annex A (informative) Sampling .......................................................................................................................... 27
Annex B (informative) Level of assurance, example..................................................................................... 29
Annex C (informative) Inherent risk .................................................................................................................. 30
Annex D (informative) Uncertainty .................................................................................................................... 31
Annex E (Normative) Verification approach for qualitative information ............................................. 32
Bibliography ................................................................................................................................................................. 34

ISO 14019-2:2024(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO
collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of
(a) patent(s). ISO takes no position concerning the evidence, validity, or applicability of any claimed
patent rights in respect thereof. As of the date of publication of this document, ISO had not received notice
of (a) patent(s) which may be required to implement this document. However, implementers are
cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents. ISO shall not be held responsible for identifying any or all
such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the World
Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 207, Environmental management,
Subcommittee SC 2, Environmental auditing, and related environmental investigations in conjunction
with ISO/CASCO, Committee on Conformity Assessment.
A list of all parts in the ISO 14019 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

ISO 14019-2:2024(E)
Introduction
0.1 With increasing public demand for third-party opinions on sustainability disclosures as well as
developing legal provisions requiring declaration and reporting of such information (e.g. legislation of EU
Green Deal, US Securities and Exchange Commission climate disclosures, commercial supply chain
contracts and mandatory reporting), there is a significant market need for the validation/verification of
sustainability information.
0.2 Standards are needed for both the compiling and issuing of information regarding environmental,
social, governance (ESG) and other sustainability matters (indicators, reporting metrics, and disclosures)
as well as for harmonised approaches to validation/verification of that information. This validated and
verified information can then be used for decision making based on sustainability declarations, such as
investments, procurement, or individual choices for a consumer product or a workplace.
0.3 Frameworks and processes for validation/verification should be compatible with the globally
accepted quality infrastructure (standardisation, conformity assessment by validation/verification, peer
assessment, accreditation). Furthermore, developing these methodologies as ISO standards would allow
all interested parties, especially those with already implemented structures and existing instruments, to
participate.
0.4 Standards for the declaration and reporting of sustainability information already existing or under
development. relate, for instance, to entities (e.g. listed companies or suppliers) that are increasingly
required to report specific ESG or sustainability matters under voluntary or mandatory arrangements
(e.g. as a pre-requisite to supply chain or market access, pre-condition for tenders and government
procurement, and as part of securities exchange or regulatory annual reporting).
0.5 Within the existing legal framework of many countries and regions, the global system of conformity
assessment and its recognition (e.g. through multilateral arrangements between accreditation bodies),
the tools for assessing declared sustainability information (claims, reports etc.) and providing assurance
on its fair presentation currently exist. However, standardised specifications of a consistent process for
validating and verifying declared sustainability information is lacking.
0.6 Parties interested in qualitatively trustworthy and quantitatively comparable information will
benefit from standardised validation/verification processes to be performed by legal entities that fulfil
the requirements of ISO/IEC 17029, Conformity assessment — General principles and requirements for
validation and verification bodies.
0.7 While both result in a confirmation of declared information, validation and verification differ
significantly in their execution. Assessing historic data with respect to truthful and correct statements in
a verification requires different methodological approaches than determining whether declarations on
an intended purpose or future effect is reasonable and plausible in a validation. Therefore, there are
separate ISO 14019 parts dedicated to the validation process (Part 3, development intended) and to the
verification process (Part 2, this document).
0.8 As for the type of information to be validated or verified, distinction could be made according to the
subject matter (e.g. environmental, social, governance). However, taking the perspective of describing
methodologies, the distinction according to the nature of the assessed information, being quantitative or
qualitative, appears more rational.
0.9 ISO 14019 is developed in separate parts to provide a consistent overview of the entire
validation/verification of sustainability information, and give general and specific requirements for
validation/verification processes. Where the principles and requirements undergo rapid development,
the individual parts can undergo revision separately as required.
0.10 In summary, the parts to ISO 14019 are:
— Part 1 specifies terminology, principles, and general requirements applicable to both validation and
verification.

ISO 14019-2:2024(E)
— The process specifics of verification (Part 2, this document) and validation (Part 3, development
intended) are provided in separate documents.
— Part 4 (under development) contains the specific requirements applying to the validation/verification
bodies and their personnel, the validators and verifiers, in addition to generic requirements of
ISO/IEC 17029.
0.11 For the verification of quantitative information, Part 2 details the approach for continuous and
discrete forms of data and the types of evidence gathering activities that can be applicable to each.
Continuous data can be further categorized as ratio and interval data. Verification approaches include an
assessment of data collection, data editing, data transformation, data control processes as well as
numerical techniques that aid in verification analytical testing.
0.12 For verification of qualitative information, which can be based on numerical and non-numerical
information, Part 2 details the approach to both types, including review of language, terms, adjectives
used in the declared sustainability information to ensure it is appropriate, consistent with the available
information and truthful. Verification approaches include an assessment of the selection, determination,
collection, editing, control processes associated with the qualitative information. It can also include use
of professional judgement to review the overall qualitative information to ensure it is fair and truthful
and can be relied on by interested parties.

ISO 14019-2:2024(E)
Validation and verification of sustainability information —

Part 2: Verification process
1 Scope
This document specifies requirements and includes guidance for the verification of declared
sustainability information, including information presented in quantitative and qualitative formats.
NOTE Declared sustainability information can include reporting on environmental, social and governance
matters.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 17029:2019, Conformity Assessment — General principles and requirements for validation and
verification bodies
ISO 14019-1:xxxx Validation and verification of sustainability information —Part 1: General principles
and requirements
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 14019-1:xxxx and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
4 Pre-engagement
4.1 General
In pre-engagement, the verification body shall confirm the following:
a) fulfilment of preconditions, including requirements for information (see 4.2), suitability of specified
requirements and criteria (see 4.3), relevance determination process and rational purpose (see 4.4),
common understanding (4.5) and the actions that may be undertaken if preconditions are found not
to have been fulfilled after the engagement has been started (see 4.6);
b) the objective is verification (see 4.7), or a mixture of both validation and verification;
NOTE Declared sustainability information can have elements that need validation/verification.
c) type of deliverable (i.e. findings report, report of factual findings, or assurance statement) (see 4.8);
d) specification of the scope of verification, requirements and criteria to be used to prepare the
information to be verified (e.g. requirements for declaring information, categories of subject matter)
(see 4.9);

ISO 14019-2:2024(E)
e) materiality (see 4.10);

f) level of assurance (see 4.11); and
g) Inherent limitations of the deliverable (see 4.12).
4.2 Required information

4.2.1 The verification body shall ensure that the verification programme that has been agreed with the
client includes:
a) applicable specified requirements and criteria for verification;
b) a process for verification consistent with the requirements of this document; and
c) the process and methodology to confirm the relevance determination process of the responsible
party’s declared sustainability information (see 4.4).
4.2.2 The verification body shall ensure that the client obtains from the responsible party information
sufficient to fulfil the requirements in:
a) ISO/IEC 17029:2019, 9.2.1; and
b) the applicable part(s) of this ISO 14019 series.
4.2.3 The verification body shall consider whether the responsible party for the declared sustainability
information has adequately identified and taken into account the specified requirements and criteria,
reporting boundaries, relevance determination process and value chain considerations that have been
specified in:
a) any external reporting framework for the declared sustainability information; or
b) a framework established by the responsible party or the verification body; or
c) in the agreed verification programme.
4.2.4 The verification body shall ensure that the client has obtained confirmation from the responsible
party that the responsible party has a reasonable basis for issuing the declared sustainability information
and the declared sustainability information is capable of:
a) consistent measurement (quantitative information) or evaluation (qualitative information) against
applicable specified requirements and criteria, and has been subject to a relevance determination
process; and
b) can be subjected to verification activities for obtaining sufficient appropriate evidence.
4.3 Suitability of specified requirements and criteria

