Tag: Risk Management

  • Claude Tag Ambient Mode: Useful Teammate or Context-Bleed Risk?

    Claude Tag Ambient Mode: Useful Teammate or Context-Bleed Risk?

    This is part of our Claude Tag field guide for agencies. Start with the overview: Claude Tag: A Builder’s Guide for Agencies.

    Ambient mode is Claude Tag’s headline feature and its single most consequential setting. Turn it on and Claude stops waiting to be asked — it starts watching the channels it’s in and speaking up when it thinks you’d want to know something. Whether you should enable it isn’t a yes-or-no question. It’s a where question, and getting the where right is the whole game.

    What ambient mode actually does

    By default, Claude Tag is reactive: you @-mention it, it works, it replies. With ambient behavior enabled, it becomes proactive. Anthropic describes it as Claude keeping you updated about whatever it thinks you might need to know — flagging relevant information from across the channels it’s in and the tools it’s connected to, and following up on threads or tasks that have gone quiet.

    In practice that means three things: it surfaces context you didn’t ask for, it connects information across more than one channel, and it chases loose ends nobody assigned it. Those are exactly the behaviors that make it feel like a teammate instead of a tool.

    Where it’s a superpower

    Inside a single team, ambient mode is close to magic. Every channel belongs to the same company, so “learning across channels” only ever connects your own dots. A proactive teammate that remembers the forgotten follow-up, links the spec to the standup, and flags the blocker before it bites is pure upside. This is the version Anthropic runs internally, and it’s why they can say a large share of their product team’s code now comes from their own version of the tool.

    If your Slack workspace is one company’s data and one team’s work, turn ambient mode on and enjoy it.

    Where it’s a risk

    Ambient mode’s proactive, cross-channel nature is exactly what makes it dangerous in two situations:

    • Multiple clients in one operation. The moment a proactive teammate is “surfacing relevant information from across channels,” relevance becomes the judge of what crosses the line between Client A and Client B. That’s a context-bleed risk we’ve lived — the whole subject of The Multi-Client Isolation Trap.
    • Regulated or sensitive data. Anywhere an unprompted message pulling context from elsewhere could expose something it shouldn’t — health, financial, legal, HR — proactive surfacing is a liability, not a convenience.

    A simple decision framework

    Don’t decide ambient mode globally. Decide it per surface, with one question: is everything this Claude can see owned by the same trust boundary?

    Surface Ambient mode Why
    Internal team channels (one company) ON Cross-channel proactivity only connects your own data
    Client-facing / multi-tenant channels OFF Proactive surfacing is where one client’s context leaks into another’s
    Regulated / sensitive-data channels OFF Unprompted context-pulling is a compliance liability

    The rule of thumb: ambient mode should be on where the data is all yours, and off everywhere a human should still be pulling, not the AI pushing.

    If you do turn it on

    Enable it deliberately, not by default. Map which channels hold which trust boundary before you flip the switch, keep client and regulated channels out of cross-channel learning, and audit what the assistant can actually see. That sequencing — boundaries first, then ambient — is exactly how we walk through it in How to Set Up Claude Tag in Slack.

    The bottom line

    Ambient mode isn’t good or bad — it’s powerful, and power needs a boundary. For internal teams, it’s the best part of Claude Tag. For client work, it’s the part to leave off until isolation is airtight. For the full picture, start at the pillar: Claude Tag: A Builder’s Guide for Agencies.

  • Claude Enterprise Compliance: BAA, SOC 2, GDPR and Data Policy (2026)

    Claude Enterprise Compliance: BAA, SOC 2, GDPR and Data Policy (2026)

    Last verified: June 13, 2026

    Anthropic publishes a defined compliance posture for Claude: it holds SOC 2 Type I and Type II, ISO 27001:2022, and ISO/IEC 42001:2023 credentials; it will sign a Business Associate Agreement (BAA) covering HIPAA-ready services such as the first-party API and Enterprise plans; by default it does not train models on data sent under its commercial terms; and it offers a zero-data-retention (ZDR) arrangement on the Messages and Token Counting APIs. The hard part for buyers is the per-surface boundary — what the BAA covers, which features are blocked under ZDR or HIPAA, how long data is kept, and where it can be processed. Every figure below is drawn from Anthropic’s own trust, privacy, and developer documentation, with sources at the bottom. Eligibility, feature lists, and durations change; treat your signed contract and the live Trust Center as the controlling sources.

    Certifications and attestations

    Anthropic’s help center lists the following compliance credentials for its commercial products (Claude for Work and the Anthropic API). It directs customers to the Trust Portal at trust.anthropic.com to request copies of the underlying reports and certificates.

    Credential Status as described by Anthropic Scope
    SOC 2 Type I & Type II Listed as held Commercial products (Claude for Work, Anthropic API)
    ISO 27001:2022 Certified Information Security Management
    ISO/IEC 42001:2023 Certified (issued by Schellman Compliance, LLC, accredited by the ANSI National Accreditation Board) AI Management Systems
    HIPAA “HIPAA-ready configuration (BAA available)” See BAA section

    Anthropic describes itself as “one of the first frontier AI labs” to achieve ISO/IEC 42001:2023 certification, in an announcement dated January 13, 2025. The help-center certifications list does not mention ISO 27017, ISO 27018, FedRAMP, or CSA STAR; those are left out here rather than asserted. GDPR and CCPA are handled through Anthropic’s privacy program and customer agreements rather than as line-item “certifications” (see GDPR section).

    HIPAA and the BAA: covered by product surface

    Anthropic states it “provides a Business Associate Agreement (BAA) covering our HIPAA-ready services, such as use of our first-party API or Enterprise plans.” HIPAA readiness is enforced at the organization level: Anthropic provisions a dedicated HIPAA-enabled organization that automatically blocks non-eligible features. To process protected health information (PHI) on the API, an administrator must sign the BAA and contact sales to enable it; for Enterprise, an admin activates HIPAA compliance in the Claude Enterprise admin settings under “Data & Privacy” and signs the BAA there.

    Surface BAA / HIPAA-ready coverage
    First-party Claude API (Messages API) Covered as an Eligible Service (admin signs BAA, then contact sales)
    Claude Enterprise Covered once an admin activates HIPAA compliance and signs the BAA
    Workbench and Console Not covered
    Claude Free, Pro, Max, Team Not covered
    Cowork Not covered
    Claude Code Not covered under HIPAA readiness
    Amazon Bedrock / Vertex AI Not covered (cloud provider is the data processor; see those platforms)
    Claude Platform on AWS / Microsoft Foundry HIPAA readiness not available
    Beta features (e.g., Claude in Office, Claude Design) Generally not covered unless explicitly listed as eligible

    Within the API, only a subset of features is HIPAA-eligible. Anthropic enforces this in code: a HIPAA-enabled organization that sends a non-eligible feature gets a 400 invalid_request_error naming the blocked feature. Anthropic states your signed BAA is the official source of truth for what is covered.

