What is ISSA 5000?
If your organisation is preparing for external verification of its sustainability disclosures, or expects to be required to do so under CSRD or UK reporting rules, you will likely encounter ISSA 5000. For compliance managers and sustainability professionals, the standard has direct implications for how carbon data is collected, documented, and justified before an assurance provider ever reviews it. Understanding what ISSA 5000 requires helps you assess whether your current reporting processes would hold up to scrutiny.
Quick Answer: ISSA 5000 (International Standard on Sustainability Assurance 5000) is the global standard published by the International Auditing and Assurance Standards Board (IAASB) that sets out the requirements for assurance engagements on sustainability information. It applies to any sustainability topic, covers both limited and reasonable assurance, and became effective on 15 December 2026, replacing the previous greenhouse gas-specific standard ISAE 3410. For organisations that report on carbon emissions or broader ESG metrics, ISSA 5000 defines what independent verification of that information must look like.
What is ISSA 5000?
ISSA 5000 is the first profession-agnostic international standard for sustainability assurance. The IAASB published it in 2024, and it sets out the general requirements that assurance providers must follow when verifying sustainability disclosures, whether those disclosures relate to carbon emissions, social metrics, biodiversity, governance, or any other ESG topic.
Before ISSA 5000, ISAE 3410 governed assurance on greenhouse gas statements, a narrower standard focused specifically on GHG inventories. ISSA 5000 supersedes ISAE 3410 with effect from 15 December 2026, replacing a patchwork of topic-specific standards with a single, consistent framework that works across all sustainability reporting.
The standard is framework-neutral. It applies regardless of whether an organisation reports under the GHG Protocol, ESRS, ISSB standards, or another recognised framework. The assurance provider's job is to assess whether the organisation prepared the sustainability information fairly in all material respects against whichever criteria it has adopted.
What does ISSA 5000 actually require?
ISSA 5000 sets requirements across several areas that organisations and their assurance providers must address.
Defined criteria and methodology. Organisations must align their sustainability disclosures with a recognised reporting framework. Assurance providers assess whether the organisation prepared the information in accordance with that framework, so the choice of criteria matters and organisations must document it clearly.
Materiality across two dimensions. The standard supports both financial materiality (how sustainability issues affect business performance) and impact materiality (how the organisation affects people and the environment). This dual approach mirrors the direction of major regulatory frameworks, including CSRD.
Evidence and documentation. Assurance providers require sufficient, appropriate evidence. This means organisations need traceable audit trails, documented assumptions, clear calculation methodologies, and structured internal controls. Ad hoc or manual data collection processes are unlikely to meet this bar.
Independence. Assurance providers must remain independent and comply with applicable ethical and quality management requirements. In the UK-adopted version, ISSA (UK) 5000, the standard explicitly prohibits external assurance providers from receiving direct assistance from the organisation's internal audit function, reinforcing the objectivity of the process.
Two levels of assurance. ISSA 5000 covers both limited assurance and reasonable assurance engagements. Limited assurance involves a narrower set of procedures and results in a conclusion expressed in negative form ("nothing has come to our attention to suggest..."). Reasonable assurance is more rigorous, involves deeper testing, and results in a positive conclusion. The appropriate level depends on regulatory requirements, stakeholder expectations, and the maturity of the organisation's data systems.
Why does ISSA 5000 matter for carbon accounting?
For organisations measuring and reporting their carbon footprint, ISSA 5000 raises the bar on data quality in concrete ways.
Assurance providers will scrutinise Scope 1, Scope 2, and Scope 3 calculations. They will expect clear justification for the emissions factors used, documented sources for supplier data, and consistent reporting boundaries year on year. A carbon inventory that was acceptable for internal management purposes or voluntary disclosure may not meet the evidential standards required for a formal assurance engagement.
Specifically, organisations preparing for ISSA 5000 assurance on their emissions reporting should expect:
- A documented methodology that traces every emissions source to a recognised calculation approach
- Justification for the choice of emissions factors, including where the reporting organisation used supplier-specific data or product carbon footprints
- Internal controls that prevent errors and maintain consistency across reporting periods
- Alignment with the GHG Protocol, ISO 14064, or another recognised standard as the stated criteria
This is a meaningful shift for any organisation that has historically relied on spend-based estimates across the board or collected data through inconsistent manual processes. The standard does not prohibit spend-based approaches, but it does require that the methodology is transparent, justified, and consistently applied.
Seedling assures its carbon accounting outputs align with the GHG Protocol, with documented assumptions, data sources, emissions factors, and estimates, which gives organisations a solid foundation when preparing for external assurance under ISSA 5000.
Which organisations are affected by ISSA 5000?
ISSA 5000 is relevant to any organisation whose sustainability disclosures are subject to, or likely to become subject to, independent assurance. In practice, this includes:
- UK-listed and large private companies preparing climate-related financial disclosures
- Companies within scope of the EU's Corporate Sustainability Reporting Directive (CSRD), which mandates limited assurance on sustainability reporting from the outset, with a pathway to reasonable assurance over time
- Organisations setting or validating science-based targets, where stakeholders increasingly scrutinise the credibility of the underlying emissions inventory
- Companies in supply chain-intensive sectors where customers or investors are requesting verified emissions data
Smaller organisations not currently subject to mandatory assurance requirements are not directly obligated to comply with ISSA 5000. However, as supply chain transparency expectations grow, larger customers and procurement frameworks increasingly request verified emissions data. Organisations that build assurance-ready data practices now are better positioned to respond to those requests without significant rework.
How does ISSA 5000 fit into the wider regulatory landscape?
ISSA 5000 sits at the centre of a broader shift toward mandatory, verified sustainability reporting. Several regulatory developments connect directly to it.
CSRD. The EU's Corporate Sustainability Reporting Directive requires assurance on sustainability information for in-scope companies. ISSA 5000 is the standard assurance providers use for those engagements. Companies reporting under CSRD that have UK operations or subsidiaries will encounter ISSA 5000 requirements directly.
UK SDR. The UK government is developing its own SDR framework, expected to draw heavily on IFRS S1 and S2 from the ISSB. As those requirements take shape, ISSA (UK) 5000, which the FRC published in November 2025, provides the assurance framework that will underpin UK-specific sustainability reporting obligations.
Transition from ISAE 3410. The IAASB withdrew the previous standard for GHG assurance, ISAE 3410, with effect from 15 December 2026. Any assurance engagement on a greenhouse gas statement initiated after that date falls under ISSA 5000. Organisations and their auditors that relied on ISAE 3410 need to understand the differences, particularly the broader scope and more demanding documentation requirements of the new standard.
What does this mean in practice?
The practical implication for organisations measuring carbon emissions is that the quality of the underlying data, the transparency of the methodology, and the strength of internal controls are no longer just good practice. They are the foundation on which external assurance depends. Getting that foundation right before an assurance engagement begins is considerably less costly than addressing gaps once the process is underway.




