Third-party verification of Scope 3 emissions data is no longer theoretical. California SB 253 requires limited assurance for Scope 3 emissions beginning in 2030. CSRD requires limited assurance for all emissions including Scope 3 from the date of initial reporting. GRESB added GHG data assurance as a newly scored metric in 2025. The direction of travel is clear: the per-job carbon data restoration contractors deliver to commercial clients will eventually be subject to external verification — not as a direct requirement on the contractor, but because the client’s verifier will examine the quality and traceability of the supplier data the client used to build their Scope 3 inventory.
This guide explains what verifiers actually look for in Scope 3 contractor data, how the RCP framework satisfies those requirements by design, and what documentation you need to retain to be audit-ready when your clients’ verifiers come asking.
The Two Levels of Assurance and What They Mean for Contractor Data
Understanding assurance levels prevents confusion about what is actually being asked of you.
Limited assurance is a negative assurance — the verifier is confirming they found nothing that makes the report materially wrong. It involves reviewing methodologies, sampling data points, and checking for internal consistency. For Scope 3 data from restoration contractors, a limited assurance engagement will typically review: whether the methodology is documented and consistent with the GHG Protocol, whether proxy values are sourced and labeled, and whether the total reported figure is internally consistent with the underlying calculation inputs.
Reasonable assurance is a positive assurance — the verifier actively confirms the data is accurate. It involves re-performing calculations from source documents, testing internal controls, and in some sectors, site visits. For Scope 3 contractor data under reasonable assurance, verifiers will request the underlying source documents — GPS trip logs, waste manifests, purchase receipts — and verify that the calculation produces the reported number from those inputs.
The practical implication: for limited assurance, methodology documentation and labeling of proxy data are sufficient. For reasonable assurance, you need the source documents. The RCP 12-point data capture standard is designed to collect exactly those source documents at the time of the job, making reasonable assurance retroactively possible without extra effort.
The GHG Protocol’s Five Audit Principles — Applied to RCP Records
The GHG Protocol Corporate Value Chain Standard specifies five principles that a Scope 3 inventory — and by extension, the contractor data that feeds it — must satisfy for assurance purposes. Understanding how RCP records satisfy each principle makes audit preparation straightforward.
1. Relevance
What verifiers check: Whether the emissions sources included reflect the actual emissions generated on behalf of the client, and whether any exclusions are documented and justified.
How RCP satisfies this: The scope boundary section of the RCP Full Framework Document explicitly lists what is included and excluded, with justification for each exclusion. The job_type and damage_category fields in the RCP JSON schema ensure the correct emission domains are applied for each job type. No RCP-compliant record silently excludes a material emission source — exclusions must be documented in the data_quality.notes field.
2. Completeness
What verifiers check: Whether all material Scope 3 categories are covered and whether the reporting boundary is consistently applied across all jobs in the portfolio.
How RCP satisfies this: The RCP portfolio summary covers all jobs at a client’s properties during the reporting period. The four GHG Protocol categories covered (Cat. 1, 4, 5, 12) are documented in the framework as the complete set of material categories for restoration work. A verifier can confirm completeness by checking that every invoiced job appears in the portfolio summary.
3. Consistency
What verifiers check: Whether the same methodology and emission factors are applied across all jobs, and whether year-over-year comparisons are valid.
How RCP satisfies this: The schema_version field (“RCP-JCR-1.0”) ensures every record uses the same schema. The emission factor vintage is documented in the framework (“EPA 2025 EF Hub, EPA eGRID 2023, EPA WARM v16”). When CARB or EPA updates emission factors, the RCP patch version increments, creating a clear record of when methodology changed. Verifiers can request the emission factor table used and verify it matches the published RCP version for that reporting year.
4. Transparency
What verifiers check: Whether methodology is fully disclosed, proxy values are labeled, and the calculation can be reproduced from the disclosed inputs and factors.
How RCP satisfies this: The data_quality section of every RCP Job Carbon Report explicitly lists which data points are primary and which are proxy-estimated. The calculation_method field in each domain section identifies whether primary or proxy methodology was used. The emission factors are published in the RCP Emission Factor Reference Table with source citations. A verifier provided with an RCP JSON record, the proxy value table, and the raw source documents can reproduce the reported number independently.
5. Accuracy
What verifiers check: Whether the quantification is systematic, consistent, and not materially biased toward over- or under-reporting.
How RCP satisfies this: The proxy value hierarchy (primary > derived primary > job-specific proxy > national average proxy) ensures that the calculation uses the most accurate available data for each input. The data_quality section’s primary_data_points list lets verifiers assess what fraction of the total is based on primary data. The systematic use of EPA-sourced emission factors — not custom or proprietary factors — provides a defensible, auditor-recognized basis for every number.
What Source Documents to Retain and for How Long
The following source documents underpin each of the 12 RCP data points. Retain these at the job level, linked to the job ID, for a minimum of seven years. This covers the typical verification lookback period under CSRD (5 years) plus margin.