    API feature HIPAA-eligible
    Messages API (/v1/messages) Yes
    Token counting Yes
    Web search Yes (dynamic filtering not eligible)
    Prompt caching, structured outputs, extended/adaptive thinking, citations, 1M context, PDF (inline), data residency, effort, fast mode, bash & text-editor tools, memory tool Yes
    Web fetch, computer use, advisor tool, context management (compaction / editing), tool search, cache diagnostics No
    Code execution, programmatic tool calling No
    Batch API, Files API, Agent Skills, MCP connector, Claude Managed Agents, MCP tunnels No

    PHI must appear only in message content, attached files, or related file names/metadata — never in JSON schema definitions (property names, enum/const values, or pattern regexes), because compiled schemas are cached separately and do not receive the same PHI protections. Anthropic notes workspace names, user contact details, billing data, and support tickets are not expected to contain PHI under the BAA.

    Data retention (commercial default)

    Under Anthropic’s commercial data retention policy, conversation content is not retained by default for the API, and API inputs and outputs are automatically deleted on the backend within 30 days of receipt or generation. For interface products such as Claude for Work, data persists until you delete it, after which it is removed from backend storage within 30 days. Two exceptions extend retention regardless of arrangement.

    Data type / event Retention
    API inputs and outputs (default) Auto-deleted within 30 days
    Deleted conversation content (Claude for Work) Removed from backend within 30 days
    Inputs/outputs for a chat flagged as a Usage Policy violation Up to 2 years
    Trust & safety classification scores (flagged chat) Up to 7 years
    Data tied to feedback you submit (thumbs up/down, bug report) 5 years

    Zero data retention (ZDR)

    With a ZDR arrangement, customer data is not stored at rest after the API response is returned, except where needed to comply with law or combat misuse. ZDR is requested through Anthropic sales and enabled per organization — it does not carry over automatically to new organizations under the same account. Even under ZDR, Anthropic retains User Safety classifier results, and may retain inputs and outputs for up to 2 years if a chat or session is flagged for a Usage Policy violation. CORS is not supported for ZDR organizations, so browser apps must call through a backend proxy.

    Surface ZDR coverage
    Claude Messages API & Token Counting API Eligible
    Claude Code (Commercial org API keys, or via Claude Enterprise with ZDR enabled) Eligible
    Console and Workbench Not eligible
    Claude Teams & Claude Enterprise interfaces Not eligible (except Claude Code via Enterprise with ZDR on)
    Claude Free, Pro, Max Not eligible
    Claude Managed Agents Not eligible (stateful; delete transcripts manually)
    Batch API, Files API, code execution, Agent Skills, MCP connector Not eligible
    Third-party integrations Not eligible

    A handful of ZDR-eligible features are marked “Yes (qualified)” — structured outputs and cache diagnostics — meaning Anthropic retains a narrow, documented set of technical data (for example, a cached JSON schema for up to 24 hours since last use) rather than your prompts or Claude’s outputs.

    Model-training policy and Covered Models

    Anthropic’s Privacy Policy states it does not apply to content processed on behalf of business customers; that data is governed by the customer agreement. For the API specifically, Anthropic states retained data is never used for model training without your express permission. Anthropic’s consumer-terms update confirms the data-use changes “do not apply to services under our Commercial Terms,” including Claude for Work, Claude for Government, Claude for Education, and API use (including via Amazon Bedrock and Google Cloud’s Vertex AI). Training on commercial data happens only if a customer explicitly opts in (for example, the Development Partner Program).

    One model-specific exception affects retention, not training: Claude Fable 5 and Claude Mythos 5 are designated Covered Models and require 30-day data retention. ZDR is not available for these two models; a request to either from an organization whose retention configuration doesn’t meet the requirement returns a 400 invalid_request_error. Organizations with ZDR can turn on 30-day retention for a single workspace (Console > Settings > Workspaces > Privacy controls) to use those models there while keeping ZDR elsewhere. On Bedrock, Vertex AI, and Microsoft Foundry, retention requirements for these models are set by each platform.

    GDPR, data residency, and international transfers

    For users in the EEA, UK, or Switzerland, the data controller is Anthropic Ireland, Limited; elsewhere it is Anthropic PBC. Where the EU or UK GDPR applies, Anthropic responds to verifiable data-subject requests within one calendar month. For transfers to countries without an adequacy decision, Anthropic relies on standard contractual clauses, and publishes its subprocessors at anthropic.com/subprocessors.

    On data residency, the Claude API exposes two independent controls. inference_geo sets where inference runs per request — values are "global" (default) or "us" — and is supported on Claude Opus 4.6, Sonnet 4.6, and later (older models return a 400). Workspace geo controls where data is stored at rest and where endpoint processing happens; it is set at workspace creation and cannot be changed afterward. Per Anthropic’s documentation, "us" is currently the only available workspace geo, and only "us" and "global" inference geos are available — so there is currently no EU-resident storage option at the workspace level. US-only inference is priced at 1.1x the standard rate on supported models. Data residency is available on the Claude API (first-party) and Claude Platform on AWS; on Bedrock and Vertex AI the region is set by the endpoint or inference profile.

    Does Anthropic train its models on my API or commercial data?

    No, not by default. Anthropic’s Privacy Policy excludes business-customer content (governed by your customer agreement), and for the API it states retained data is never used for training without your express permission. The consumer data-use changes explicitly do not apply to Commercial Terms services. Training on commercial data requires an explicit opt-in.

    Will Anthropic sign a BAA, and for what?

    Yes. Anthropic signs a BAA covering HIPAA-ready services such as the first-party API and Enterprise plans. The Messages API is covered as an Eligible Service. It does not cover Workbench/Console, Free/Pro/Max/Team, Cowork, Claude Code, or beta features unless explicitly listed. An admin must sign the BAA and enable HIPAA readiness; the organization then auto-blocks non-eligible features.

    What’s the difference between ZDR and HIPAA readiness?

    Per Anthropic, ZDR prevents customer data from being stored at rest after the API response. HIPAA readiness is a broader set of safeguards (encryption, access controls, audit logging) that protect PHI throughout its lifecycle and lets data be retained with safeguards rather than deleted immediately. Anthropic states you do not also need ZDR if you have HIPAA readiness.

