GHG Protocol

International

v2015

5 domains

28 controls

The Greenhouse Gas Protocol Corporate Accounting and Reporting Standard (Revised Edition 2004/2015) and Corporate Value Chain (Scope 3) Accounting and Reporting Standard (2011). Published by the World Resources Institute (WRI) and the World Business Council for Sustainable Development (WBCSD). The most widely used international accounting tool for government and business to understand, quantify, and manage greenhouse gas emissions.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (5)

Reporting Principles

5 controls

Five core principles for GHG accounting and reporting

Controls in the Reporting Principles domain of GHG Protocol — 5 controls
Code	Title	Description
GHG-PRIN-1	Relevance	Ensure the GHG inventory appropriately reflects the GHG emissions of the company and serves the decision-making needs of...
GHG-PRIN-2	Completeness	Account for and report on all GHG emission sources and activities within the chosen inventory boundary. Disclose and jus...
GHG-PRIN-3	Consistency	Use consistent methodologies to allow for meaningful comparison of emissions over time. Transparently document any chang...
GHG-PRIN-4	Transparency	Address all relevant issues in a factual and coherent manner, based on a clear audit trail. Disclose assumptions and ref...
GHG-PRIN-5	Accuracy	Ensure that the quantification of GHG emissions is systematically neither over nor under actual emissions, and that unce...

Scope 1: Direct Emissions

4 controls

GHG emissions from sources owned or controlled by the company

Controls in the Scope 1: Direct Emissions domain of GHG Protocol — 4 controls
Code	Title	Description
GHG-S1-1	Stationary Combustion	Emissions from combustion of fuels in stationary equipment (boilers, furnaces, turbines, heaters, incinerators, engines,...
GHG-S1-2	Mobile Combustion	Emissions from combustion of fuels in company-owned or controlled transportation (trucks, trains, ships, airplanes, buse...
GHG-S1-3	Process Emissions	Emissions from physical or chemical processing (e.g., CO2 from cement calcination, PFC from aluminum smelting, N2O from...
GHG-S1-4	Fugitive Emissions	Intentional and unintentional releases (e.g., equipment leaks from joints, seals; methane from coal mines; HFC/PFC from...

Scope 2: Indirect Energy Emissions

4 controls

GHG emissions from purchased energy consumed by the company

Controls in the Scope 2: Indirect Energy Emissions domain of GHG Protocol — 4 controls
Code	Title	Description
GHG-S2-1	Purchased Electricity	Indirect emissions from the generation of purchased electricity consumed by the company.
GHG-S2-2	Purchased Steam	Indirect emissions from the generation of purchased steam consumed by the company.
GHG-S2-3	Purchased Heating	Indirect emissions from the generation of purchased heating consumed by the company.
GHG-S2-4	Purchased Cooling	Indirect emissions from the generation of purchased cooling consumed by the company.

Scope 3: Downstream Categories

7 controls

Value chain emissions - downstream categories 9-15

Controls in the Scope 3: Downstream Categories domain of GHG Protocol — 7 controls
Code	Title	Description
GHG-S3-10	Processing of Sold Products	Category 10: Emissions from processing of intermediate products sold by downstream companies.
GHG-S3-11	Use of Sold Products	Category 11: Emissions from end use of goods and services sold by the reporting company.
GHG-S3-12	End-of-Life Treatment of Sold Products	Category 12: Emissions from waste disposal and treatment of products sold by the reporting company at the end of their l...
GHG-S3-13	Downstream Leased Assets	Category 13: Emissions from operation of assets owned by the reporting company and leased to others.
GHG-S3-14	Franchises	Category 14: Emissions from operation of franchises not included in Scope 1 and 2.
GHG-S3-15	Investments	Category 15: Emissions associated with the reporting company's investments, not already included in Scope 1 or 2 (releva...
GHG-S3-9	Downstream Transportation and Distribution	Category 9: Emissions from transportation and distribution of sold products in vehicles not owned by the reporting compa...