4.3.1 The verification body shall assess whether the specified requirements and criteria proposed by
the responsible party is suitable for the engagement, including whether the sustainability information
matters are capable of consistent measurement (quantitative information) or evaluation (qualitative
information).
NOTE Specified requirements and criteria in established programmes (such as regulatory or voluntary reporting
programmes, applicable ISO or other assurance standards) are considered to satisfy this clause.
4.3.2 In performing this assessment, the verification body shall:

a) evaluate whether there are specified requirements and criteria applicable to all the sustainability
information expected to be declared by the responsible party;
b) identify and confirm the sources of the specified requirements and criteria;
c) evaluate whether the specified requirements and criteria exhibit the following characteristics:
i. relevance;

ISO 14019-2:2024(E)
ii. completeness;
iii. reliability;
iv. neutrality; and
v. understandability.
4.3.3 Specified requirements and criteria shall be available to intended users and as applicable, to
interested parties.
4.3.4 If the expected outcome of the engagement is an assurance statement, the verification body shall
assess whether it expects to be able to obtain the evidence needed to support its conclusions.
4.4 Relevance determination process and rational purpose

4.4.1 Unless otherwise specified in the verification programme, the verification body shall:
a) review the relevance determination process that the responsible party has undertaken to identify:
i. its most relevant sustainability matters, including scope and boundary conditions and any
consultation with interested parties;
ii. the intended users and types of decision that the intended users will make for specific
purposes based on the declared sustainability information;
iii. the metrics, units of measurement and changes in sustainability performance that are
included in the declared sustainability information; and
iv. the likely effects of the declared sustainability information on sustainability outcomes and any
affected parties.
b) challenge the client on the declared sustainability information to ensure that it covers the most
relevant sustainability matters and includes meaningful metrics, units of measurement and changes
in sustainability performance;
c) confirm the declared sustainability information that will be used in the verification; and
d) identify any limitations or omissions with regard to relevant sustainability matters, and explicitly
state those inherent limitations or omissions in any assurance statement.
NOTE 1 The intent of this subclause is to establish a “relevance determination process test” early on in the
verification process and allow for the verification body to challenge the client’s declared sustainability information
so that it includes relevant sustainability matters and meaningful metrics, units of measurement and performance
information. By doing this it is expected verification activities will avoid focusing on peripheral or unimportant
sustainability matters, metrics etc. and avoid verifying declared sustainability information that has little or no actual
value in terms of sustainability outcomes (e.g. to avoid “green-washing“ or misleading claims or declarations).
NOTE 2 The “relevance determination process test” in this subclause is not to be confused with the separate
consideration of materiality (see 4.10). The separate assessment of materiality is in relation to the confirmed
declared sustainability information after the “relevancy test” has been completed.
4.4.2 The verification body shall decide whether the proposed engagement exhibits a rational purpose.
In making this decision the verification body shall confirm:
a) it is able to obtain a meaningful level of assurance in the case of a limited assurance engagement;
b) the results of the verification will be useful and not misleading to intended users;
c) the scope of the verification is appropriate; and
d) when the scope of the verification excludes part of the sustainability information, how this exclusion
is to be communicated to intended users and included in any assurance statement.

ISO 14019-2:2024(E)
4.5 Common understanding

The verification body shall ensure the existence of an agreement with the client concerning the terms of
the engagement including the possible outcomes of any assurance engagement. If the requirements of 4.1
– 4.4 are not met, the verification body shall not accept the engagement as an assurance engagement,
unless required by law or regulation to do so.
4.6 Conditions not met after acceptance of the engagement

4.6.1 If it is discovered after the engagement has been accepted that one or more conditions for an
assurance engagement is not present, the verifier shall discuss the matter with the appropriate party(ies)
and determine whether the matter can be resolved to the verification body’s satisfaction.
4.6.2 If the matter cannot be resolved to the verification body’s satisfaction, the verification body shall:
a) withdraw from the engagement if that is possible under applicable law or regulation; or
b) if withdrawal is not possible under applicable law or regulation, continue with the engagement and
express a qualified or adverse conclusion, or disclaimer of conclusion, as appropriate in the
circumstances.
4.7 Objectives
4.7.1 The verifier and client shall agree on the verification objectives at the beginning of the verification
engagement taking into account:
a) the verification programme;
b) intended users;
c) relevant interested parties; and
d) the type of deliverable.
4.7.2 Where the verification will result in an assurance statement, the verification objectives shall
include reaching a decision about the fair presentation of the declared sustainability information and its
conformity to the specified requirements and criteria.
4.8 Type of deliverable

The verification body and the client shall agree on the type of deliverable (see ISO 14019-1) that is
intended to result from the engagement.
NOTE 1 Types of deliverables are:
a) assurance statements;
b) non assurance results such as:
i. reports of factual findings; and
ii. findings reports.
NOTE 2 A single engagement can include more than one type of deliverable.
4.9 Specification of scope, requirements, and criteria

4.9.1 The verification body and client shall agree on relevant information to be included in the declared
sustainability information.
4.9.2 The verification body shall apply verification programmes (see ISO 14019-1) that address at least
the following:

ISO 14019-2:2024(E)
a) description of the sustainability information to be verified (e.g. reporting and disclosure, subject
matter and its context, qualitative or quantitative information, and, if applicable, responsible party’s
relevance determination process and its outcome);
b) the applicable subject matter criteria including the responsible party’s relevance determination
process for selecting the declared sustainability information; and
c) requirements and methodology for verification.
4.10 Materiality
The verification body and client shall agree on materiality for the declared sustainability information
(both quantitative and qualitative information).
NOTE 1 Materiality relates to possibility of misstatements, errors etc. in the sustainability information (quantitative
and/or qualitative) that is presented in the declared sustainability information. Such declared sustainability
information can include performance metrics, comparisons, graphs, relevance screening, value chain information,
product and or service information.
NOTE 2 Professional judgment about materiality is based on the verifier’s perception of the common information
needs of intended user(s) and their purpose, as an individual or group (as applicable) and relate to surrounding
circumstances.
NOTE 3 Professional judgements related to materiality is not influenced by the agreed level of assurance. As an
example, for the same intended user(s) and their purpose, materiality for a reasonable assurance engagement is the
same as for a limited assurance engagement because materiality is based on the information needs of intended
user(s).
NOTE 4 Materiality relates to the subject matter covered by the declared sustainability information.
NOTE 5 An engagement may include the evaluation of the responsible party’s determination of the relevance of its
sustainability information and hence what the responsible party will declare.
NOTE 6 See 6.4 for requirements on the process of assessing materiality.
4.11 Level of assurance

4.11.1 The verification body and the client shall agree on the level of assurance to be applied, if applicable
and not specified by the verification programme. On determining the level of assurance, the verification
body shall check whether the client has taken into consideration the needs of the intended user(s) and
their purpose.
NOTE The level of assurance is specified prior to the start of the verification because the level of assurance
establishes the nature, extent, and timing (i.e. the design) of the evidence-gathering activities.
4.11.2 The verifier shall assess the appropriateness of the level of assurance.
4.11.3 The verifier shall not change the level of assurance during the verification but may terminate the
engagement and start a new engagement with a different level of assurance.
NOTE Annex B provides further information on level of assurance.
4.12 Inherent limitations

4.12.1 General
4.12.1.1 Where inherent limitations are known to exist prior to accepting an engagement (see 5.2),
the verification body shall determine whether the conditions (see clause 4) for a verification are met. In
particular, the verification body shall assess whether the declared sustainability information exhibits the
characteristics of access to evidence.