    How long does Anthropic keep my data?

    By default, API inputs and outputs are auto-deleted within 30 days. If a chat is flagged as a Usage Policy violation, inputs/outputs may be retained up to 2 years and trust & safety classification scores up to 7 years. Data tied to feedback you submit is kept 5 years. ZDR removes the default at-rest storage but does not remove the law/misuse exceptions.

    Can I keep Claude inference and data in the EU?

    Not at rest currently. The API’s inference_geo can pin inference to "us" or run "global", but Anthropic’s documentation lists "us" as the only available workspace geo (storage region). EU/UK data-subject rights and standard contractual clauses apply regardless, but an EU storage-residency option is not currently offered at the workspace level per the docs verified here.


  • How Buyers Actually Price a Restoration Company in 2026 (And the 5 Deal-Killers They Walk From)

    How Buyers Actually Price a Restoration Company in 2026 (And the 5 Deal-Killers They Walk From)

    Most restoration buyers in 2026 are paying for the wrong things. They look at top-line revenue, the truck count, the trailing-twelve EBITDA — and miss the structural details that decide whether the company they just bought is a $4M business or a slow-motion writedown. Private equity has deployed over $6 billion across 50-plus platforms since 2018, and the buyers who keep winning at these multiples are the ones with a checklist that goes deeper than the broker’s pitch deck.

    Here is what the disciplined buyers — strategic acquirers, PE platforms, and operator-buyers — actually look at when they price a restoration company in 2026, and the five line items that quietly kill more deals than anything in the financials.

    What buyers are actually paying for in 2026

    Median sale prices in restoration have risen to roughly $2.2M. Shops under $2M in revenue tend to clear at 2.5x to 3.0x SDE. The $2M to $5M EBITDA band — what the industry calls the PE feeder zone — trades at 4x to 6x EBITDA. Platforms above $10M EBITDA push 6x to 8x with strategic buyers willing to stretch further for the right geography or carrier panel. The spread between bottom and top of that range is not random. It is a function of five drivers that a thorough buyer will price line by line.

    Carrier preferred-vendor status is the first thing on every diligence sheet. A company on the preferred panel of two or more Tier 1 carriers — State Farm, Allstate, USAA, Liberty Mutual — gets a multiple premium because that revenue is durable, repeatable, and very hard for a new entrant to replicate. A company that depends on one TPA program for half its work gets discounted because that revenue is one phone call away from disappearing.

    Revenue mix matters almost as much. Mitigation-heavy companies — fast-turn water and emergency services — carry better margins and more predictable cash conversion than companies leaning on large-loss reconstruction. Reconstruction-heavy shops can still trade well, but buyers will model lower margins and longer working-capital cycles, which compresses the multiple.

    Management depth below the founder is the third lever. If the owner is the estimator, the rainmaker, and the operations lead, the buyer will assume a 12 to 24 month earnout structure and discount the price accordingly. A general manager, an estimating lead, and a production manager who are staying through transition can add an entire turn of EBITDA to the offer.

    CAT exposure is the fourth. Companies with more than 20-25% of revenue tied to catastrophic events get valued on a normalized basis — buyers strip the spike years out of the average. If you bought a restoration company on a peak hurricane year’s numbers, you overpaid. Sophisticated buyers know this and adjust before they sign the LOI.

    The fifth is books that survive a quality-of-earnings review. In about 85% of deals, the QoE adjusts down from the seller’s claimed EBITDA, and the average haircut runs 10 to 15%. Companies that have already run a sell-side QoE and addressed the easy adjustments hold their price better than companies that hand a buyer a QuickBooks export and a confident shrug.

    The five quiet deal-killers

    Most deals do not die on price. They die in the back half of due diligence, when something surfaces that the seller either did not disclose or did not realize mattered. These are the five issues that show up most often, and what a disciplined buyer does about each one.

    1. Customer or carrier concentration over 20%. If a single carrier, TPA program, or property manager drives more than a fifth of revenue, the company has a single point of failure. Buyers either re-price the deal, structure a larger earnout tied to retention, or walk. The honest fix on the seller side is to diversify the book 18 months before going to market, but most do not have that luxury once they have decided to sell.

    2. Licensing and certification gaps. Restoration is a regulated trade in most states. Buyers verify IICRC firm certification, individual technician WRT and ASD credentials, AMRT for mold work, state contractor licenses, and any specialty endorsements required locally. A lapsed firm certification or an expired mold license is not always a deal-killer, but it is always a price renegotiation and sometimes a regulatory exposure that gets baked into the purchase agreement as an indemnity.

    3. Aged accounts receivable. Restoration AR ages slowly because insurance carriers and TPAs pay slowly. Buyers will look at the receivables aging report and discount anything over 90 days, sometimes severely. If a meaningful portion of the company’s "earnings" is actually trapped in 180+ day AR that nobody is going to collect, the working capital adjustment at close will swallow a real chunk of the purchase price.

    4. Founder dependency in estimating and sales. This is the single most common reason restoration deals collapse or restructure into heavy earnouts. If the founder writes 60% of the estimates and personally manages the top carrier relationships, buyers know the business does not transfer. The seller who builds a real estimating department and pushes carrier relationships down to a sales lead two years before sale will capture meaningfully more value.

    5. Compliance and labor exposure. 1099 versus W-2 misclassification, prevailing wage issues on commercial jobs, OSHA history, and EMR trends all surface in diligence. Buyers will hire an HR specialist on any deal above a few million in revenue, and a clean compliance picture is worth 0.25x to 0.5x of EBITDA on its own.

    What a buyer should actually run before the LOI

    The minimum diligence package on a serious restoration acquisition includes: a quality-of-earnings review by a firm that has seen at least a dozen restoration deals, an independent verification of carrier preferred-vendor status and any TPA contracts, a customer concentration analysis at the carrier and account level, an AR aging review by a buyer-side accountant, an IICRC and state licensing audit, and a sit-down with the operations and estimating leads with the founder out of the room. That last item is the most underused and the most predictive.

    Buyers who skip any of these line items end up renegotiating after close or eating a writedown a year in. Buyers who run all of them tend to pay slightly less and own businesses that transfer cleanly.

    Bottom line

    The 2026 restoration market is the best buyer’s window of the next five years, but only for buyers with discipline. The capital is there, the seller pipeline is there as the founder generation exits, and the platform playbook has been proven by HighGround, American Restoration, and a half-dozen others. The companies worth buying at top-of-range multiples are the ones with diversified carrier mix, real management depth, and books that survive a serious QoE. Everything else is a turnaround dressed up as an acquisition — and turnarounds in restoration take 18 to 36 months to fix and often cost more than the purchase premium ever saved. Pay for what transfers. Walk from what does not.