Scope 3: Upstream Categories

8 controls

Value chain emissions - upstream categories 1-8

Controls in the Scope 3: Upstream Categories domain of GHG Protocol — 8 controls
Code	Title	Description
GHG-S3-1	Purchased Goods and Services	Category 1: Emissions from extraction, production, and transportation of goods and services purchased by the reporting c...
GHG-S3-2	Capital Goods	Category 2: Emissions from extraction, production, and transportation of capital goods purchased by the reporting compan...
GHG-S3-3	Fuel- and Energy-Related Activities (Not in Scope 1 or 2)	Category 3: Emissions related to production of fuels and energy purchased and consumed, not in Scope 1 or 2 (includes up...
GHG-S3-4	Upstream Transportation and Distribution	Category 4: Emissions from transportation and distribution of products purchased, in vehicles not owned or controlled by...
GHG-S3-5	Waste Generated in Operations	Category 5: Emissions from third-party disposal and treatment of waste generated in the reporting company's operations.
GHG-S3-6	Business Travel	Category 6: Emissions from transportation of employees for business-related activities in vehicles not owned by the repo...
GHG-S3-7	Employee Commuting	Category 7: Emissions from transportation of employees between homes and worksites in vehicles not owned by the reportin...
GHG-S3-8	Upstream Leased Assets	Category 8: Emissions from operation of assets leased by the reporting company not already included in Scope 1 and 2.

Maps to 184 other frameworks

28 total controls

EU Taxonomy Regulation (Regulation 2020/852)

4 source controls mapped|3 target controls covered

14%

EU Taxonomy Regulation

4 source controls mapped|3 target controls covered

14%

EU SFDR (Sustainable Finance Disclosure Regulation)

4 source controls mapped|4 target controls covered

14%

CDP Corporate Questionnaire

3 source controls mapped|3 target controls covered

11%

Science Based Targets initiative (SBTi) Corporate Standard

3 source controls mapped|3 target controls covered

11%

CDP (formerly Carbon Disclosure Project)

3 source controls mapped|3 target controls covered

11%

Science Based Targets Initiative (SBTi) — Net-Zero Standard

3 source controls mapped|3 target controls covered

11%

BREEAM — Building Research Establishment Environmental Assessment Method

3 source controls mapped|3 target controls covered

11%

IEC 60601-1 — Medical Electrical Equipment Safety

3 source controls mapped|1 target controls covered

11%

NIST AI 600-1 Generative AI Profile

3 source controls mapped|2 target controls covered

11%

ISO 26000:2010

3 source controls mapped|2 target controls covered

11%

ISO 14064 — Greenhouse Gas Accounting and Verification (Parts 1-3)

3 source controls mapped|3 target controls covered

11%

NIST AI Risk Management Framework (AI RMF 1.0)

3 source controls mapped|1 target controls covered

11%

ITU Radio Regulations and Space Security Standards

3 source controls mapped|1 target controls covered

11%

OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023 Update)

3 source controls mapped|1 target controls covered

11%

ICMM Mining Principles (2024 Update)

3 source controls mapped|1 target controls covered

11%

SASB Standards (ISSB Integrated)

3 source controls mapped|1 target controls covered

11%

SASB Standards

3 source controls mapped|1 target controls covered

11%

IEC 62351 — Power Systems Communication Security

2 source controls mapped|2 target controls covered

US Gramm-Leach-Bliley Act (GLBA) — Higher Education Safeguards Rule

2 source controls mapped|3 target controls covered

FATF 40 Recommendations

2 source controls mapped|4 target controls covered

FTC Safeguards Rule (16 CFR Part 314)

2 source controls mapped|4 target controls covered

FTC GLBA Safeguards Rule (16 CFR Part 314)

2 source controls mapped|4 target controls covered

OWASP Top 10:2025

1 source controls mapped|1 target controls covered

Spain ENS

1 source controls mapped|3 target controls covered

CSA STAR (Security, Trust, Assurance, and Risk)

1 source controls mapped|1 target controls covered

DoD Zero Trust Reference Architecture

1 source controls mapped|3 target controls covered

OWASP DevSecOps Maturity Model (DSOMM)

1 source controls mapped|1 target controls covered

ICH E6(R3) — Good Clinical Practice

1 source controls mapped|1 target controls covered

EU Cyber Resilience Act

1 source controls mapped|1 target controls covered

FISMA

1 source controls mapped|3 target controls covered

Australian Energy Sector Cyber Security Framework (AESCSF)

1 source controls mapped|1 target controls covered

FFIEC Cybersecurity Assessment Tool (CAT)

1 source controls mapped|1 target controls covered

CSA CCM v4

1 source controls mapped|3 target controls covered

CAIQ (CSA)