ISO 14019-2:2024(E)
4.12.1.2 If a further limitation is imposed by the client/responsible party after an assurance

engagement has been accepted, the verification body shall consider whether to withdraw from the
engagement, where withdrawal is possible under applicable law or regulation.
4.12.1.3 The verifier shall communicate in the assurance statement any limitations discovered
during the planning or execution stages.
4.12.2 Evaluating consequences of inherent limitation
4.12.2.1 The verifier shall evaluate the proposed scope, specified requirements and criteria, level
of assurance, access to relevant material on the quantitative and qualitative information in the declared
sustainability information to determine if there are limitations imposed by the responsible party on the
engagement.
4.12.2.2 In case of such limitations the verifier shall consider whether they will result in the verifier
disclaiming a conclusion on the declared sustainability information; if so, the verifier shall not accept the
engagement as an assurance engagement.
4.12.2.3 The verifier shall document its evaluation of any potential limitations and the outcome of
the evaluation.
NOTE The evaluation of limitations would normally occur as part of risk assessment (see 6.3) and assessment of
materiality (see 6.4).
5 Engagement
The verification body shall have an agreement with each client for the provision of verification activities
that includes:
a) identification of:
i. the declared sustainability information;
ii. the applicable specified requirements and criteria, including the relevance determination
process for selecting the declared sustainability information; and
iii. requirements and methodology for validation/verification.
b) the scope of verification (see 5.1.4);
c) the relevant requirements for the verification body providing the verification (i.e. resources and
structure for competence, impartiality and consistent operation);
d) a statement from the responsible party that confirms that they are responsible for its declared
sustainability information and for conformity with the agreed specified requirements and criteria;
and
e) provisions for managing any changes to the agreement or ending the agreement.
6 Planning
6.1 Verification team selection
The verification body shall select a team that has the necessary skills and competences to undertake the
verification.
NOTE See ISO 14019-1 and ISO 14019-4 Annex A.

ISO 14019-2:2024(E)
6.2 Strategic analysis

6.2.1 General
The verifier shall perform and document a strategic analysis to inform the risk assessment (see 6.3).
6.2.2 Context for the strategic analysis
The context of the strategic analysis shall be the following:
a) the declared sustainability information, and its associated subject matters and context including
issues such as its language and form;
b) the agreement (see Clause 5) related to:
ii. the specified requirements and criteria including the relevance determination process; and
iii. the specified requirements and criteria for verification;
c) information about issues of concern to intended users; and
d) the verifier’s own research related to the responsible party’s public commitments and communication
related to sustainability (this includes information outside the scope of the declared sustainability
information).
6.2.3 Strategic analysis approach
6.2.3.1 The process for carrying out the strategic analysis shall include the following:
a) agreed subject matter and its context;
b) matters agreed in the pre-engagement such as level of assurance, materiality, type of deliverables,
consideration of the outcome of previous verifications;
c) evaluation of the responsible party’s public commitments and communication related to
sustainability (this includes information outside the scope of the declared sustainability
information, including the nature of the parties in the value chain, systems thinking and life cycle
approach;
d) responsible party’s business model and operations as they related to the declared sustainability
information;
e) statement from the responsible party that the declared sustainability information is correct and true;
f) matters related to the declared sustainability information, including:
i. likely accuracy and completeness of the sustainability information, including data integrity;
ii. the time boundary for data;
iii. sustainability indicators and their contribution to the overall information;
iv. changes in sustainability information from prior period;
v. appropriateness of quantification and reporting methods, and any changes;
vi. appropriateness of process for determining qualitative information and links to associated
declared sustainability information, and any changes.
g) responsible party’s internal control system, its scope and approach to ensure no material
misstatements in quantitative and qualitative information linked to the declared sustainability
information; and
h) other considerations including:
i. governance:

ISO 14019-2:2024(E)
1. of the qualitative and quantitative information as well as the underlying information (e.g.
corruption, fraud, hacking);
2. of any digital storage, control, software management etc. that is used to generate the
information as applicable;
3. of internal activities to prevent prevalence of fraud and illegal activity associated with the
subject matter(s);
4. of information its management, storage, and retrieval; and
ii. any other issue that may come up related to the declared sustainability information.
6.2.3.2 The process for carrying out the strategic analysis shall include the following:
a) life cycle thinking related to the nature and extent of the declared sustainability information and
verification activities; and
b) consideration of:
i. what if scenarios; and
ii. whether individual team member’s competences:
1) contribute to the overall competence requirement; and
2) how they should be deployed to carry out the verification and deliver the outcome as
agreed in the engagement (see 5.2).
6.2.4 Output from and review of strategic analysis
6.2.4.1 The verifier shall ensure the output of the strategic analysis inputs to the risk assessment (see
6.3), evidence gathering activities (see 6.5) the verification plan (see 6.5.8) and evidence gathering plan
(see 6.5.9).
6.2.4.2 The strategic analysis shall be documented in sufficient detail to allow it to be reproduced,
including the inputs, outputs, links between the strategic analysis, the risk assessment, the assessment of
materiality, the evidence gathering plan and the verification plan.
6.2.4.3 The verifier shall review the strategic analysis, and revise the outcome as findings or issues
encountered during the verification process arise.
6.3 Risk assessment

6.3.1 General
6.3.1.1 A risk assessment shall be carried out that includes risks:
a) associated with the subject matter covered by the declared sustainability information (inherent risk);
b) that responsible party’s internal management control does not prevent, or detect and correct errors,
omissions, misstatements, fraud in the sustainability information that supports the declared
sustainability information (control risks). This includes the responsible party having conducted its
own risk assessment of errors, omissions or fraud occurring and mitigated such risks;
c) that the verification methodology, verification plan, evidence gathering plan and the team
competences does not detect a materiality issue as defined in the engagement (detection risk);
d) of a material misstatement, or nonconformity with the verification programme requirements (see ISO
14019-1); and
e) of a misstatement.
6.3.1.2 The verifier’s assessment of the risks described in 6.3.1.1 a) – e) above shall determine the
planned nature and extent of evidence-gathering activities.
NOTE 1 Not all the above may be relevant to every verification.