    Frequently asked questions

    What multiple do restoration companies sell for in 2026?

    Sub-$2M revenue shops typically trade at 2.5x to 3.0x SDE. Companies in the $2M to $5M EBITDA range — the PE feeder zone — clear 4x to 6x EBITDA. Platforms above $10M EBITDA reach 6x to 8x, with strategic premiums pushing higher in the right geography or carrier panel.

    What kills restoration acquisition deals most often?

    Customer or carrier concentration above 20%, founder dependency in estimating and sales, aged accounts receivable that does not collect, licensing or IICRC certification gaps, and labor compliance exposure — in roughly that order of frequency.

    How long should a buyer-side diligence process take?

    For a sub-$5M revenue restoration acquisition, plan on 60 to 90 days from signed LOI to close. Quality of earnings runs three to five weeks, legal and licensing diligence runs parallel, and customer/carrier verification typically lands in the final two weeks before close.

    Is buying a restoration franchise better than buying an independent?

    Franchises like SERVPRO or ServiceMaster Restore deliver brand, training, and national-account access at the cost of royalties and territorial restrictions. Independents give you full margin upside and the freedom to build proprietary carrier relationships, but require self-built systems and certifications. For first-time operators, the franchise reduces execution risk. For experienced operators, an independent acquisition tends to compound faster.

  • GRESB vs CDP vs SB 253: Which ESG Framework Actually Governs Your Property Portfolio

    GRESB vs CDP vs SB 253: Which ESG Framework Actually Governs Your Property Portfolio

    Property owners and asset managers in institutional real estate operate in an increasingly layered ESG disclosure environment. GRESB drives investor-facing ESG scoring. CDP provides voluntary supply chain disclosure that is increasingly investor-requested. California SB 253 mandates Scope 3 disclosure for large entities. And the EU’s Corporate Sustainability Reporting Directive (CSRD) extends mandatory ESG reporting to European operations and, through supply chain due diligence requirements, reaches global real estate companies with EU exposure.

    For BOMA members — building owners, REITs, asset managers — understanding which framework governs which obligations, and where they overlap, is essential for building an ESG program that satisfies all of them without duplicating work. This article maps each framework against the specific Scope 3 obligations it creates for property owners, with particular focus on the contractor supply chain data gap that sits at the intersection of all three.

    GRESB: Investor-Driven, Asset-Level, Annual

    GRESB is the primary ESG accountability mechanism for institutional real estate globally. It is not a regulation — it is an investor-driven benchmark that most institutional property owners participate in voluntarily because their capital partners require it. GRESB assessments are annual, asset-level, and scored on a 0–100 scale that investors use to compare portfolio ESG performance.

    For Scope 3, GRESB evaluates both governance (do you have a Scope 3 target and supply chain policy?) and performance (do you have actual Scope 3 data?). Contractor emissions — Scope 3 Category 1 — factor into both components. Property owners without contractor data collection programs score lower on supply chain governance and leave Category 1 data fields blank in the Performance section.

    GRESB is the most immediate Scope 3 pressure for most BOMA members because it directly affects your capital relationships. A poor GRESB score can affect asset valuations, borrowing costs, and investor mandates in ways that regulatory compliance does not.

    CDP: Voluntary, Supply Chain Driven, Escalating

    CDP’s supply chain program allows large corporations — including real estate companies’ major tenants and capital partners — to request Scope 3 supply chain data from their vendors. For property owners, CDP requests typically arrive from two directions: from institutional tenants whose corporate ESG programs require supply chain data from their landlords, and from institutional investors whose own CDP commitments require portfolio-level Scope 3 supply chain data.

    CDP participation is voluntary, but declining a CDP request from a major tenant or capital partner has commercial consequences. As CDP participation expands — the program now covers thousands of companies — the probability that a significant counterparty will request Scope 3 data from your organization continues to increase.

    California SB 253: Mandatory, Regulated, Enforced

    SB 253 is the only mandatory framework in this set, at least for US-domiciled organizations. It applies to entities doing business in California with revenues above the threshold, requires Scope 1 and 2 disclosure starting with fiscal year 2025 data, and adds Scope 3 starting with fiscal year 2026 data. CARB administers the program and has authority to assess penalties for non-compliance and material misstatement.

    For real estate entities with California assets, SB 253 transforms the Scope 3 contractor data question from an investor relations consideration into a legal compliance obligation. The same contractor emissions data that improves your GRESB score and satisfies CDP supply chain requests now also needs to be accurate enough to withstand CARB review.

    Where Restoration Contractor Data Fits in Each Framework

    The Restoration Carbon Protocol addresses the same data gap across all three frameworks. An RCP-compliant restoration contractor provides project-level emissions data in a format aligned with GHG Protocol Category 1. That data feeds directly into your GRESB Performance section, satisfies CDP supply chain data requests for Category 1, and provides the documented, methodology-backed Scope 3 Category 1 data that SB 253 requires.

    The strategic efficiency argument for RCP adoption by property owners is that solving the restoration contractor data problem once solves it for all three frameworks simultaneously. You do not need different data for GRESB, CDP, and SB 253 — you need GHG Protocol Category 1 data, and RCP produces it in that format.

    Building a Unified Response

    For BOMA members navigating GRESB, CDP, and SB 253 simultaneously, the most efficient path is a unified Scope 3 data program rather than three separate compliance efforts. The foundation is a GHG Protocol-aligned inventory methodology that covers all fifteen Scope 3 categories. Contractor data — collected through RCP-compliant vendor agreements and green lease extensions — feeds into that inventory once and satisfies all three frameworks.

    The timeline pressure is real: SB 253 Scope 3 data collection for fiscal year 2026 should already be underway, GRESB 2026 assessments will open in the first quarter, and CDP supply chain requests arrive year-round. The property owners who have built the contractor data infrastructure now — preferred vendor panels with RCP adoption, ESG clauses in service agreements, documented methodology — will be the ones with defensible Scope 3 inventories when all three frameworks converge on the same data set in 2027.

    Frequently Asked Questions

    Does GRESB require the same data as SB 253?

    Both require Scope 3 GHG data aligned with the GHG Protocol Corporate Standard. GRESB collects it through an annual assessment submitted to the benchmark platform. SB 253 requires public disclosure filed with CARB. The underlying data set is the same — a GHG Protocol-compliant Scope 3 inventory by category — which is why building one unified inventory program satisfies both frameworks efficiently.