1 source controls mapped|1 target controls covered

Belgium CyberFundamentals

1 source controls mapped|3 target controls covered

HL7 FHIR Security Framework

1 source controls mapped|3 target controls covered

BSIMM

1 source controls mapped|1 target controls covered

ANSSI Cybersecurity Framework

1 source controls mapped|3 target controls covered

BSI IT-Grundschutz

1 source controls mapped|3 target controls covered

Ghana Cybersecurity Act

1 source controls mapped|3 target controls covered

CISA Zero Trust Maturity Model

1 source controls mapped|3 target controls covered

Canada Artificial Intelligence and Data Act (AIDA)

1 source controls mapped|1 target controls covered

FedRAMP Rev 5

1 source controls mapped|3 target controls covered

CMMC 2.0

1 source controls mapped|3 target controls covered

OWASP ASVS

1 source controls mapped|1 target controls covered

AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)

1 source controls mapped|1 target controls covered

NIST SP 800-171A Rev 3 — Assessing CUI Security Requirements

1 source controls mapped|1 target controls covered

NYDFS Cybersecurity Regulation (23 NYCRR Part 500)

1 source controls mapped|3 target controls covered

HIPAA Security Rule

1 source controls mapped|2 target controls covered

ETSI EN 303 645

1 source controls mapped|1 target controls covered

ISO/IEC 27011:2024

1 source controls mapped|1 target controls covered

EU GMP Annex 11 — Computerised Systems

1 source controls mapped|1 target controls covered

C5 (Germany)

1 source controls mapped|1 target controls covered

NIST SP 800-171A — Assessing CUI Security Requirements

1 source controls mapped|3 target controls covered

FDA 21 CFR Part 11

1 source controls mapped|1 target controls covered

Azure Security Benchmark

1 source controls mapped|1 target controls covered

California IoT Security Law

1 source controls mapped|1 target controls covered

IACS Unified Requirements E26/E27 — Cyber Resilience of Ships and On-Board Systems

1 source controls mapped|2 target controls covered

UK Defence Standard 05-138 — Cyber Security for Defence Suppliers

1 source controls mapped|1 target controls covered

MITRE D3FEND

1 source controls mapped|1 target controls covered

Cyber Essentials Plus

1 source controls mapped|3 target controls covered

GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6

1 source controls mapped|1 target controls covered

AWS Well-Architected Security Pillar

1 source controls mapped|1 target controls covered

3GPP Security

1 source controls mapped|1 target controls covered

ISO 27017

1 source controls mapped|1 target controls covered

NIST SP 800-183

1 source controls mapped|1 target controls covered

ISO/SAE 21434

1 source controls mapped|1 target controls covered

PAS 1192-5:2015 — Security-Minded Approach to BIM and Digital Built Environments

1 source controls mapped|2 target controls covered

Canada ITSG-33 — IT Security Risk Management

1 source controls mapped|2 target controls covered

New Zealand Information Security Manual (NZISM)

1 source controls mapped|2 target controls covered

MARS-E — Minimum Acceptable Risk Standards for Exchanges

1 source controls mapped|2 target controls covered

South Korea Cloud Security Assurance Program (CSAP)

1 source controls mapped|2 target controls covered

NRC 10 CFR 73.54 — Nuclear Facility Cybersecurity

1 source controls mapped|2 target controls covered

ISO 27001:2022

1 source controls mapped|1 target controls covered

NIST SP 800-150

1 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5

1 source controls mapped|3 target controls covered

DISA Security Technical Implementation Guides (STIGs)

1 source controls mapped|3 target controls covered

UK PSTI Act

1 source controls mapped|1 target controls covered

NIST SP 800-190

1 source controls mapped|1 target controls covered

NIST SP 800-66

1 source controls mapped|1 target controls covered

OWASP MASVS

1 source controls mapped|1 target controls covered

ASD Information Security Manual (ISM)

1 source controls mapped|3 target controls covered

NIST SP 800-181

1 source controls mapped|1 target controls covered

ISO/IEC 25012:2008 — Data Quality Model

1 source controls mapped|1 target controls covered

OWASP SAMM

1 source controls mapped|1 target controls covered

NIST SP 800-115

1 source controls mapped|1 target controls covered

NIST SP 800-172

1 source controls mapped|3 target controls covered

TEFCA — Trusted Exchange Framework and Common Agreement

1 source controls mapped|1 target controls covered

NIST SP 800-161

1 source controls mapped|1 target controls covered

NIST SP 800-145

1 source controls mapped|1 target controls covered

ISO 27002:2022

1 source controls mapped|1 target controls covered

NIST SP 800-53A

1 source controls mapped|3 target controls covered

ISMAP (Japan)