ISO 14019-2:2024(E)
NOTE 2 In this context risks are a matter of professional judgment not of quantitative risk assessment.
NOTE 3 Risk assessment excludes the verification body business risks associated with the verification.
6.3.2 Context for risk assessment

The context of the risk assessment shall be the following:
a) objectives of the verification and the agreement in the engagement related to:
ii. the applicable specified requirements and criteria including the relevance process for
selecting the declared sustainability information; and
iii. requirements and methodology for verification including the level of assurance to be achieved
and the corresponding evidence-gathering used in the verification process.
b) relevant legal and regulatory issues;
c) the operating environment of the responsible party and its internal control system;
d) perception of intended users(s) taking in to account their purpose/decisions related to the declared
sustainability information;
e) responsible party’s governance processes, risk control and opportunities for improvement processes;
f) possibility for misleading declared sustainability information;
g) results of the assessment of materiality;
h) written confirmation from the responsible party that the declared sustainability information is
correct and true; and
i) principles in ISO 14019-1, related to the information and the declared sustainability information;
j) output of strategic analysis.
6.3.3 Process for risk assessment
The risk assessment shall be framed by the input to, and output from, the strategic analysis (see 5.3.4)
and the following:
a) likelihood of:
i. design criteria for software, machine learning, remote methods such as drones includes errors
or omission or limitation that may impact the quantitative or qualitative information
supporting the declared sustainability information or being used in the declared sustainability
information;
ii. intentional misstatements;
iii. omission of a potentially significant information.
b) outcome of the verifier’s internal research – see strategic analysis;
c) whether there is any significant sustainability information that are outside the normal course of
business for the responsible party or that otherwise appear to be unusual;
d) nature and complexity of the operations of responsible party or the declared sustainability
information to be verified;
e) likelihood that non-compliance with applicable laws and regulations can have a direct effect on the
content of the declared sustainability information. Including any significant economic or regulatory
changes that might impact the reporting and disclosure of sustainability information;
f) declared sustainability information related matters such as:

ISO 14019-2:2024(E)
i. selection, quality and sources of information (quantitative and qualitative);

ii. level of detail provided in pre-engagement materials;
iii. nature and complexity of quantification methods;
iv. degree of subjectivity in the identification of qualitative information and in the weighing of
indicators;
v. significant estimates and the quantitative and/or qualitative information on which they are
based;
vi. characteristics of the information control system and the apparent effectiveness of the control
system in identifying and preventing errors or omissions;
vii. experience, skills, and training of responsible party personnel involved in the generation,
determination, collection, collation of the quantitative and qualitative information.
g) changes in declared sustainability information from prior verifications.
6.3.4 Output from and review of the risk assessment
6.3.4.1 The verifier shall ensure the output from the risk assessment is used as an input into the:
a) evidence gathering planning; and
b) verification planning.
6.3.4.2 The risk assessment shall be documented in sufficient detail to allow it to be reproduced. The link
between the outcome of the risk assessment and the evidence gathering plan and the verification plan
shall be clear in the documentation.
6.3.4.3 The verifier shall review the risk assessment, and the revise the outcome as findings or issues
encountered during the verification process arise.
6.4 Assessment of materiality

6.4.1 Process for assessing materiality
6.4.1.1 The verifier shall assess materiality at various stages during the verification, including:
a) planning, while determining the nature, timing, and extent of verification activities;
b) performing the verification, when evaluating whether the declared sustainability information is free
from misstatement and conforms to the verification programme as set out in the engagement;
c) determining at the end of the engagement, whether the declared sustainability information is free
from material misstatements.
6.4.1.2 The verifier’s process for assessing materiality shall include:
a) the applicable subject matter criteria including the client’s/responsible party’s relevance process (see
4.3) for selecting the declared sustainability information;
b) the objectives of the verification and the needs of intended users for their purposes;
c) the disclosed sustainability information that is being verified;
d) agreed materiality;
e) outputs from strategic analysis (see 5.3.4);
f) outputs from risk assessment (see 5.3.5); and
g) the responsible party’s control system related to declared sustainability information.
6.4.1.3 Assessing materiality shall consider the possibility that:

ISO 14019-2:2024(E)
a) any parameter included in the declared sustainability information will generate a material
misstatement, even if a control system is implemented;
b) any qualitative information that will misrepresent a factual situation related to the statement of
quantitative information, even if a control system is implemented.
6.4.2 Output of assessing materiality
6.4.2.1 The verifier shall ensure that assessing materiality includes:
a) at the planning stage:
i. critical quantitative information and supporting information that needs evaluating, the types
and detail of evidence gathering, and the output expected from such evaluation;
ii. critical qualitative information statements and the supporting information that needs
evaluation, the types and details of evidence gathering, and the output expected from such
evaluation;
b) during the execution:
i. evaluation of the critical quantitative information sets, and supporting information, and the
types and detail of evidence gathered to ensure nothing has emerged that necessitates
changes to the evidence gathering plan;
ii. valuation of the critical qualitative information statements and the supporting information
and the types and detail of evidence gathered to ensure nothing has emerged that necessitates
changes to the evidence gathering plan;
c) at the end of the verification:
i. evaluation of critical quantitative information sets and supporting information;
ii. evaluation of critical qualitative information statements and supporting information; and
iii. any adjustment to the evidence gathering plan.
6.4.2.2 The inputs and outputs and links between the risk assessment, the assessment of materiality, the
evidence gathering plan and verification plan shall be clearly documented.
6.4.2.3 The verifier shall evaluate the assessment of materiality and revise it, as necessary, to take into
account any changes in risks and materiality that may have occurred over the course of the verification.
6.5 Evidence gathering activities

6.5.1 General
The verifier shall design evidence-gathering activities to assess the declared sustainability information
based on inputs from the strategic analysis, risk assessment and the assessment of materiality.
6.5.2 Designing evidence gathering activities
6.5.2.1 The evidence-gathering activities shall be designed to collect sufficient and appropriate evidence
upon which the decision can be based.
6.5.2.2 The verifier shall obtain more persuasive evidence the higher the risk of misstatement
(quantitative information) and/or misrepresentation (qualitative information).
6.5.2.3 The verifier shall consider inherent risk and detection risk in designing the evidence-gathering
activities.
6.5.2.4 The verifier shall consider the inherent risks associated with data management including data
smoothing, exclusion, use of outside or modelled data, etc.
NOTE Annex C has further information about inherent risk and Annex D about uncertainty.

