Carbon Management Solution

Track and measure an organisation's greenhouse gas emissions from direct and indirect business activities by calculating carbon footprint using recognised emissions factors, enabling businesses to monitor, report, and manage their environmental impact effectively.

Instructions

• This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.

• 🔴 Mandatory questions: Must answer "Yes" to continue

• 🟡 Preferred questions: Can answer either way and continue

• Follow the question flow as indicated

Q1 🔴 Mandatory - Cloud-Based Solution

Main Question: Is your solution cloud-based, offering secure, scalable, and accessible services from anywhere with an internet connection?

🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]

Q2 🔴 Mandatory - Organisation-level Scope 1 and 2 and/ or Product/ service-Level Carbon Emissions Calculation

Main Question: Does your solution calculate Scope 1 and 2 carbon emissions at the organisation level and/or calculate carbon emissions at the product/service level, in accordance with the GHG Protocol, ISO 14064-1, ISO 14040, 14044, 14067, PAS 2050, or other sector-specific methodologies?

Examples: a. Scope 1: direct emissions from owned or controlled sources (e.g. company facilities, company vehicles). b. Scope 2: indirect emissions from the generation of purchased energy (e.g. purchased electricity, steam, heating and cooling) consumed by the reporting company). c. Cradle-to-grave product/ service-level carbon emissions: includes all emissions associated with the full life cycle, from raw material extraction or service inputs to end-of-life treatment, covering both upstream and downstream supply chains. d. Cradle-to-gate product/ service-level carbon emissions: includes all emissions from raw material extraction or service inputs up to the point the product leaves the factory gate or service delivery - i.e. before distribution, use, or disposal.

Submission Requirements: Please indicate the level at which your solution calculates carbon emissions: a. Organisation level b. Product/service level c. Both organisation and product/service levels

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q3] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q3 🟡 Preferred - Organisation-level Scope 3 Emissions Calculation

Main Question: Does your solution calculate Scope 3 at the organisation level, in accordance with the GHG protocol and/or ISO 14064-1?

Examples: a. Indirect emissions from upstream activities i. Purchase of goods and services ii. Capital goods iii. Fuel and energy related activities iv. Transportation and distribution v. Waste generated in operations vi. Business travel vii. Employee commuting viii. Leased assets

b. Indirect emissions from downstream activities i. Transportation and distribution ii. Processing of sold products iii. Use of sold products iv. End-of-life treatment of sold products v. Leased assets vi. Franchises vii. Investments

🟡 Answer: ○ Yes [Next: Q4] ○ No [Next: Q4]

Q4 🔴 Mandatory - Emission Factors for Carbon Footprint Calculation

Main Question: Does your solution calculate carbon emissions for the company's activities and products based on locally developed emissions factors such as SEFR, EMA and internationally recognised emission factors such as IPCC, IEA, EPA, or UK DEFRA, or sector-specific emission factors (e.g. Ecoinvent, GaBi)?

Examples: a. Suggest the appropriate emission factor to use based on the company's sector, country of operation, or product/service. b. Allow the company will be able to overwrite the solution's emission factor suggestion and select the relevant emissions factor to use. c. Accommodate the addition of emissions factors that may be developed in future.

🔴 Answer: ○ Yes [Next: Q5] ○ No [⚠️ Cannot Proceed]

Q5 🔴 Mandatory - Guidance and Support Provision

Main Question: Does your solution provide guidance and support on setting up and navigating the system?

Example: Company gets guidance on the necessary data to input and where to input data into the system.

🔴 Answer: ○ Yes [Next: Q6] ○ No [⚠️ Cannot Proceed]

Q6 🟡 Preferred - Optimisation and Decarbonisation Roadmap

Main Question: Does your solution incorporate target-setting and recommend decarbonisation pathways and solutions?

Examples: a. Get advice and recommendations on emissions reduction b. Enable target setting and tracking to allow monitoring of emissions performance over time c. Recommend and prioritise suitable abatement solutions and is able to estimate emissions savings through various solution adoption

🟡 Answer: ○ Yes [Next: Q7] ○ No [Next: Q7]

Q7 🔴 Mandatory - Emissions Report Generation

Main Question: Does your solution translate accounting data into an emissions report, including emissions summary and emissions hotspots?

Example: Company uses the solution to generate an emissions report including year-on-year comparisons (if available) of its emissions profile and hotspots.

🔴 Answer: ○ Yes [Next: Q8] ○ No [⚠️ Cannot Proceed]

Q8 🟡 Preferred - Public Reporting and Disclosures on International Platforms

Main Question: Does your solution facilitate the generation of a sustainability report in line with frameworks such as ISSB, GRI, SASB, or TCFD and disclosure on international platforms such as CDP or SBTi?

Example: Company is able to use the solution to compile data required for public reporting and disclosures on international platforms.

🟡 Answer: ○ Yes [Next: Q9] ○ No [Next: Q9]

Q9 🟡 Preferred - Emissions Data Verification

Main Question: Does your solution suport verification/ assurance of emissions data?

Examples:

1. Company can obtain verified emissions reports that align with national or international regulatory requirements (e.g. CBAM).

2. Company can obtain verified emissions reports to meet buyer/ financial institution requests.

🟡 Answer: ○ Yes [Next: Q10] ○ No [Next: Q10]

Q10 🟡 Preferred - Benchmarking

Main Question: Does the solution compare the company's sustainability performance against industry benchmarks and identify areas for improvement?

Examples: a. Company is able to understand its relative emissions performance against industry peers. b. Suggest potential areas for improvement according to industry best practices.

