AWS Cloud Enterprise Strategy Blog
IT and ESG Part Two: How IT Can and Must Further the Company’s ESG Efforts
In my previous post I explained why environmental, social, and corporate governance (or ESG) has become such an important concern for enterprises; why it is a strategic consideration; why it rises to the level of the board of directors’ attention; and how it differs from corporate social responsibility (CSR) in that it requires the company’s deliberate and rational effort to ingrain social responsibility throughout its processes and to deliver accountability and transparency to stakeholders. I believe that IT and digital technology play a major role in delivering on ESG initiatives.
We often talk about the cultural change and the shift in mental models needed for an organization to thrive in the digital age. In this post I mean to suggest that we need a further change in culture and mental models to make ESG an aspect of everything we do. So how can IT promote ESG strategies? Let’s see.
Governing for environmental, social, and ethical impacts, like many of the other goals we set ourselves in the digital age, starts with data. And it’s IT, of course, that makes data available to the rest of the enterprise. For data to serve ESG governance, it must be continuously available, rather than ad-hoc and patchy. IT needs to think through the best data model to support ESG planning and measurement, source the data, and make it available in dashboards, reports, and operational intelligence that drives immediate process adjustments. ESG data can then be used both in the company’s improvement efforts and in disclosures to the public, and should include critical measures of workforce diversity and environmental impacts.
Engineering for Sustainability
Working in the cloud has tremendous sustainability advantages: on average, Amazon Web Services (AWS) runs workloads with a carbon footprint that 88% lower than when a company datacenter runs workloads. We can do this because we achieve a higher capacity utilization of our servers; because we design our infrastructure for low energy consumption; because we work with our power vendors to use renewable energy; and because we generate our own renewable energy through wind and solar farms.
The environmental consequences of each piece of code depend on (1) the design of the code, (2) the number of times it is executed, and (3) the energy efficiency and carbon footprint of the datacenter. In other blog posts we’ve circled around the idea of treating the financial cost of running a piece of code as an engineering parameter to be optimized1 (this is the main idea of FinOps). Companies can likewise treat sustainability as an engineering parameter to be optimized. Simply put: they can design their code to be sustainable.
The role IT plays in sustainability goes much further. Companies use energy in many of their day-to-day operations. Some have fleets of vehicles to deliver goods. Some have manufacturing equipment. Most have climate control in their facilities. Digital technology can help reduce the resulting environmental impacts. For example, technology can optimize the routes of vehicles and use sensors and machine learning to ensure that equipment operates correctly and minimizes its energy needs.
As for the “governance” aspect of ESG, IT departments should measure and disclose the environmental impacts of running their infrastructure, incentivize teams to design sustainable code, and prioritize features that will help reduce the environmental impacts of day-to-day business operations.
Workforce Diversity, Equity, Inclusion (DEI), and Wellness
Let’s face it—technology organizations are not and have not been diverse and inclusive enough. And in technology organizations the stakes are especially high: I previously wrote about the importance of diversity and inclusion when it comes to making IT teams innovative and successful. In addition, since technology is so central to everything companies do today, and since the IT organization touches so many parts of the enterprise, diversity in IT can have a ripple effect through the rest of the enterprise. IT systems, for example, play a role in HR’s efforts to measure and manage diversity. IT can enable workforce diversity by making sure its systems are accessible for people with disabilities and by making it easier to work remotely (so that parents who need to care for children, people in remote and underdeveloped areas, and people with disabilities can work as equals within the company).
How, specifically, can IT govern itself to support DEI? Systems should be designed from the ground up with accessibility in mind—not just in compliance with a set of accessibility requirements, but based on a user experience design that incorporates a broad range of users. The culture of the IT department—historically set by a nondiverse IT workforce—must become more inclusive. IT and the rest of the company must do better at hiring candidates from historically underrepresented or unrepresented groups, particularly with new capabilities technology has given us. Specifically, we need to hire in underdeveloped locations, allow work-from-home options, and make accommodations for employees with disabilities. IT must look after its employees, developing their skills and coaching them in their long-range career planning.
I’ve just learned of an interesting option to increase diversity: although IT organizations often resist hiring for entry-level skills, doing so expands the potential labor market considerably. Entry-level skills are perfectly appropriate for some IT roles, and the company can then further develop these employee’s skills. As a more general point, IT organizations should review their job descriptions to make sure their prerequisites do not unnecessarily exclude groups of potential employees who could do the job (for example, is a college degree really necessary for some technical roles?). AWS re/Start is a program that trains unemployed or underemployed populations with entry-level cloud skills and then places them with companies that continue their training. Please consider becoming a re/Start employer.