ISO 14019-2:2024(E)
6.5.2.5 Irrespective of the risks identified, the verifier shall, as determined by the strategic analysis, risk
assessment and assessment of materiality, design and perform evidence gathering activities and process
for elements of the quantitative declared sustainability information.
6.5.2.6 Irrespective of the risk identified, the verifier shall, as determined by the strategic analysis, risk
assessment and assessment of materiality, design and evaluate the selection, determination, collection,
editing, control processes associated with the qualitative information as well as use of professional
judgement to review the overall qualitative information in the declared sustainability information to
ensure it is fair and truthful and can be relied on by intended users.
6.5.2.7 The verifier shall develop evidence-gathering activities that determine whether the declared
sustainability information conforms to specified requirements and criteria including the relevance
determination process as agreed in the engagement.
6.5.2.8 In cases where the scope of the verification includes the responsible party’s relevance
determination process and its outcome, the evidence gathering shall determine whether:
a) responsible party’s relevance determination process and its outcome are complete;
b) the boundaries of the responsible party’s relevance determination process are consistent with the
declared sustainability information;
c) the outcome from the responsible party’s relevance determination process:
i. is consistent with the declared sustainability information;
ii. fairly reflect what external stakeholders expect to be disclosed in the declared sustainability
information;
iii. include quantitative information which is complete, plausible or truthful; and
iv. include qualitative information which is fair, plausible or truthful.
6.5.2.9 In case of reasonable assurance, the evidence-gathering activities shall be designed to determine
the required quantitative and/or qualitative information trails.
6.5.3 Use of the responsible party’s information system and control
6.5.3.1 The verifier shall determine the extent to which reliance on the responsible party’s information
system and controls will be made depending on the results of the risk assessment and the level of
assurance agreed in the engagement.
6.5.3.2 The verifier shall consider the responsible party’s information system and controls that relate to
the quantitative information and qualitative information as applicable to the declared sustainability
information.
6.5.3.3 Depending on the level of assurance, the verifier shall ensure the evidence-gathering activities
assess the design and effectiveness of the responsible party’s information system and controls, including:
a) the selection and management of the sustainability information related to the declared sustainability
information;
b) the processes for collecting, processing, consolidating and reporting sustainability information
related to the declared sustainability information;
c) the systems and processes that ensure the validity and accuracy of the sustainability information
related to the declared sustainability information;
d) the design and maintenance of the information system and controls;
e) systems, processes, and personnel that support the information system and its control, including
activities for ensuring information quality; and
f) the results of previous verifications, if available and appropriate.

ISO 14019-2:2024(E)
6.5.4 Evidence gathering for quantitative information

The verifier shall design evidence-gathering activities that relate to the quantitative information
aggregation process, including reconciling the quantitative information in the declared sustainability
information to be verified and examining material adjustments made during the course of reporting or
disclosure of the declared sustainability information.
6.5.5 Evidence gathering for qualitative information
The verifier shall design evidence-gathering activities that relate to the qualitative information
considering:
a) degree of subjectivity in the identification of qualitative information and in the weighing of indicators;
b) any significant estimates and the qualitative information on which they are based;
c) misrepresentation of the factual situation related to the declared sustainability information of
qualitative information used in the declared sustainability information; and
d) qualitative information statements and the supporting information that needs evaluating, the types
and details of evidence gathering, and the output expected from such evaluation.
NOTE See Annex E for more information on the verification approach for qualitative information.
6.5.6 Evidence-gathering techniques

6.5.6.1 Verifiers shall use one or more of the following evidence-gathering activities and techniques in
the verification.
NOTE 1 Evidence-gathering is about selecting what to; how much, what type; what cross checks and what is deemed
as positive outcome whether it is quantitative or qualitative information.
NOTE 2 There are some evidence-gathering techniques that apply only to quantitative information and some only
apply to qualitative information.
Table 1 — Evidence-gathering
Technique Quantitative Qualitative

information information
Observation Yes No
Inquiry Yes Yes
Analytical testing Yes No
Confirmation Yes Yes
Recalculation Yes No
Examination Yes Yes
Tracing Yes No
Retracing Yes No
Control Testing Yes No
Sampling Yes Yes

ISO 14019-2:2024(E)
Technique Quantitative Qualitative

information information
Estimate Testing Yes No
Cross-Checking Yes No
Reconciliation Yes Yes
Interviewing and personal interaction Yes Yes
Evaluating and interpretation of the “Black Yes No

Boxes”
External research Yes Yes
Consultation with intended users and No Yes

interested parties
Proof reading to ensure use of language/ No Yes

terms / adjectives are consistent, fair, and
truthful
NOTE 3 Verifiers may use digital and remote technology to execute the activities and techniques described above.
NOTE 4 Annex A provides informative guidance on sampling.
6.5.6.2 Selection of the techniques shall be appropriate to the:

a) subject matter;
b) intended deliverable;
c) level of assurance;
d) declared sustainability information and its quantitative and qualitative information including if
relevant the responsible party’s relevance determination process.
6.5.6.3 Verifiers who use generative artificial intelligence as part of evidence-gathering shall record the
source of the information and the date of its access in their working papers.
6.5.7 Process for evidence gathering
The verifier shall ensure that review of evidence gathering activities occur at various stages, including:
a) Planning, including the detail of the evidence gathering activities;
b) execution of the verification plan and evidence-gathering plan;
c) revising the verification plan and evidence gathering plan, when the discovery of new circumstances
warrant revising them;
d) at the end of the engagement, to determine whether evidence-gathering activities have produced
sufficient appropriate evidence to support conclusions on the responsible party’s declared
sustainability information to be plausible (validation) or truthful (verification).
6.5.8 Verification plan
6.5.8.1 The verifier shall develop a verification plan that describes verification activities and schedules.
The verification plan shall be revised as necessary during the verification.

ISO 14019-2:2024(E)
NOTE The verification plan is based on the output from strategic analysis, risk assessment, and assessing
materiality.
6.5.8.2 The verification plan shall address the following:

a) the scope and objectives;
b) identification of the verification team and their roles on the team;
c) the contact information of the client and the responsible party;
d) the schedule, location and format of verification activities;
e) the level of assurance;
f) the verification programme (see ISO 14019-1, Clause 8) specified requirements and criteria as set out
in the engagement;
g) the materiality;
h) the schedule for interactions (e.g., site visits).
6.5.8.3 The verifier shall communicate the verification plan to the client and ensure that the responsible
party/relevant client’s personnel are notified prior to the beginning of any interaction.
6.5.9 Evidence-gathering plan
The verifier shall establish the evidence-gathering plan based on the results of the verifier’s strategic
analysis and the risk assessment and ensure that the evidence-gathering plan:
a) is designed to lower the verification risk to an acceptable level;
b) specifies the type and extent of evidence-gathering activities; and
c) is not communicated to the responsible party or client.
6.5.10 Approval of verification plan and evidence gathering plan
6.5.10.1 The verification team leader shall review and approve the verification plan and the
evidence-gathering plan.
6.5.10.2 The verification team leader shall review and approve amendments to the verification
plan and the evidence-gathering plan in the following circumstances:
a) change in scope or timing of verification activities;
b) change in evidence-gathering processes;
c) change in locations and sources of information for evidence-gathering;
d) at the identification, during the verification process, of new risks or concerns that could lead to
material misstatements or nonconformities.
6.6 Scope limitations

6.6.1.1 The verification body shall define scope limitations due to situations that can have an impact on
the verification.
NOTE 1 Situations that can result in scope limitations include:
a) need to change the evidence gathering plan to gather additional or different evidence, or even necessitate
starting a new and different engagement;
b) inability to access appropriate evidence, examples include documentation considered necessary for evidence
gathering plan may have been accidentally destroyed;