| Data Point | Source Document to Retain | Assurance Level Required |
|---|---|---|
| 1 — Vehicle log | GPS trip export or odometer log with vehicle ID, date, start/end location, miles | Reasonable assurance |
| 2 — Waste transport | Disposal facility weight receipt or manifest with facility name, date, weight, material type | Reasonable assurance |
| 3 — Equipment power source | Job notes confirming building power or generator fuel purchase receipt | Limited assurance |
| 4 — Chemical treatments | Purchase order or supply requisition for chemicals used on this job, with quantities | Limited assurance |
| 5 — PPE consumption | Supply order by job or proxy rate table reference if job-specific data unavailable | Limited assurance (proxy acceptable) |
| 6 — Containment materials | Close-out notes with quantities or proxy rate table reference | Limited assurance (proxy acceptable) |
| 7 — Debris volume | Disposal facility weight receipt (see Data Point 2) or dumpster manifest | Reasonable assurance |
| 8 — Disposal method/facility | Disposal facility receipt naming the facility and disposal method | Reasonable assurance |
| 9 — Demolished materials | Demolition scope from job file (Xactimate estimate or written scope), photo documentation | Reasonable assurance |
| 10 — Replacement materials | Purchase orders or materials delivery receipts with quantities | Reasonable assurance (if in scope) |
| 11 — Job classification | Initial assessment documentation with damage category, class, and affected area | Limited assurance |
| 12 — Job timeline | Job management system record with start and completion dates | Limited assurance |
How RCP Records Are Treated by Verifiers Under Limited vs. Reasonable Assurance
When a property manager’s verifier reviews their Scope 3 inventory under limited assurance, they will typically sample a subset of vendor records — often 10–20% of the total by value — and check for: consistency with stated methodology, that proxy records are labeled as such, and that the calculation produces a plausible number given the stated activity. An RCP JSON record satisfies all three checks without additional preparation, because the schema enforces methodology documentation, proxy labeling is required in the data_quality section, and the calculation is transparent and reproducible.
Under reasonable assurance, the verifier may specifically request source documents for the sampled records. This is where the seven-year document retention requirement becomes material. A contractor who can produce the disposal facility receipt, the GPS trip log, and the Xactimate estimate for a job from 18 months ago has converted a potential audit finding into a zero-question pass.
The most common Scope 3 audit finding for contractor data is: proxy data used without documentation of why primary data was unavailable. The RCP data_quality.notes field is specifically designed to prevent this. Every proxy-based data point should have a note explaining why primary data was unavailable: “Vehicle mileage estimated from dispatch records — GPS fleet system not yet deployed” is a valid and audit-acceptable explanation. Silence is not.
The Chain of Custody for RCP Data
Verifiers are increasingly attentive to the chain of custody for supplier data — how data traveled from the source activity to the reported number in the client’s inventory. For RCP records, the chain of custody is:
- Source activity: Vehicle trip, equipment run, waste disposal event
- Source document: GPS log, manifest, purchase receipt
- Data entry: Job management system (Encircle, PSA, Dash, manual log)
- RCP calculation: Activity data × emission factor = kg CO₂e per domain
- RCP Job Carbon Report: JSON record with emissions summary and data quality metadata
- Client delivery: Email, ESG platform upload, or API transmission
- Client inventory: Aggregate Scope 3 figure in GRESB/CDP/SB 253 disclosure
Each link in this chain should be documentable. When a verifier asks “how did this number get into the inventory?” you should be able to walk from step 1 to step 7 for any sampled job.
Conducting Your Own Pre-Audit Review
Before your clients face their first verified Scope 3 disclosure cycle, run a pre-audit review of your own RCP records. The GHG Protocol explicitly recommends that inventory preparers treat each verification cycle as a learning process. For restoration contractors, a practical pre-audit review involves:
- Pull the portfolio summary for your largest commercial client for the most recent year. Count the total jobs and total tCO₂e reported.
- Sample 5 jobs — pick 2 large, 2 medium, 1 small by affected area. For each, verify you can locate all 12 data point source documents.
- Check proxy labeling. For every job where a proxy was used, confirm the data_quality section identifies the proxy data points and the notes field explains why.
- Reproduce one calculation. Take one job record and manually calculate the emissions from the source documents. Verify it matches the reported total within rounding.
- Check version consistency. Verify all records in the portfolio used schema_version “RCP-JCR-1.0” and the same emission factor vintage. Mixed vintages require disclosure.
- Document your findings. A one-page internal review memo noting what you checked and what you found creates a quality control record that verifiers view favorably as evidence of internal controls.
The Version Control Requirement
If a Job Carbon Report is corrected after delivery — because a waste manifest weight was updated, a vehicle mileage was corrected, or a proxy value was replaced with primary data — the corrected record must be issued as a new version. The version increment convention for RCP Job Carbon Reports is appending a revision suffix to the job ID: JOB-2026-04847-R1, JOB-2026-04847-R2, etc. The data_quality.notes field must document what changed and why. The original record should be retained alongside the revision — verifiers may ask why a record was corrected.
Assurance Standards Your Clients’ Verifiers Will Use
Different verifiers use different professional standards for GHG assurance. The most common frameworks your clients’ verifiers will reference:
- ISAE 3000: The International Standard on Assurance Engagements (Revised) — the dominant framework for GHG assurance in the EU and used by the Big Four accounting firms globally
- ISO 14064-3: Specification with guidance for the validation and verification of GHG statements — widely used in the US and internationally
- AA1000AS: AccountAbility Assurance Standard — common in voluntary sustainability reporting contexts
- CSAE 3410: Canadian standard, referenced by SB 253 as an acceptable framework
None of these standards create requirements that a contractor must meet directly — they govern how the verifier conducts the engagement. But understanding them helps you know what questions to expect if a client’s verifier contacts you directly about sampled records.
Sources and References
- GHG Protocol. Corporate Value Chain (Scope 3) Accounting and Reporting Standard. ghgprotocol.org/scope-3-standard
- California Air Resources Board. SB 253 Climate Corporate Data Accountability Act. ww2.arb.ca.gov
- Workiva. Emissions Auditing and Verification for Third-Party GHG Assurance. workiva.com
- GSI Environmental. Ensuring a Smooth GHG Verification. gsienv.com
- RCP v1.0 Full Framework Document. tygartmedia.com/rcp-v1-full-framework-document/
- RCP JSON Schema v1.0. tygartmedia.com/rcp-json-schema-v1-machine-readable-standard/
Leave a Reply