ESG 2025–2030

ESG Policy

Responsibility, transparency and sustainable development embedded in our organization''s DNA

“The greatest environmental impact of a consulting firm is not its office — it''s the hundreds of organizations it guides toward sustainable practices.”

— Łukasz Grabowski, CEO of FIB.CODE

ISO certifications (9001 + 27001)

100%

remote / hybrid work

data breach incidents

regulatory compliance areas

Environment

We minimize our footprint, maximize awareness

As an advisory firm with low industrial impact, our direct environmental footprint is limited. However, this does not exempt us from responsibility.

Digital-first Operations

We operate a fully remote and hybrid work model. Documentation, internal audits, and client communications are based on digital tools.

Carbon Footprint Measurement

We commit to calculating and monitoring the company''s carbon footprint in Scopes 1, 2, and relevant Scope 3 categories per the GHG Protocol.

Green IT Infrastructure

We choose cloud service providers that declare climate neutrality. We monitor the energy efficiency of our IT solutions.

Circular Economy

IT equipment is used until end-of-life, then transferred to certified recycling facilities.

Energy Efficiency Audits

As a firm conducting energy audits, we actively help clients identify energy savings.

Business Travel Offsetting

Client travel is monitored and offset through support for certified CO₂ reduction projects.

Social

People at the center of every decision

Digital security is, above all, about protecting people. Our social responsibility extends beyond our team.

Employee Development

Every team member has an individual competency development plan. Minimum 40 training hours per person annually.

Data Protection & Privacy

We hold ISO/IEC 27001:2022 certification, with an implemented ISMS, incident response procedures and a zero-breach policy.

Pro Bono Cybersecurity

We deliver cybersecurity training for local government units as part of the ''Cybersecure Municipality'' program.

Wellbeing & Work-Life Balance

Hybrid work model, flexible hours, mental health support. A culture built on trust and autonomy.

Education & Knowledge Sharing

We conduct technical and business training. We publish educational materials on cybersecurity.

Diversity & Inclusion

We apply objective competency-based recruitment criteria. We ensure equal pay for equal work.

Governance

Transparency embedded in our DNA

As an audit firm, we must be a model of corporate governance. Our management systems are the foundation of trust.

Certified Management Systems

ISO 9001:2015 and ISO/IEC 27001:2022 certified by DNV. Surveillance audits every 12 months.

Code of Ethics

An implemented Code of Ethics governing conduct, conflicts of interest, anti-corruption policy and whistleblowing.

Anti-Corruption Policy

Zero tolerance for corruption. Due diligence procedures for partners and subcontractors.

Regulatory Compliance

Active monitoring and implementation of requirements: GDPR, NIS-2, DORA, Cybersecurity Act, AML.

Transparency & Reporting

We are preparing for ESRS/CSRD-compliant reporting from the moment we fall within regulatory scope.

Business Continuity

An implemented Business Continuity Plan (BCP) compliant with ISO 22301. Regular contingency plan testing.

We measure what we manage

We transparently report on the degree of implementation of our ESG commitments.

Quality Management System ISO 9001100%

Information Security ISO 27001100%

Carbon Footprint Calculation (Scope 1+2+3)35%

DEI Policy60%

CSRD/ESRS Reporting Readiness45%

Pro Bono Cybersecurity Program80%

Roadmap 2025–2030

Q2 2025

Baseline Carbon Footprint Calculation

Full GHG emissions inventory in Scopes 1, 2, and relevant Scope 3 categories.

Q4 2025

Emission Reduction Target -30% by 2030

Formal adoption of an emission reduction target covering travel, IT, and office energy.

Q1 2026

Sustainable Procurement Policy

Implementation of ESG criteria in the supplier and subcontractor selection process.

Q2 2026

ESRS-Compliant ESG Report

Publication of the first ESG report with a double materiality analysis.

2027

ISO 14001 Certification

Implementation of an environmental management system as a complement to the integrated system.

2028

Operational Climate Neutrality

Achieving neutrality in Scopes 1 and 2 through reduction, green energy, and offsetting.

2030

ESG Leader in the Cybersecurity Sector

Becoming the reference company combining cybersecurity, compliance, and sustainable development.

Our actions in the context of the SDGs

We identify and support those UN Sustainable Development Goals that are most relevant to our operations.

Quality Education

Affordable Clean Energy

Decent Work & Growth

Industry & Innovation

Responsible Consumption

Climate Action

Peace & Justice

Partnerships

Compliance with international standards

CSRD / ESRS

European sustainability reporting standard

GHG Protocol

International standard for greenhouse gas emissions calculation

GRI Standards

Framework for reporting impact on economy, environment, and society

UN SDGs

17 United Nations Sustainable Development Goals

ISO 27001 / 9001

Certified information security and quality management systems

ISO 50001 / 50002

Energy management systems and energy audit

NIS-2 / DORA

EU directives on cybersecurity and digital operational resilience

EU Taxonomy

Classification of environmentally sustainable activities

Questions? Suggestions? We''d love to talk.

Please direct any questions regarding our ESG policy to:

Łukasz Grabowski

CEO / ESG Lead

l.grabowski@fibcode.com

This ESG Policy was adopted by the Board of FIB.CODE Sp. z o.o. The policy is subject to annual review and update.

FIB.CODE Sp. z o.o. · NIP: 637-220-84-21 · KRS: 0000804872

Last updated: February 2026 · Version 1.0

Fib.Code