ISO 14019-2:2024(E)
c) nature or timing of the verifier’s work, (e.g., a physical process that the evidence gathering plan considers
necessary to observe, may have occurred before the engagement);
d) restrictions imposed by the client/responsible party on the verifier which may prevent the verifier from
performing the evidence gathering step, that the evidence gathering plan considers to be necessary;
e) lack of sufficient evidence to conclude that there are no material misstatements.
NOTE 2 An inability to perform evidence gathering step does not constitute a scope limitation if the verifier is able
to obtain sufficient appropriate evidence by performing alternative evidence gathering steps.
6.6.1.2 The consequences of any scope limitations shall be clearly communicated in the assurance
statement.
6.6.1.3 The verifier shall evaluate the consequences of any scope limitations encountered during the
engagement and their impact on the evidence gathering plan, the verification plan, and the assessment of
materiality.
6.6.1.4 If the verifier is unable to obtain sufficient appropriate evidence, a scope limitation exists. In such
case the verifier shall:
a) express a qualified conclusion; or
b) disclaim a conclusion; or
c) withdraw from the engagement, where withdrawal is possible under applicable law or regulation, as
appropriate.
7 Execution
7.1 General
7.1.1 The verifier shall conduct the verification according to the verification plan and conduct the
evidence-gathering activities according to the evidence-gathering plan.
7.1.2 Whenever the responsible party makes changes to the declared sustainability information
because of requests for clarification, misstatements or nonconformities, the verifier shall assess these
changes.
7.1.3 Verifiers shall review and update the following during execution:
a) strategic analysis;
b) risk assessment;
c) assessment of the relevance determination process;
d) assessment of materiality.
7.2 Communication
7.2.1 The verifier, as soon as practicable, shall communicate to the client:
a) requests for clarification;
b) material misstatements; and
c) nonconformities.
7.2.2 If there is a material adjustment to be made to the declared sustainability information, the verifier
shall communicate the need for the adjustment to the responsible party or client.
7.2.3 If, in the verifier’s judgement, the responsible party does not respond appropriately within a
reasonable period or if information is not available, the verifier shall issue either:

ISO 14019-2:2024(E)
a) a modified assurance statement; or

b) an adverse assurance statement; or
c) the disclaiming of an assurance statement.
7.2.4 The verifier should communicate non-material misstatements to the client or responsible party.
7.3 Insufficient Information

7.3.1 If the verifier determines that there is insufficient information to support the declared
sustainability information, the verifier shall request additional information.
7.3.2 The verifier shall not proceed with the verification and shall not issue an assurance statement:
a) if sufficient information cannot be obtained; or
b) if information necessary for the verifier to form a conclusion is missing, and there is no other way of
verifying the missing information.
7.4 Intentional misstatement or noncompliance

If a matter comes to the verifier’s attention that causes the verifier to believe in the existence of intentional
misstatement or noncompliance with laws and regulations, by the client or responsible party, the verifier
shall communicate the matter to the appropriate parties as soon as practicable.
7.5 Determination of evidence

7.5.1 The verifier shall determine any changes in risks, evidence gathering activities and materiality
that may have occurred over the course of the verification. The verifier shall determine whether any high-
level evidence gathering processes applied remain representative and appropriate.
7.5.2 The verifier shall determine and document material misstatements.
7.5.3 The verifier shall determine any nonconformity with the engagement, agreed verification
programme, specified requirements and criteria.
7.5.4 Where the verifier identifies a misstatement or nonconformity during evidence gathering, it
should request the responsible party to identify and explain the root cause(s) of that misstatement or
nonconformity.
7.5.5 Based on the outcome of that assessment, the verifier should determine whether additional
verification activities are needed, and whether evidence gathering needs to be increased.
7.5.6 The verifier shall determine, if applicable, whether any changes from prior periods that make the
periods incomparable have been disclosed appropriately by the client. If so, the verifier shall include a
statement to that effect in the assurance statement.
8 Review
8.1 The independent reviewer shall review whether the evidence collected is sufficient and appropriate
to reach a conclusion about the fair statement of the declared sustainability information and its
conformity to the specified requirements and criteria.
8.2 If the independent reviewer determines that there is insufficient or inappropriate evidence, the
independent reviewer shall require the verifier to:
a) develop additional evidence-gathering activities; or
b) In the case where sufficient appropriate evidence cannot be gathered, to:
i issue a modified assurance statement; or
ii issue an adverse assurance statement opinion; or

ISO 14019-2:2024(E)
iii disclaim the issuance of an assurance statement.
9 Decision
The verification body shall reach a decision based on the evidence gathered and the results of the
independent review, and decide whether to issue:
a) an assurance statement;
b) a report of factual findings;
c) an evidence report; or
d) findings report.
10 Assurance statement
10.1 General
The assurance statement shall state the limitations and omissions of any significant sustainability matters
that were identified in setting the objectives of the verification (see 5.1.2).
10.2 Unmodified assurance statement

In order to issue an unmodified assurance statement, the verifier shall ensure that:
a) there is sufficient and appropriate evidence to support the declared sustainability information;
b) the specified requirements and criteria are applied appropriately for the declared sustainability
information;
c) the effectiveness of internal controls has been determined when the verifier intends to rely on those
internal controls.
10.3 Modified assurance statement

10.3.1 In order to issue a modified assurance statement, the verifier shall ensure that there is no material
misstatement beyond the following cases where the material misstatements are:
a) confined to specific elements, classifications or line items of the declared sustainability information;
b) even if confined, not representative of a substantial portion of the declared sustainability information;
and
c) not fundamental to the intended user’s understanding of the declared sustainability information.
10.3.2 Modifications may be made for any of the following reasons:
some, or all aspects of the declared sustainability information do not conform to the agreed subject matter
criteria;
the declared sustainability information is affected by a departure from the requirements specified by the
applicable programme;
a limitation of scope is required because sufficient appropriate evidence is not available to form an
opinion as to whether the declared sustainability statement is presented fairly in accordance with
requirements of the verification programme.
10.3.3 When there is a divergence from the engagement agreed programme specified requirements or
criteria, or a scope limitation, the verifier shall decide what type of modification to the assurance
statement is appropriate. For this decision, in addition to materiality, the verifier shall consider:
a) the degree to which the matter impairs the usefulness of the verified declared sustainability
information;

ISO 14019-2:2024(E)
b) the extent to which the effects of the matter on the verified declared sustainability information
can be determined;
c) whether the verified declared sustainability information is, or could be understood to be,
misleading even when read in conjunction with the verifier’s assurance statement.
10.3.4 A modified assurance statement, when read in conjunction with the verified declared
sustainability information, usually will serve adequately to inform the intended users of any deficiencies,
or possible deficiencies, in the verified declared sustainability information.
10.3.5 In the case of modified assurance statement, the material misstatement shall be:
a) confined to specific elements, classifications, or line items of the verified declared sustainability
information; or
b) even if confined, not representative of a substantial portion of the verified declared sustainability
information; or
c) not fundamental to the intended user’s understanding of the verified declared sustainability
information.
10.4 Adverse assurance statement

10.4.1 In order to issue an adverse assurance statement, the verifier shall conclude that:
a) there is insufficient or inappropriate evidence to support an unmodified or modified assurance
statement; or
b) specified requirements and criteria are not appropriately applied for material declared sustainability
indicators; or
c) the effectiveness of controls cannot be determined when the verifier intends to rely on those controls.
10.4.2 If the client does not correct any material misstatement or nonconformity in an agreed period of
time, the verifier shall take this into consideration when reaching its decision.
10.5 Disclaiming the issuance of an assurance statement

In order to disclaim the issuance of an assurance statement, the verifier shall ensure that he/she has been
unable to obtain sufficient appropriate evidence and can conclude that the possible effects on the verified
declared sustainability information of undetected material misstatements are material and pervasive.
11 Facts discovered after issue of the verification statement

11.1 If new facts or information that could materially affect the assurance statement are discovered
after the issue date, the verifier shall:
a) communicate the matter as soon as practicable to the client and, if required, the programme owner;
b) take appropriate action, including the following:
i. discuss the matter with the client;
ii. consider if the assurance statement requires revision or withdrawal.
11.2 If the assurance statement requires revision, the verifier shall implement processes to issue a new
assurance statement including specification of the reasons for the revision. These can include repeating
relevant steps of the verification process.
11.3 The verifier may also communicate to intended users and other interested parties the fact that
reliance of the original assurance statement can now be compromised given the new facts or information.

