The Environmental, Social and Governance (ESG) agenda involves practices and controls that guide companies to reduce environmental impacts, strengthen relationships with people, and operate with governance and compliance. At Plusoft, initiatives are already under way to support this direction and consolidate an organizational culture aligned with established objectives.
What does ESG mean in the context of Plusoft
ESG brings together environmental, social, and governance criteria that influence internal decisions, relationships with stakeholders, and market requirements. In the context of a technology company, ESG is directly connected to resource consumption, accessibility, information security, controls, audits, and recognized standards.
Environmental and infrastructure initiatives
Move to an office with a focus on sustainability and accessibility
Plusoft recently moved to a new office, with selection criteria guided by accessibility, mobility, and building sustainability items. The location makes it easier for employees, partners, and customers to access and contributes to travel logistics.
Building structure and available resources
The building has resources associated with ESG practices, with measurable operational impacts and facilities for different user profiles:
- Recycle bins for correct recycling, including electronic disposal
- 24-hour bike rack, with support for traveling by bicycle
- Reuse of rainwater for toilets and urinals
- LED lamps, with electrical savings and the absence of mercury in the composition
The building records reduction of approximately 20% in electricity consumption compared to other commercial buildings. The economizing devices in valves and faucets support savings of 45% in water consumption.
Environmental certification of the building
The building received the LEED Gold Level Certification (Leadership in Energy and Environmental Design), granted by USGBC (United States Green Building Council) for projects with internationally recognized sustainability criteria. This type of certification is relevant in the purchasing and compliance processes of companies that require formal evidence of environmental practices.
Governance and information security initiatives
Governance in the ESG context depends on processes, training, audits, and certifications that support the consistent execution of internal policies. At Plusoft, part of this effort focuses on information security and operational quality, with recurring and verifiable routines.
Annual Safe Development Training
On an annual basis, Plusoft conducts training with an external company for developers and infrastructure staff. The content addresses topics associated with risks and controls in the development cycle, with a practical focus on reducing vulnerabilities:
- Source code weaknesses
- Risks in medium and low level languages
- OWASP and Top 10 web risks
- Software Development Life Cycle (SDLC)
- Application safety tests
This training acts as a preventive measure and reduces operational risk in system projects and maintenance.
Annual Information Security Awareness
Awareness is applied annually to all employees, focusing on individual responsibilities, protection routines, and adherence to the Information Security Policy. Reinforced topics include practices related to passwords, access controls, and privileged access management.
This format facilitates the standardization of conduct and reduces incidents caused by process and behavioral failures.
Internal Audits in Support Processes
Every four months, the Governance area audits the processes in the Support area, following guidelines from CSS HDI, a set of best practices for managing services in support centers. CSS aligns with frameworks and practices such as:
- ITIL® (Information Technology Infrastructure Library)
- KCS (Knowledge Centered Support)
The periodic audit creates evidence of control, points out opportunities for improvement, and supports consistency in the quality of care.
Revalidations of ISO 27001
Plusoft is certified by ISO 27001 since 2017. A recertification audit takes place every three years, which re-evaluates the Information Security Management System. Within the three-year cycle, annual revalidation audits (internal and external) are carried out, with sample verification to confirm that the controls remain in compliance with the guidelines.
This auditing cycle increases the reliability of the management system and reduces the risk of divergence between policy and practice.
How do these initiatives connect to ESG in practice
The office's environmental initiatives generate objective evidence of reduced consumption and adherence to building sustainability standards. Governance initiatives reinforce controls, training, audits, and certifications, which are criteria often required in supplier evaluation and compliance programs.
Frequently Asked Questions (FAQ)
What is ESG in practice?
ESG in practice involves implemented and measurable environmental, social, and governance actions, with evidence such as policies, training, audits, certifications, and indicators.
What environmental initiatives has Plusoft implemented?
The company moved to an office building with features such as rainwater reuse, LED lighting, structured recycling and 24-hour bike rack, in addition to LEED Gold certification.
How does Plusoft work on information governance and security?
The company conducts annual training, awareness programs, internal audits in support, and maintains ISO 27001 certification with periodic revalidations.
Why are LEED and ISO 27001 relevant to ESG?
LEED provides evidence of sustainability in infrastructure. ISO 27001 formalizes information security management, with controls and audits that support governance and compliance.