The COVID-19 pandemic has focused attention on employee wellness, and IT plays an important role in this sphere as well. Beyond supporting a healthy work-life balance through remote working and collaboration tools, IT can ensure that its systems are high-quality, usable, and appropriate for the job to be done—important factors in increasing employee satisfaction and reducing stress.
Product Safety and Inclusiveness
Businesses are responsible for ensuring that their products are safe for customers to use. More than that, their products must be able to be used equally and inclusively by all users.
This is another reason that having diverse employee teams is critical: diverse teams are more likely to understand the needs of underserved customer segments and ensure that products are designed for inclusivity and equity. In his book Humans vs Computers, Gojko Adzic tells stories of IT systems that didn’t consider all the usage scenarios they would face. It becomes clear that some of what we typically think of as “edge cases” are actually matters of inclusivity, such as “name” fields in IT systems that can’t accept names from certain cultures. His examples include the following:
- IT systems that can’t handle people with a single name, like U Thant, the Burmese Secretary-General of the UN, where “U” is not a name but an honorary title, and Sukarno, the first president of Indonesia
- IT systems that impose arbitrary length limits on names; one system was unable to handle a 35-letter Hawaiian last name
- IT systems that reject through “validation” single-letter names, like O Rissei, the Japanese go player
- IT systems that refuse names with certain accent marks, including the Hawaiian ‘okina2
To these I’d add the challenge of names that don’t fit neatly into the first name–middle name–last name structure, like some Hispanic surnames and hyphenated last names.
The safety of a product often depends on the safety of the software embedded in it and in the digital interactions purchasers have with the company. During the pandemic we’ve seen many “unsafe” digital interactions—for example, vaccine appointment-scheduling software that makes it too difficult for vulnerable populations to get vaccinated. The Healthcare.gov rollout was plagued by scalability problems that made it difficult for people to get health insurance. This is as much a safety issue as defective software that controls medical devices, or—especially—critical systems that are vulnerable to security breaches, like the recent hack of a water supply system in an attempt to poison the local population. To act responsibly on behalf of customers, companies must keep their technology secure.
Software quality control, resilience, and design inclusivity are all ESG concerns.
Privacy and Data Security
Customers entrust businesses with their personal data; businesses then have an obligation to keep that data private and secure. This obligation goes beyond compliance with standards and formal frameworks. In an earlier article I talked about the importance of creating a culture of security in which everyone across the enterprise considers safeguarding customer data to be their personal responsibility. That’s so; but IT still plays a critical role in implementing privacy practices and advising the rest of the company on data protection.
Companies that successfully secure data don’t do it just by bolting on security to existing systems; they do it by designing for privacy and security. Just as DevOps teams need to design and build their code with operations in mind, they also need to address privacy and security concerns throughout their software development processes as well. Access to data should be carefully controlled and data should always be encrypted at rest and in transit. I can’t go too much deeper into good contemporary privacy practices in a short blog post—plenty of material is already available on that subject—so I’ll just say that security and privacy enforcement are obligations of any socially responsible business, and a key element of ESG.
Vendors and Partners
I mentioned before that environmental and social improvements in IT can have a ripple effect through the rest of the enterprise. They can also have a ripple effect throughout the entire supply chain. IT organizations should insist that the vendors they work with also have effective ESG measures in place (including, by the way, their cloud providers…more on that it an upcoming post). Companies throughout the supply chain need to be told by their customers that ESG is important, just as your company needs to be accountable to its customers for your own ESG performance. IT’s ability to meet its ESG goals depends on the performance of its vendors; it’s no use to say that you’ve reduced your carbon footprint within your company if you’ve started using a new vendor with a bloated carbon footprint.
Your Mission: Build ESG In
In my previous post, I explained why ESG is so important to your company. It’s both a short-term tactical concern and a long-term strategic imperative, and it requires the board of directors’ attention. In this post, I’ve shown how your company’s success with ESG depends critically on your IT organization and your digital initiatives. Many of my other blog posts have been about how IT is vital to company strategy in the digital age. Here I add: IT must also accept the responsibility for its central role in ESG and corporate social responsibility.
To get started, IT organizations should accept ESG goals: transparency, sustainability, workforce diversity, quality, and vendor management at the least. These goals should translate directly into changes in process and governance that “build ESG in” just as we have previously talked about “building quality in.” Your company’s ESG goals are sure to have a profound and positive effect on our world.
1 For example, see: Gamifying Marginal Cost, FinDev and Serverless Microeconomics, Introducing FinOps, and Micro-Optimization
2 Gojko Adzic, Humans vs Computers, Neuri Consulting (London: 2017) pp 52–62.