Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Close
Ask Tai
Ask Tai
Global Impact Report 2025 Back

Stewarding good

governance and ethics

 

Compliance, data protection, security, ESG and risk management are integrated into our corporate strategy and embedded into day-to-day business operations. Our Board of Directors and cross-functional management teams oversee ESG-related matters, such as strategy, disclosure and business goals.

 

Collage of four images of Thoughtworkers laughing. Some are holding signs which mention our values: Foster a vibrant community, pursuit of excellense, amplify positive social change.
Collage of four images of Thoughtworkers laughing. Some are holding signs which mention our values: Foster a vibrant community, pursuit of excellense, amplify positive social change.

ESG Governance

List of policies and guidlines, with icons: Cybersecurity; Global information security policy with systems and functions section; Data protection policy, AI Compliance policy. Risk: Risk evaluation and escalation procedure. Compliance: Data protection policy, privacy policy, accessibility statement, modern slavery statement, integrity helpline (formal complaints process) and Speak up policy.
List of policies and guidlines, with icons: Cybersecurity; Global information security policy with systems and functions section; Data protection policy, AI Compliance policy. Risk: Risk evaluation and escalation procedure. Compliance: Data protection policy, privacy policy, accessibility statement, modern slavery statement, integrity helpline (formal complaints process) and Speak up policy.

Policies and guidelines

 

We anchor our governance through a comprehensive suite of policies designed to uphold the highest standards of institutional integrity and operational resilience. These guidelines, alongside others, provide the structured oversight necessary to navigate complex business landscapes while safeguarding Thoughtworks.

List of policies and guidlines, with icons: Cybersecurity; Global information security policy with systems and functions section; Data protection policy, AI Compliance policy. Risk: Risk evaluation and escalation procedure. Compliance: Data protection policy, privacy policy, accessibility statement, modern slavery statement, integrity helpline (formal complaints process) and Speak up policy.
List of policies and guidlines, with icons: Cybersecurity; Global information security policy with systems and functions section; Data protection policy, AI Compliance policy. Risk: Risk evaluation and escalation procedure. Compliance: Data protection policy, privacy policy, accessibility statement, modern slavery statement, integrity helpline (formal complaints process) and Speak up policy.

Training and awareness

 

To ensure these policies are more than just static documents, we prioritize a culture of continuous learning. These initiatives translate our formal guidelines into actionable knowledge, empowering every Thoughtworker to recognize risks and uphold our high standards of integrity.

 

A lozenge shaped infographic, with a layer for each type of training. 1. Security awareness training (for new joiners, a one off); Compliance / code of conduct training (Annual, mandatory for ALL TWers, including anti-corruption and anti-bribery). Cyber security training (annual, mandatory for all TWers, includes responsible AI). AI assisted / Agentic system development training (role specific, ongoing courses as required). Supplier training: Compliance training for all contractors and third parties, who need to acknowledge and comply with our ABAC policy and Code of Conduct. Also, all suppliers must sign and abide by our Sustainable procurement policy.
A lozenge shaped infographic, with a layer for each type of training. 1. Security awareness training (for new joiners, a one off); Compliance / code of conduct training (Annual, mandatory for ALL TWers, including anti-corruption and anti-bribery). Cyber security training (annual, mandatory for all TWers, includes responsible AI). AI assisted / Agentic system development training (role specific, ongoing courses as required). Supplier training: Compliance training for all contractors and third parties, who need to acknowledge and comply with our ABAC policy and Code of Conduct. Also, all suppliers must sign and abide by our Sustainable procurement policy.

Risk management and compliance

Three Thoughtworkers chatting around a laptop. All have dark hair, and are wearing casual clothes - AI cubes are dancing around the laptop.
Three Thoughtworkers chatting around a laptop. All have dark hair, and are wearing casual clothes - AI cubes are dancing around the laptop.

To manage and address risks across our global business and safeguard our people, clients and operations, Thoughtworks: 

 

  • Integrates compliance and risk management into corporate strategy and day-to-day business operations through our Global Security Risk Management program and subsequent implementation of risk mitigation action plans. 

  • Prioritizes risk areas using a standard risk scale, for equivalent evaluation and escalation across all operations. 

  • Conducts routine risk assessments, and updates our risk management strategies as needed. 

  • Regularly reports identified risks and mitigation strategies to the highest executive level, as well as to the Board. 

  • Maintains clear internal processes for the reporting and escalation of risk events to minimize negative impacts and prevent recurrence, considering the risks exposure over the short, intermediate and long term. 

  • Maintains channels for reporting concerns, including an independent Integrity Helpline that may be used anonymously.

Abstract illustrations from the Global Impact Report
Abstract illustrations from the Global Impact Report

Incident response plan 
 

Thoughtworks has a defined global incident management process and procedure. Additionally, and more importantly for every engagement, account teams create specific Incident Response Plans based on our individual client's procedures and policies. Security events are handled through Thoughtworks' incident management procedure to identify and mitigate weaknesses early. This also ensures continuous exercising and training on incident response across the organization.

 

ISO certifications 

 

In 2024 we launched our ISO 27001:2022 certification journey, initially focusing on a few offices for certification. Building on this foundation and commitment to continuously maturing our security posture, we expanded our journey globally and now all Thoughtworks offices are ISO 27001:2022 certified

 

Reporting frameworks and disclosures

 

Images of the reporting frameworks and disclosures for 2025: Science Based Targets Initiative, CDP (Carbon disclosure project), ecovadis and United Nations Global Compact.
Images of the reporting frameworks and disclosures for 2025: Science Based Targets Initiative, CDP (Carbon disclosure project), ecovadis and United Nations Global Compact.

The UN Sustainable Development Goals (SDGs)

 

Our work, values and principles contribute to many of the UN’s SDGs. We believe we can make the greatest impact across these six areas:

The UN SDG logos for the six most relevant areas to Thoughtworks: 3. Good health and wellbeing; 4. Quality education, 9. Industry, innovation and infrastructure, 10. Reduced inequalities, 13. Climate action.
The UN SDG logos for the six most relevant areas to Thoughtworks: 3. Good health and wellbeing; 4. Quality education, 9. Industry, innovation and infrastructure, 10. Reduced inequalities, 13. Climate action.

Explore other chapters

Advocating for responsible tech
Read now
Leading with inclusion
Read now
Partnering for social change
Read now
Attracting, growing and retaining our people
Read now

Explore the full Global impact report

Download now

Footnotes

 

[1] Representative as of December 2025 . Gender composition of the entire board is shown.