ISO 14019-2:2024(E)
12 Records
The verification body shall maintain at least the following records:
a) engagement terms;
b) strategic analysis;
c) risk assessment;
d) assessment of materiality;
e) evidence gathering activities;
f) verification plan;
g) evidence-gathering plan;
h) who performed the evidence-gathering activities and when they were performed;
i) output from the evidence gathering activities and the collected evidence;
j) requests for clarification, material misstatements and nonconformities arising from the verification
and the decision reached;
k) communication with the responsible party on material misstatements;
l) the decisions reached and the assurance statement issued by the verifier;
m) the name of the independent reviewer, the date of review, and the comments of the independent
reviewer;
n) records related to facts discovered after issue are to be retained as documented information.
NOTE The records can include communication regarding status of the assurance statement, additional facts,
analysis of impact on assurance statement, updated statement, and any records from repeated verification process
steps.

ISO 14019-2:2024(E)
Annex A
(informative)
Sampling
A.1 General
A.1.1 Sampling is the application of a processes where less than 100% of quantitative or qualitative data
that support a quantitative information or qualitative information where less than 100% is checked and
verified compared to all data and/or all control activities/all client/ responsible party processes that is
subject to verification.
A.1.2 Depending on the verifier’s analysis of the level of inherent and control risks, the verifier
determines whether sampling is justified, which samples it needs to take, what the sampling size and
selection approach should be, and which types of sampling methods or other checks should be
undertaken on each sample.
A.1.3 Note sampling is selecting what to; how much, what type; what cross checks and what is deemed
as positive outcome is whether it is quantitative or qualitative information.
A.1.4 There are some sampling methods that apply only to quantitative information and some only
apply to qualitative information.
A.1.5 The verifier must be sufficiently confident that the results are representative enabling it to draw
conclusions about the entire population from a sample.
A.2 Types of sampling
A.2.1 The verifier has the option to choose between statistical and non-statistical sampling using its
professional judgment. Professional judgment will also be used in the planning, performing, and
evaluating of sampling, and the sample evidence obtained in relation to other verification evidence.
A.2.2 The verifier uses its professional judgment to assess factors such as the characteristics of the data,
the control activities or the processes for control activities, and the risks in relation to these
characteristics to determine the appropriate sample size.
A.3 Non-statistical sampling
A.3.1 Any sampling procedure that does not permit the numerical measurement of the sampling risk is
a non-statistical sampling procedure, even if the verifier rigorously selects a random sample, instead
judgment is used to select the sample items.
A.3.2 For most verifications, the non-statistical approach will be appropriate, since for internal control
checks, addressing questions such as “are the proper internal control operationalised, implemented and
maintained”, are important. This also applies to the verifier's analysis of the nature and cause of errors as
well as its conclusion on the mere absence or presence of errors. The verifier can in this case choose a
fixed sample size of items to be tested as well as increase the sample size if errors are identified.
Professional judgment remains critical in determining the relevant factors to consider.
A.3.3 However, if a non-statistical approach is being used, the results of the sampling do not allow
extrapolation to the entire population.
A.4 Statistical sampling
A.4.1 With statistical sampling, sample items are selected in a way that each sampling unit has a known
probability of being selected. The verifier will use probability sampling and selection methods, i.e.
random, systematic or stratified sampling, to select the items to be reviewed during verification.
A.4.2 Probability sampling provides an objective method of determining the sample size and selecting
the items to be examined. A number of sampling techniques come into perspective that assists the verifier

ISO 14019-2:2024(E)
in its conclusion on the number of misstatements in the sample and the misstatements in the entire
population of data.
A.5 Sample selection
Apart from the distinction between statistical and non-statistical sampling, the verifier will also choose
between the following sampling approaches:
a) random selection;
b) systematic selection;
c) value-weighted selection;
d) haphazard selection;
e) block selection.

ISO 14019-2:2024(E)
Annex B
(informative)
Level of assurance, example
B.1 The level of assurance provided by the assurance engagement is a function of the objectives and scope
of the validation and/or verification activities, the assurance criteria, the resources available and the
process followed. It can be influenced by the time spent and the sampling regime that was used by the
assurance provider. Increasing levels of assurance allow intended user(s) of declared sustainability
information to place increased reliance on their contents. Reporting frameworks and standards define
the levels of assurance. Two commonly used levels are limited assurance and reasonable assurance.
B.2 A specific level of assurance should be determined to provide confidence to the intended user as to
the degree of reliance that can be placed on the declared sustainability information. In selecting an
appropriate level of assurance, the intended user and assurance provider should consider the
requirements of the intended user(s), the complexity of the assurance engagement, and the extent of the
reporting organization’s information systems and controls. Examples of factors that can influence the
appropriate level of assurance include the reporting criteria, the intended use(s) of the declared
sustainability information (e.g., legal, fiduciary or sustainability performance improvement), the
organizational context and associated sustainability impacts.
B.3 Assurance activities should proceed only when the assurance provider determines that sufficient and
appropriate information is available to support the level of assurance selected. If sufficient and
appropriate information is not available for the assurance provider to reach the level of assurance, the
assurance provider may need to modify the assurance engagement in order to fulfil the assurance
objectives.
B.4 The level of assurance may be expressed in quantitative or qualitative terms and based on the concept
of risk such as those developed by the accountancy profession, where the terms “limited” or “reasonable
assurance” are used. Other risk-based approaches used in assurance include:
a) applying increasingly rigorous methods where higher levels of assurance are to be achieved (e.g.,
more complex or sector specific checklists, more intensive sampling regimes);
b) adopting an approach where components of the declared sustainability information are assessed at
different assurance levels.
B.5 The required level of assurance will influence the nature, timing, and extent of the assurance
activities. With higher assurance levels, the amount of resources required to decide of the assurance level
increases.
B.6 Declared sustainability information intended to be used for regulatory purposes can require a higher
level of assurance than those used for internal performance management. Different levels of assurance
can be applied to different components within a specific instance of declared sustainability information.