    How does CSRD affect US-based property owners?

    The EU’s Corporate Sustainability Reporting Directive (CSRD) applies directly to large EU-domiciled companies and EU subsidiaries of non-EU companies above defined thresholds. For US-based real estate companies with EU operations or EU-listed capital partners, CSRD may apply directly. Even for those it does not reach directly, CSRD’s supply chain due diligence requirements mean EU-based capital partners and tenants will increasingly request Scope 3 supply chain data from their US counterparties as part of their own CSRD compliance.

    What is the Restoration Carbon Protocol and why do BOMA members need it?

    The Restoration Carbon Protocol (RCP) is an industry self-standard that gives restoration contractors a structured GHG accounting methodology for project-level emissions reporting. For BOMA members, RCP-compliant contractors provide the Scope 3 Category 1 data needed for GRESB performance scores, CDP supply chain responses, and SB 253 mandatory disclosure — in a format directly compatible with GHG Protocol reporting requirements.

  • Green Lease 2.0: How Property Owners Can Use Lease Language to Drive Scope 3 Contractor Compliance

    Green Lease 2.0: How Property Owners Can Use Lease Language to Drive Scope 3 Contractor Compliance

    Green leases have been a standard tool in the institutional real estate ESG toolkit for over a decade. Originally designed to align landlord and tenant incentives around energy efficiency, green lease clauses have evolved to cover data sharing, sustainability reporting, and — in more sophisticated agreements — explicit GHG emissions obligations.

    The same contractual logic that makes green leases effective for tenant emissions management can be applied to the contractor supply chain. Property owners who have invested in green lease programs for tenant Scope 3 (Category 13) data now have a parallel opportunity: using vendor agreement language to systematically collect Scope 3 Category 1 data from the contractors who perform work on their assets.

    What Green Lease Language Has Achieved — and Where It Stops

    Modern green lease frameworks — developed by BOMA, the Institute for Market Transformation, the Urban Land Institute, and others — have established standard clauses for energy data sharing, sub-metering requirements, sustainable operations standards, and ENERGY STAR reporting. These clauses give property owners a contractual mechanism to collect the tenant data needed for GRESB Category 13 reporting and corporate GHG inventories.

    Green leases stop at the tenant boundary. They do not govern the contractors the property owner engages for capital projects, maintenance, and emergency response. Those contractor relationships are covered by master service agreements, purchase orders, and emergency vendor panel arrangements — none of which have traditionally included GHG data reporting requirements.

    Extending the Logic: Contractor ESG Clauses

    The Green Lease 2.0 framework extends the proven lease-language approach to contractor agreements. The principle is identical: establish a contractual data delivery obligation, specify the format and methodology, and make compliance a condition of the vendor relationship.

    For restoration contractors specifically, the relevant clause structure covers three elements. A methodology requirement — specifying that the contractor must use a recognized GHG accounting methodology (such as the Restoration Carbon Protocol) for calculating project emissions. A data delivery requirement — specifying that a project emissions report in a format compatible with GHG Protocol Category 1 reporting must be delivered within 30 days of project completion. And a pre-qualification requirement — specifying that participation in the property owner’s preferred restoration vendor panel requires demonstrated GHG reporting capability prior to emergency deployment.

    Why the Pre-Qualification Step Matters

    The most important element of the contractor ESG clause framework is pre-qualification — establishing GHG reporting capability before the loss event occurs. Property owners cannot negotiate data requirements at 2 AM when a pipe bursts. The contractual infrastructure needs to exist before the emergency.

    Pre-qualification creates a preferred vendor panel of restoration contractors who have adopted RCP or an equivalent methodology and are contractually committed to delivering project emissions data. When a loss event occurs, the property manager calls from that panel — and GHG data collection is already built into the engagement.

    What This Looks Like for GRESB and SB 253

    For GRESB participants, a documented contractor ESG clause program with demonstrated adoption across your preferred vendor panel satisfies the supply chain governance requirements in the Management component of the GRESB assessment. It shows that your organization has policies in place, that those policies have contractual teeth, and that you are actively collecting contractor emissions data — not estimating it.

    For SB 253, the contractor ESG clause approach provides the documented data collection methodology that CARB’s guidance suggests as the evidentiary standard for Scope 3 Category 1 reporting. Organizations that can demonstrate a systematic contractor data collection program — rather than spend-based estimation — are better positioned for both initial compliance and the audit scrutiny that mandatory disclosure programs inevitably generate over time.

    Green Lease 2.0 is not a dramatic reinvention. It is the application of a framework that already works — for tenants — to the contractor relationships where property owners have an equivalent data obligation and an equivalent contractual lever to close it.

  • GRESB and Scope 3: What Property Owners Must Report and Where Contractors Fit

    GRESB and Scope 3: What Property Owners Must Report and Where Contractors Fit

    For property owners and asset managers in institutional real estate portfolios, the Global Real Estate Sustainability Benchmark (GRESB) is not optional — it is the standard by which your ESG performance is measured, scored, and reported to institutional investors. And as GRESB’s scoring methodology continues to align with TCFD, ISSB, and the GHG Protocol, Scope 3 supply chain data has moved from a nice-to-have to a measurable gap in your assessment score.

    This article examines exactly where contractor Scope 3 data fits in the GRESB Real Estate Assessment, what the consequences of a data gap look like in practice, and how the Restoration Carbon Protocol (RCP) gives property owners a direct path to closing it.

    How GRESB Measures Scope 3

    The GRESB Real Estate Assessment is structured around two components: Management (governance, policy, targets, and reporting) and Performance (actual environmental and social data). Scope 3 emissions surface in both.

    In the Management component, GRESB evaluates whether your organization has a GHG emissions reduction target that includes Scope 3, and whether your supply chain policies address emissions reporting from contractors and vendors. Property owners without explicit contractor emissions standards in their procurement policies lose points here.

    In the Performance component, GRESB collects actual GHG data at the asset level — and Scope 3 Category 1 (Purchased Goods and Services, including contractors) is part of the expected data set for organizations reporting under GHG Protocol Corporate Standard.

    The Contractor Data Gap in Practice

    Most property owners managing large portfolios have reasonable visibility into Scope 1 (direct combustion at owned assets) and Scope 2 (purchased electricity). The contractor supply chain is where the inventory breaks down.

    Restoration contractors are among the highest-emission vendor categories in a property owner’s supply chain — yet they are engaged reactively, after loss events, and almost universally lack any mechanism for providing GHG data to their clients. A commercial building fire or flood event that triggers a six-figure restoration project will generate significant Scope 3 Category 1 emissions. Those emissions belong in your GRESB data. In most cases, they are simply missing.