1 source controls mapped|1 target controls covered

UNECE WP.29 R156

1 source controls mapped|1 target controls covered

NIST SP 800-92

1 source controls mapped|1 target controls covered

NIST SP 800-171

1 source controls mapped|3 target controls covered

NIST SP 800-61

1 source controls mapped|1 target controls covered

NIST SP 800-88

1 source controls mapped|1 target controls covered

CISA Secure by Design Principles

1 source controls mapped|1 target controls covered

UNECE WP.29 R155

1 source controls mapped|1 target controls covered

PIC/S Guide to Good Manufacturing Practice for Medicinal Products

1 source controls mapped|1 target controls covered

Saudi NCA ECC

1 source controls mapped|3 target controls covered

UK Gambling Commission — Cyber Resilience Requirements

1 source controls mapped|1 target controls covered

CFTC System Safeguards (17 CFR 37, 38, 39, 49)

1 source controls mapped|1 target controls covered

GLI-33 — Gaming Laboratories International Event Wagering Systems

1 source controls mapped|1 target controls covered

EIOPA Guidelines on ICT Security and Governance (2020)

1 source controls mapped|1 target controls covered

TISAX — Trusted Information Security Assessment Exchange

1 source controls mapped|3 target controls covered

Telecommunications Sector Security Reforms (TSSR)

1 source controls mapped|1 target controls covered

Defence Security Principles Framework (DSPF)

1 source controls mapped|1 target controls covered

Protective Security Policy Framework (PSPF) Release 2024

1 source controls mapped|1 target controls covered

NIST Privacy Framework 1.0

1 source controls mapped|1 target controls covered

NIST SP 800-144

1 source controls mapped|1 target controls covered

NAIC Insurance Data Security Model Law (MDL-668)

1 source controls mapped|1 target controls covered

MTCS (Singapore)

1 source controls mapped|1 target controls covered

MARS-E

1 source controls mapped|1 target controls covered

Sigstore — Software Artifact Signing and Verification

1 source controls mapped|1 target controls covered

NIST SP 800-123

1 source controls mapped|1 target controls covered

NIST SP 800-187

1 source controls mapped|1 target controls covered

MDS2 (Medical Device)

1 source controls mapped|1 target controls covered

SLSA

1 source controls mapped|1 target controls covered

ISO 27018

1 source controls mapped|1 target controls covered

SWIFT Customer Security Programme (CSP)

1 source controls mapped|1 target controls covered

ASIC Cyber Resilience Good Practices

1 source controls mapped|1 target controls covered

TSA Pipeline Cybersecurity Directives

1 source controls mapped|1 target controls covered

NIST SP 800-218

1 source controls mapped|1 target controls covered

MITRE ATT&CK

1 source controls mapped|1 target controls covered

HITECH Act

1 source controls mapped|1 target controls covered

ISO 27799

1 source controls mapped|1 target controls covered

O-RAN Alliance Security Specifications (O-RAN.WG11)

1 source controls mapped|1 target controls covered

PCI DSS v4.0

1 source controls mapped|3 target controls covered

ISO 27043

1 source controls mapped|1 target controls covered

SSDF (NIST)

1 source controls mapped|1 target controls covered

ISO 13485

1 source controls mapped|1 target controls covered

NIST SP 800-63

1 source controls mapped|1 target controls covered

OpenSSF Scorecard

1 source controls mapped|1 target controls covered

SIG (Shared Assessments)

1 source controls mapped|1 target controls covered

NIST SP 800-82 Rev 3 — Guide to OT Security

1 source controls mapped|1 target controls covered

NIST SP 800-146

1 source controls mapped|1 target controls covered

US Executive Order 14028 — Improving the Nation's Cybersecurity

1 source controls mapped|1 target controls covered

NIST SP 800-160

1 source controls mapped|1 target controls covered

NIST SP 800-207

1 source controls mapped|1 target controls covered

PTES

1 source controls mapped|1 target controls covered

NIST SP 800-128

1 source controls mapped|1 target controls covered

South Korea ISMS-P

1 source controls mapped|1 target controls covered

NIST SP 800-137

1 source controls mapped|1 target controls covered

Basel III International Banking Framework

1 source controls mapped|3 target controls covered

Digital Economy Partnership Agreement (DEPA)

1 source controls mapped|1 target controls covered

UAE Virtual Asset Regulatory Authority (VARA) Regulations

1 source controls mapped|1 target controls covered

Bank Secrecy Act / Anti-Money Laundering (BSA/AML)