ISO 14019-2:2024(E)
Annex C
(informative)
Inherent risk
C.1 Inherent risk analysis aims at determining where a mistake or a lack in the client’s declared
sustainability information will influence the intended user(s).
C.2 This analysis is built by several steps:
a) likelihood and consistency:
i. study of the activity and level of intrinsic risk: a nuclear company or a chemical company have
a level of environmental risk higher than an audit company;
ii. study of the client`s or responsible party reputation. The degree of risk is linked with the
actual ethics of the client or responsible party and their reputation. One of the ways to study
it is to review publicly available information including but not limited to product/service web
pages, past sustainability reports, board member information, public information such as
environmental status and permits, etc;
iii. eventually study of risks provisions in the client’s or responsible party’s financial reporting
(environmental provisions, social provisions, and provisions for declared sustainability
information of clients or responsible party); and
iv. when reading the draft of declared sustainability information of the client or responsible
party, what is written must fit and be complete with the activity and reputation.
b) inherent risk analysis itself:
i. from the strategic study of the client and the study of the business model, a synthetic
document can be done covering the main social governance and environmental items, for
example with questions for each item and a scoring for each answer. With such scoring the
areas and the items where exist risks will appear. This synthesis should be shared with the
client and eventually corrected;
ii. this analysis will be the base of what the verifier chooses to verify (the other items of the
client’s claim shall be covered by an analytic examen just for checking consistency); and
iii. it can be corrected during the audit if appears a knew risk or inversely if a risk looks under
complete control by the client.

ISO 14019-2:2024(E)
Annex D
(informative)
Uncertainty
D.1 Primary data collection has several advantages over secondary data collection. Primary data
collection allows for more accurate and reliable results because it's closer to the source. Secondary data
collections can be less accurate because they rely on third-party sources.
D.2 Uncertainty can have both a positive and a negative impact on a set of verification activities.
D.3 There are any number of sources of uncertainty in both data collection and in the decisions that are
documented related to the declared sustainability information.
D.4 This document has addressed uncertainty related to sampling error, measurement error, coverage
error and model error. Using an understanding of these different types of uncertainty can motivate data
collection and analysis with the goal of increased confidence in the decision. The use of primary data
collection is balanced with the cost, time, availability, and measurement requirements that are
experienced in obtaining reliable and relevant data. The competence of the auditor ensures that the
auditor balances uncertainty by using both primary and secondary data collection methods.
D.5 The use of remote methods has increased the auditors access to a wider variety of data (e.g., digital
twins, real time data, AI generative data, etc). This broader access can help the auditor ensure the context,
trends, and interested parties are appropriate to the sustainability information being evaluated.
D.6 It is the auditor’s responsibility to ensure that the mix of primary and secondar data collection and
the limits of the data, data quality, data bias, data time relevance, data smoothing, and other data
management characteristics are recorded and considered as a part of the uncertainty.

ISO 14019-2:2024(E)
Annex E
(Normative)
Verification approach for qualitative information
E.1 Subject to the level of assurance, the following shall be considered in the approach to verification of
qualitative declared sustainability information:
a) where qualitative information is based on quantitative information, the verification approach shall
include at least the following tests:
i. is the quantitative information fair, truthful – review as for verification of quantitative
information including internal controls?
ii. are the language/illustrations used in the qualitative information consistent with the
quantitative information i.e., no exaggeration; no language to imply better performance;
outcome consistent with the quantitative information?
iii. is the quantitative information supporting qualitative information statements in full/not
quite/not at all; any possibility the qualitative information could mislead interested parties?
b) if the qualitative information is not supported by quantitative information or is supported in part by
quantitative information, then:
i. is it supported by other qualitative information included in the declared sustainability
information (such as a stakeholder engagement process and the outcome from it, project
plans, strategies, relevance determination process etc.)? If yes, then the verification approach
shall include:
1) review of the responsible party’s processes for the development, selection, agreement and
risk evaluation related to the choice of qualitative information;
2) review of the internal control for the determination and development of the qualitative
information used;
3) review of the underlying organizational documents/records or other evidence that
supports the statements made in the qualitative information;
4) review of the sources for external quoted qualitative information, and carried out
independent research to establish that such sources are not biased, that the reference
used for such sources are a fair and truthful representation of the external source, and
that its use in the declared sustainability information is fair and truthful;
5) use of professional judgement to evaluate the overall qualitative information, language
(i.e., including words, illustrations, statements, quotes etc.), to ensure that the declared
sustainability information is truthful, fairly represents the reality, and can be relied on by
intended users.
ii. if the qualitative information is not supported by other qualitative information or external
sources included in the declared sustainability information, then such qualitative information
shall be excluded from the verification process and be recorded as an exclusion in the
assurance statement.
c) qualitative information within declared sustainability information is reviewed in holistic manner to
ensure that qualitative information is a truthful and fair presentation of the responsible party’s
condition in relation to the declared sustainability information, and that it can be relied on by
intended users.

ISO 14019-2:2024(E)
NOTE Verification approaches include an assessment of qualitative information selection, determination,

collection, editing, control processes as well as use of professional judgement to review the overall declared
qualitative information to ensure it is fair and truthful and can be relied on by intended parties.

ISO 14019-2:2024(E)
Bibliography
Drafting NOTE For this Committee Draft, the Bibliography of all parts is only included in ISO 14019-1.

CD ISO 14019-2 2024-01-29 v5 Clean

Uploaded by

Copyright:

Available Formats

CD ISO 14019-2 2024-01-29 v5 Clean

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CD ISO 14019-2 2024-01-29 v5 Clean

Uploaded by

Copyright:

Available Formats

ISO 14019-2:2024(E)

Validation and verification of sustainability information —

Validation et vérification des informations sur la durabilité —

© ISO 2024 – All rights reserved

© ISO 2024 – All rights reserved 1

2 © ISO 2024 – All rights reserved

© ISO 2024 – All rights reserved 3

4 © ISO 2024 – All rights reserved

© ISO 2024 – All rights reserved 5

6 © ISO 2024 – All rights reserved

Validation and verification of sustainability information —

3 Terms and definitions

© ISO 2024 – All rights reserved 7

e) materiality (see 4.10);

4.2 Required information

4.3 Suitability of specified requirements and criteria

4.3.2 In performing this assessment, the verification body shall:

8 © ISO 2024 – All rights reserved

4.4 Relevance determination process and rational purpose

© ISO 2024 – All rights reserved 9

4.5 Common understanding

4.6 Conditions not met after acceptance of the engagement

4.8 Type of deliverable

b) non assurance results such as:

i. reports of factual findings; and

ii. findings reports.

4.9 Specification of scope, requirements, and criteria

10 © ISO 2024 – All rights reserved

NOTE 6 See 6.4 for requirements on the process of assessing materiality.

4.11 Level of assurance

4.12 Inherent limitations

© ISO 2024 – All rights reserved 11

4.12.1.2 If a further limitation is imposed by the client/responsible party after an assurance

12 © ISO 2024 – All rights reserved

6.2 Strategic analysis

© ISO 2024 – All rights reserved 13

6.3 Risk assessment

14 © ISO 2024 – All rights reserved

6.3.2 Context for risk assessment

© ISO 2024 – All rights reserved 15

i. selection, quality and sources of information (quantitative and qualitative);

6.4 Assessment of materiality

16 © ISO 2024 – All rights reserved

6.5 Evidence gathering activities

© ISO 2024 – All rights reserved 17

18 © ISO 2024 – All rights reserved

6.5.4 Evidence gathering for quantitative information

6.5.6 Evidence-gathering techniques

Technique Quantitative Qualitative

Inquiry Yes Yes

Analytical testing Yes No

Confirmation Yes Yes

Examination Yes Yes

Control Testing Yes No

Sampling Yes Yes

© ISO 2024 – All rights reserved 19

Technique Quantitative Qualitative

Estimate Testing Yes No

Reconciliation Yes Yes