🟡 Answer: ○ Yes [Next: Q11] ○ No [Next: Q11]

Q11 🟡 Preferred - Supply Chain Emissions Management

Main Question: Does your solution track and manage supply chain emissions?

Example: The solution provides access to company's supply chain to directly provide data and view selected dashboards.

🟡 Answer: ○ Yes [Next: Q12] ○ No [Next: Q12]

Q12 🔴 Mandatory - Data Collection

Main Question: Does your solution support multiple data collection methods beyond manual data entry, such as CSV imports, data from sensors, auto-population from invoices, and other sources, to enable the management and analysis of data related to carbon emissions?

Examples: a. Manual data entry: Enable manual data entry via user-friendly interface. b. Data from sensors: Automatically collects real-time electricity usage data from sensors installed. c. Invoice processing: Integrate with company's accounting software to automatically extract relevant data from utility bills and fuel invoices. d. Integration with ERP: Connect with company's Enterprise Resource Planning (ERP) system to collect data. e. Third-party data APIs: Connect to external APIs to collect relevant data for auto-population into the system.

🔴 Answer: ○ Yes [Next: Q13] ○ No [⚠️ Cannot Proceed]

Q13 🔴 Mandatory - Emissions Dashboards

Main Question: Does your solution include a dashboard that allows for visualising data, including overall emissions profile and breakdown by scope?

Examples: a. Overview: Company owners use a high-level dashboard showing total emissions across all scopes. Interactive charts allow them to drill down into specific regions or business units with a single click. b. Emissions breakdown: Sustainability teams use stacked bar charts and treemaps to visualise the breakdown (reflect percentage split) of emissions by source and by scope.

Technical Requirements: Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation.

The dashboard must include at least one of the following interactive features: Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard

🔴 Answer: ○ Yes [Next: Q14] ○ No [⚠️ Cannot Proceed]

Q14 🔴 Mandatory - User-Friendly Interface

Main Question: Does your solution provide an intuitive and role-based interface, allow users to save and retrieve data from their last login session, and easily translate data (e.g. dashboards and reports) into printable, exportable and user-friendly formats?

Examples: a. Intuitive navigation: A manager based overseas, with minimal training, easily navigates the system to input data. The experienced sustainability director in Singapore efficiently drills down through multiple layers of data using consistent, logical menu structures. b. Role-based dashboards: When logging in, each user sees a dashboard relevant to their role and responsibilities. c. Saving and exporting data: User can easily save and retrieve data from last log in session and data (e.g. emissions dashboards and reports) can be easily translated into printable, exportable and user-friendly formats.

🔴 Answer: ○ Yes [Next: Q15] ○ No [⚠️ Cannot Proceed]

Q15 🟡 Preferred - AI Features

Main Question: Does your solution incorporate artificial intelligence capabilities to enhance carbon accounting processes, such as data collection through proxies, predictive analytics, anomaly detection, automated data categorisation or natural language processing?

🟡 Answer: ○ Yes [Next: Q16] ○ No [Next: Q17]

--

Q16 🔴 Mandatory Follow-up - AI Features - Elaboration

This question appears only if you answered "Yes" to Q15

Main Question: Describe your AI feature and its benefits. Examples are: a. Data collection through proxies: Fill data gaps using suitable proxies and indicate relevant source information b. Predictive analytics: Forecast future emissions based on historical data and planned activities c. Anomaly detection: Automatically flag unusual spikes in emissions data for further investigation d. Automate data categorisation: Categorise and allocate emissions data to the correct scopes and categories e. Natural language processing: Extract relevant emissions data from unstructured text in invoices or reports

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q17] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q17 🔴 Mandatory - Business Data Extraction

Main Question: Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 Answer: ○ Yes [Next: Q18] ○ No [⚠️ Cannot Proceed]

Q18 🟡 Preferred - Personal Data Collection

Main Question: Does your digital solution collect, use, disclose, process or dispose personal data?

🟡 Answer: ○ Yes [Next: Q19] ○ No [Next: Q21]

--

Q19 🔴 Mandatory Follow-up - Personal Data Protection

This question appears only if you answered "Yes" to Q18

Main Question: Can your solution demonstrate compliance with the following Personal Data Protection requirements?

Compliance Requirements: Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at https://go.gov.sg/pdp.

🔴 Answer: ○ Yes [Next: Q20] ○ No [⚠️ Cannot Proceed]

--

Q20 🔴 Mandatory Follow-up - Vulnerability Assessment/Penetration Testing (VA/PT)

This question appears only if you answered "Yes" to Q19

Main Question: Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months? The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

Submission Requirements: Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

Note: [1] Qualified third-party refers to: CREST-certified companies [ https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q21] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload]

Q21 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 Answer: ○ Yes [Next: Q22] ○ No [Next: Q24]

--

Q22 🟡 Preferred - CEM for Product Principal

This question appears only if you answered "Yes" to Q21

Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Additional Information: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q23] ○ No [Assessment Finished]

--

Q23 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

This question appears only if you answered "Yes" to Q22

Main Question: Please specify the following information: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors ii. The cybersecurity certification the organisation has met iii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details] Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload]

Q24 🟡 Preferred - CEM for Resellers

This question appears only if you answered "No" to Q21

Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Additional Information: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q25] ○ No [Assessment Finished]

--

Q25 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

This question appears only if you answered "Yes" to Q24

Main Question: Please specify the following information: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details] Date of Issue Required: [Date Field] Upload Supporting Document Required: [File Upload]