    What RCP-Compliant Contractors Provide

    The Restoration Carbon Protocol gives restoration contractors a standardized methodology for calculating and communicating project-level emissions data — covering equipment fuel consumption, materials with embedded carbon, waste generation, and transportation. RCP output maps directly to GHG Protocol Category 1 reporting requirements.

    For GRESB participants, this means an RCP-compliant restoration contractor can provide the data needed to populate your Scope 3 Category 1 inventory for loss events — closing a gap that most property owner GHG inventories currently leave blank. That data supports your GRESB Performance score and demonstrates supply chain governance maturity in the Management component.

    Tenant Emissions: The Category 13 Problem

    While contractor data is the most actionable gap for most BOMA members, tenant emissions represent the largest Scope 3 exposure in most property portfolios. GRESB specifically evaluates whether property owners collect tenant energy and emissions data — and whether green lease clauses are in place to facilitate that collection.

    The contractor and tenant problems are structurally similar: both involve third parties operating within your assets whose emissions appear in your Scope 3 inventory, but whose data collection you do not directly control. Green leases address the tenant side. Contractor ESG requirements in your procurement standards — and RCP adoption by your preferred vendor panel — address the contractor side.

    Practical Steps for GRESB Participants

    For property owners currently completing or preparing for GRESB assessments, three actions directly improve your Scope 3 contractor data position. First, add an ESG data reporting requirement to your preferred vendor agreements — specifying that contractors must provide project-level GHG data in a format compatible with GHG Protocol Category 1 reporting. Second, ask your preferred restoration contractors whether they have adopted the Restoration Carbon Protocol or a comparable methodology. Third, build contractor emissions data into your post-loss project closeout process — making GHG reporting a deliverable alongside cost documentation and certificate of completion.

    These are not theoretical improvements. They are the specific steps that convert a data gap in your GRESB Performance section into a documented, improving metric — the kind institutional investors recognize as evidence of genuine ESG program maturity rather than checkbox compliance.

  • BOMA vs IFMA: Why Scope 3 ESG Looks Completely Different for Property Owners

    BOMA vs IFMA: Why Scope 3 ESG Looks Completely Different for Property Owners

    When the sustainability conversation turns to Scope 3 emissions, property owners and facility managers are often lumped together. Both manage buildings. Both hire contractors. Both face regulatory pressure from California SB 253, CSRD, and investor frameworks like GRESB and CDP. But the obligations, the data gaps, and the strategic levers are fundamentally different depending on which side of the lease you sit on.

    BOMA members — building owners, asset managers, and property managers — occupy a distinct position in the Scope 3 landscape. You own or control the asset. Your tenants generate Scope 3 emissions inside your buildings under Category 13 (Downstream Leased Assets). Your contractors generate Scope 3 emissions during capital projects and maintenance under Category 1 (Purchased Goods and Services). And your investors increasingly require you to disclose both — through GRESB assessments, CDP supply chain requests, and emerging mandatory frameworks.

    The Core Distinction: Asset Owner vs. Building User

    IFMA’s membership is primarily the corporate occupier — the facility manager who runs operations inside a building their employer leases or owns for non-real-estate purposes. Their Scope 3 exposure is Category 1: what they buy, including the contractors they hire for restoration, maintenance, and capital projects.

    BOMA’s membership is the asset side of that equation. As a property owner, your Scope 3 inventory is more complex:

    • Category 1 (Purchased Goods and Services): Contractors you hire — restoration companies, mechanical contractors, janitorial services, construction firms during capital improvements
    • Category 13 (Downstream Leased Assets): Your tenants’ energy consumption and operations inside your building — the hardest Scope 3 category to measure and the one GRESB scrutinizes most closely
    • Category 11 (Use of Sold Products): For REITs and developers who sell or transfer properties

    The tenant emission problem is uniquely a BOMA problem. Your tenants control the space. They set the thermostat, they bring in their own contractors, they determine actual energy consumption. But under GHG Protocol rules for property owners, their emissions may appear in your Scope 3 inventory — and GRESB will ask about them.

    The Contractor Data Gap: Where BOMA and IFMA Converge

    Here is where BOMA and IFMA face the same structural problem: restoration contractors, mechanical service firms, and specialty trade vendors who perform work on your properties have no standardized mechanism for reporting their Scope 3 emissions data back to you.

    When a water damage event triggers a restoration project — emergency extraction, structural drying, mold remediation — the contractor mobilizes equipment that burns diesel, deploys materials with embedded carbon, and generates waste. All of that falls under your Scope 3 Category 1. And almost none of it gets captured in any formal emissions inventory.

    The Restoration Carbon Protocol (RCP) is an emerging industry self-standard designed to fix this. It gives restoration contractors a structured methodology for calculating and communicating Scope 3 emissions data to their property owner clients — in a format that maps directly to GHG Protocol Category 1 reporting requirements.

    GRESB and the Asset Manager Accountability Stack

    For BOMA members managing assets in institutional portfolios, GRESB is the primary accountability mechanism. The GRESB Real Estate Assessment scores assets on environmental, social, and governance performance — and Scope 3 supply chain data is an increasingly weighted component.

    GRESB participants who cannot provide contractor Scope 3 data leave points on the table. More importantly, as GRESB scoring evolves to align with TCFD and ISSB frameworks, the absence of supply chain data will increasingly flag as a material gap to institutional investors.

    Green Leases: The BOMA Lever IFMA Doesn’t Have

    One strategic lever available to property owners that IFMA FMs typically lack is the lease itself. Green lease clauses — requirements embedded in tenant agreements around energy reporting, contractor ESG standards, and waste management — give asset managers a contractual mechanism to drive Scope 3 data collection that facility managers simply cannot replicate.

    The Institute for Market Transformation’s Green Lease Leaders program and BOMA’s own sustainability frameworks both provide templates. The opportunity is to extend the same logic to contractor agreements — requiring vendors like restoration companies to provide RCP-compliant emissions data as a condition of contract.

    What This Series Covers

    This BOMA Scope 3 series on Tygart Media examines the Scope 3 challenge specifically through the property owner and asset manager lens. We cover GRESB reporting obligations, green lease strategy, SB 253 and CSRD compliance for real estate entities, and the contractor data gap that sits at the intersection of both the BOMA and IFMA worlds.

    The RCP thread runs through all of it — because whether you are a corporate occupier FM or a property owner, the restoration contractor showing up after a loss event is generating Scope 3 emissions that belong in someone’s inventory. This series is about making sure yours is complete.