1 source controls mapped|4 target controls covered

Singapore Payment Services Act 2019 (PSA) — Digital Payment Token Provisions

1 source controls mapped|2 target controls covered

US EPA Safe Drinking Water Act (SDWA) — Cybersecurity Requirements

1 source controls mapped|1 target controls covered

UK Modern Slavery Act 2015

1 source controls mapped|1 target controls covered

Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

1 source controls mapped|1 target controls covered

Philippines Cybercrime Prevention Act (RA 10175)

1 source controls mapped|1 target controls covered

Canada's Anti-Spam Legislation (CASL)

1 source controls mapped|1 target controls covered

Zambia Data Protection Act (2021)

1 source controls mapped|1 target controls covered

UK Telecommunications (Security) Act 2021

1 source controls mapped|1 target controls covered

Modern Slavery Act 2018 (Australia)

1 source controls mapped|1 target controls covered

AML/CTF Act 2006 (Australia)

1 source controls mapped|1 target controls covered

EU Digital Markets Act

1 source controls mapped|1 target controls covered

Nevada Gaming Control Board Cybersecurity Requirements

1 source controls mapped|1 target controls covered

Lloyd's Minimum Standards — Cyber Security

1 source controls mapped|1 target controls covered

India CERT-In Cyber Security Directions 2022

1 source controls mapped|1 target controls covered

Colorado AI Act (SB 24-205)

1 source controls mapped|1 target controls covered

APRA CPS 230 Operational Risk Management

1 source controls mapped|1 target controls covered

EU PSD3 and Payment Services Regulation (Proposed)

1 source controls mapped|3 target controls covered

IFRS 17 — Insurance Contracts

1 source controls mapped|1 target controls covered

Florida Digital Bill of Rights (SB 262)

1 source controls mapped|1 target controls covered

Nigeria Open Banking Regulatory Framework (CBN, 2023)

1 source controls mapped|1 target controls covered

GRI Standards

1 source controls mapped|1 target controls covered

NABERS — National Australian Built Environment Rating System

1 source controls mapped|3 target controls covered

CSRD

1 source controls mapped|1 target controls covered

Security of Critical Infrastructure Act 2018 (SOCI)

1 source controls mapped|1 target controls covered

ISO 14001

1 source controls mapped|1 target controls covered

LEED v4.1 — Green Building Rating System (US Green Building Council)

1 source controls mapped|2 target controls covered

ISO 56002

1 source controls mapped|3 target controls covered

ISO 41001:2018 — Facility Management Systems

1 source controls mapped|3 target controls covered

ISO 39001:2012 — Road Traffic Safety Management

1 source controls mapped|3 target controls covered

ISO 37002:2021 — Whistleblowing Management Systems

1 source controls mapped|3 target controls covered

ISO 50001:2018 — Energy Management Systems

1 source controls mapped|3 target controls covered

ISO 22313:2020 — Guidance on Business Continuity Management Systems

1 source controls mapped|3 target controls covered

ISSB Standards

1 source controls mapped|1 target controls covered

TCFD Recommendations

1 source controls mapped|1 target controls covered

Compare GHG Protocol with EU Taxonomy Regulation (Regulation 2020/852)

Frequently Asked Questions

What is GHG Protocol?

GHG Protocol is a compliance framework from International with 5 domains and 28 controls. The Greenhouse Gas Protocol Corporate Accounting and Reporting Standard (Revised Edition 2004/2015) and Corporate Value Chain (Scope 3) Accounting and Reporting Standard (2011). Published by the World Resources Institute (WRI) and the World Business Council for Sustainable Development (WBCSD). The most widely used international accounting tool for government and business to understand, quantify, and manage greenhouse gas emissions. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does GHG Protocol have?

GHG Protocol has 28 controls organised across 5 domains. The largest domains are Scope 3: Upstream Categories (8 controls), Scope 3: Downstream Categories (7 controls), Reporting Principles (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does GHG Protocol map to?

GHG Protocol maps to 184 other compliance frameworks. The top mapping partners are EU Taxonomy Regulation (Regulation 2020/852) (14% coverage), EU Taxonomy Regulation (14% coverage), EU SFDR (Sustainable Finance Disclosure Regulation) (14% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with GHG Protocol compliance?

Start your GHG Protocol compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about GHG Protocol requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 28 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.

Get Started Free →

Free forever — no credit card required