    Frequently Asked Questions

    Does GRESB require Scope 3 Category 1 contractor data?

    GRESB’s Real Estate Assessment includes supply chain and contractor emissions as part of its environmental data collection. While the specific weighting evolves annually, institutional investors using GRESB increasingly expect property owners to demonstrate Scope 3 supply chain visibility. Gaps in contractor data weaken your GRESB score and signal portfolio risk to asset managers.

    How is a property owner’s Scope 3 different from a tenant’s?

    Property owners report Scope 3 from the asset ownership perspective — including downstream tenant emissions (Category 13), upstream contractor supply chain (Category 1), and capital project emissions. Tenants report from the occupier perspective — primarily Category 1 for their own purchased services. The same building can appear in both inventories under different Scope 3 categories.

    What is the Restoration Carbon Protocol and why does it matter to BOMA members?

    The Restoration Carbon Protocol (RCP) is an industry self-standard that gives restoration contractors a structured framework for calculating and reporting the Scope 3 Category 1 emissions associated with their work. For BOMA members, RCP-compliant contractors provide the data needed to close the contractor gap in your GHG inventory — supporting GRESB reporting, CDP responses, and SB 253 compliance.

  • GRESB vs CDP vs SB 253: Which ESG Framework Actually Governs Your FM Operations

    GRESB vs CDP vs SB 253: Which ESG Framework Actually Governs Your FM Operations

    If you are a facility manager trying to understand your Scope 3 ESG obligations, you have almost certainly encountered three acronyms that sound similar but operate very differently: GRESB, CDP, and SB 253. Each one creates real obligations for FM operations — but they apply to different organizations, require different data, and serve different audiences. This article maps the landscape so you can determine which frameworks govern your program and what each one specifically requires from your contractor data collection.

    GRESB: The Asset-Level Framework

    GRESB (the Global Real Estate Sustainability Benchmark) is an investor-driven ESG assessment framework for real estate portfolios. It is primarily used by property owners, REITs, and real estate investment managers who need to demonstrate sustainability performance to institutional investors.

    Who it primarily affects: BOMA-type property owners and real estate investors. If you are an FM at a corporate occupier — a company that uses its buildings for operations, not as investment assets — GRESB is typically your asset manager’s problem, not yours.

    What it asks about contractors: GRESB’s Real Estate Assessment includes questions about green building certifications, energy performance, and sustainability policies for construction and renovation projects. It does not currently have a Scope 3 contractor data requirement comparable to GHG Protocol Category 1. However, GRESB is evolving its framework to incorporate more supply chain data as investor pressure increases.

    IFMA relevance: Low to medium, unless your corporate occupier organization owns its real estate portfolio and participates in GRESB as both occupier and investor. In that case, GRESB and GHG Protocol obligations overlap.

    CDP: The Voluntary Disclosure Framework

    CDP (formerly the Carbon Disclosure Project) operates a global disclosure system that allows companies to report their environmental data to investors, purchasers, and the public. CDP’s Supply Chain program specifically requests Scope 3 data from suppliers — which means your organization may receive CDP questionnaires from your own customers asking about the emissions associated with the services you provide to them.

    Who it primarily affects: Companies that participate voluntarily in CDP disclosure, and companies whose corporate customers require supplier CDP responses. CDP is used by many large corporate occupiers as a sustainability disclosure mechanism.

    What it asks about contractors: CDP’s corporate questionnaire includes Scope 3 Category 1 disclosure. If your organization reports to CDP, you are expected to include Category 1 emissions from your contractors — including restoration vendors — in your response. CDP accepts activity-based and spend-based estimates; it also tracks year-over-year improvement in data quality.

    IFMA relevance: High for FM teams at organizations that participate in CDP or whose parent companies have signed CDP commitments. CDP is often the first Scope 3 reporting pressure FM teams experience, because it is voluntary but publicly visible — investors and customers can see whether your organization reports and how complete your data is.

    SB 253: The Mandatory Disclosure Framework

    California SB 253 — the Climate Corporate Data Accountability Act — is mandatory, not voluntary. It requires companies with over $1 billion in annual revenue doing business in California to disclose Scope 1, 2, and 3 emissions on a phased schedule: Scope 1/2 starting in 2026 (for fiscal year 2025 data), Scope 3 starting in 2027 (for fiscal year 2026 data). Reports must be independently verified by a CARB-registered third-party auditor.

    Who it primarily affects: Any company doing business in California with over $1 billion in annual revenue. This is a wide net — it captures many large corporate occupiers regardless of headquarter location.

    What it asks about contractors: SB 253 uses GHG Protocol methodology, which requires reporting all material Scope 3 categories. Category 1 (contractors and suppliers) is a mandatory category under the GHG Protocol for most organizations. Restoration contractors are a Category 1 source. SB 253’s independent verification requirement means your auditor will scrutinize the quality of your Category 1 data — spend-based estimates will be accepted but flagged as lower quality than activity-based data.

    IFMA relevance: High for FM teams at large corporate occupiers doing business in California. This is the framework with the hardest deadline and the most compliance consequence.

    EU CSRD: The European Mandatory Framework

    For completeness: the EU Corporate Sustainability Reporting Directive (CSRD) applies to large EU companies and, in some cases, non-EU companies with significant EU operations or revenue. CSRD requires disclosure under the European Sustainability Reporting Standards (ESRS), which include Scope 3 under ESRS E1. Like SB 253, it requires third-party verification and covers supply chain emissions.

    IFMA relevance: High for FM teams at multinational corporate occupiers with European operations. CSRD and SB 253 overlap in their Scope 3 requirements, meaning data infrastructure built for one framework largely serves both.

    The Framework Decision Matrix

    FrameworkVoluntary or MandatoryWho It Applies ToContractor Scope 3 Required?IFMA FM Priority
    GRESBVoluntary (investor-driven)Real estate owners and investorsNot directly — asset-level focusLow (unless dual occupier/investor)
    CDPVoluntaryCompanies disclosing to investorsYes — Category 1 in corporate questionnaireMedium-High (if your org participates)
    SB 253Mandatory>$1B revenue, does business in CAYes — GHG Protocol Category 1High (if threshold met)
    EU CSRDMandatoryLarge EU companies + some non-EUYes — ESRS E1 Scope 3High (if European operations)

    What This Means for Contractor Data Collection

    If your organization is subject to SB 253, or participates in CDP, or both — you need Category 1 contractor data. The specific data points required are the same across all three frameworks because they all use GHG Protocol methodology as their basis. Building a contractor data collection process that satisfies GHG Protocol Category 1 requirements will satisfy SB 253, CDP, and CSRD simultaneously.

    The Restoration Carbon Protocol is designed to produce exactly that data. Its output — the per-job RCP Carbon Report — maps to Category 1 inputs for all three frameworks. FM teams that implement RCP-compliant vendor requirements do not need to build separate data collection processes for each framework.

    Frequently Asked Questions

    If my company participates in GRESB, do I still need to collect contractor Scope 3 data?

    GRESB’s current framework focuses on asset-level energy and water performance rather than supply chain Scope 3 data. However, if your organization also participates in CDP or is subject to SB 253 or CSRD, those frameworks require contractor Category 1 data regardless of GRESB participation. Check which frameworks your sustainability team is reporting to.

    Can I use one dataset to satisfy multiple frameworks?

    Yes. Because GRESB, CDP, SB 253, and CSRD all use GHG Protocol methodology as their technical basis, data collected to satisfy one framework’s Scope 3 Category 1 requirements is compatible with the others. Build the data collection process once; use it across all frameworks your organization reports to.

    Part of the IFMA Scope 3 series on tygartmedia.com. Sources: GRESB, CDP, California Air Resources Board / SB 253, GHG Protocol.

  • How to Build a Scope 3 Contractor Compliance Checklist for Your FM Program

    How to Build a Scope 3 Contractor Compliance Checklist for Your FM Program

    Scope 3 compliance for facility managers is fundamentally a vendor management problem. You cannot calculate your Category 1 emissions without data from your contractors, and you cannot get data from contractors without a systematic process for requesting, receiving, and storing it. This article provides a practical checklist for building that process — one that works for FM teams of any size and scales as your contractor pool grows.

    Free Interactive Workbook

    Use the live Scope 3 contractor compliance workbook

    Map your contractor categories, tier vendors, generate the contract clause, and export a complete program summary. Five phases. Live calculations. No signup.

    Open the workbook →

    Phase 1: Vendor Inventory and Prioritization

    Before you can build a Scope 3 data collection process, you need to know which contractors generate material emissions on your behalf. Not all vendors are equal Scope 3 risks — prioritize based on emission intensity and spend.

    Step 1: Map your contractor categories

    List every category of contractor your FM program engages. For most corporate FM teams, the highest emission-intensity contractor categories are:

    • Emergency restoration (water, fire, mold, hazmat) — diesel-heavy equipment, waste streams, episodic but high-intensity
    • Construction and tenant improvements — embodied carbon in materials, significant waste
    • HVAC maintenance and retrofits — refrigerant handling, combustion equipment
    • Grounds and landscaping — fuel-burning equipment, fertilizer (N₂O emissions)
    • Janitorial and facility services — lower intensity but high volume

    Step 2: Score by emission intensity × annual spend

    Multiply each category’s estimated emission intensity (high/medium/low) by your annual spend in that category. The highest-scoring categories are your priority Scope 3 data gaps. Emergency restoration typically scores high on intensity even when annual spend is variable, because a single large water damage event can generate a meaningful emissions figure.

    Phase 2: Vendor Qualification Updates

    Step 3: Add Scope 3 capability questions to RFP and vendor qualification forms

    For new vendor solicitations, add the following questions to your qualification criteria:

    • Does your organization track greenhouse gas emissions associated with individual project work?
    • Are you familiar with GHG Protocol Scope 3 Category 1 methodology?
    • Have you adopted the Restoration Carbon Protocol (for restoration vendors)?
    • Can you provide a per-project emissions summary upon project completion?
    • What job management system do you use, and does it support emissions data export?

    Step 4: Tier your existing vendors

    Survey your existing contractor pool with the same questions. Categorize vendors into three tiers: Tier 1 (already tracking emissions data), Tier 2 (willing to adopt a framework with support), and Tier 3 (unable or unwilling to provide data). Tier 3 vendors become a procurement risk factor — flag for transition to Tier 1 or 2 alternatives at contract renewal.

    Phase 3: Contract Language

    Step 5: Add Scope 3 data provisions to new contracts

    For restoration contractors specifically, reference the Restoration Carbon Protocol as the accepted methodology standard. For other contractor categories, reference GHG Protocol Scope 3 Category 1 methodology and specify the data fields required. Include:

    • Obligation to provide a per-project emissions summary within 30 days of completion
    • Minimum data fields required (fuel, vehicle miles, waste type and weight, equipment hours)
    • Accepted methodology standard (RCP for restoration; GHG Protocol Category 1 for others)
    • Data format and delivery method (PDF report, CSV, or API-compatible format)
    • Right to audit contractor data collection processes during the contract term

    Phase 4: Data Collection and Storage

    Step 6: Establish a receiving process for contractor emissions reports

    Decide where contractor emissions data will live in your FM systems. Options include: a dedicated folder in your CMMS work order system attached to each job record, a shared ESG data repository managed by your sustainability team, or a direct integration with your ESG reporting platform. The key is that every restoration job has an associated emissions record — not a separate tracking system you have to reconcile at year-end.

    Step 7: Build a gap-filling protocol for missing data

    Some contractors will not provide data even after you request it. Build a proxy calculation protocol for data gaps using spend-based or activity-based estimation. The RCP provides proxy tables for restoration jobs. For other categories, the GHG Protocol’s Scope 3 Calculation Guidance provides spend-based emission factors you can apply to invoice data.

    Phase 5: ESG Inventory Integration

    Step 8: Integrate contractor data into your annual Scope 3 Category 1 calculation

    At the end of each fiscal year, compile all contractor emissions reports and proxy estimates into your Scope 3 Category 1 input. Document your methodology, note which vendors provided primary data and which required proxy estimation, and flag any material gaps for disclosure in your ESG report. Most third-party ESG auditors will accept a documented methodology with known limitations more readily than an unexplained data gap.

    The Checklist Summary

    • ☐ Map contractor categories by emission intensity and annual spend
    • ☐ Score and prioritize: emergency restoration at the top
    • ☐ Add Scope 3 capability questions to vendor qualification forms
    • ☐ Tier existing vendors (1=tracking, 2=willing, 3=unable)
    • ☐ Add Scope 3 data provision clause to new contracts (reference RCP for restoration)
    • ☐ Establish data receiving process in your CMMS or ESG platform
    • ☐ Build proxy protocol for data gaps
    • ☐ Integrate into annual Scope 3 Category 1 calculation with documented methodology

    Part of the IFMA Scope 3 series on tygartmedia.com.