Climate Change Data

Nuix Limited

Climate Impact & Sustainability Data (2021-07 to 2022-06)

Reporting Period: 2021-07 to 2022-06

Environmental Metrics

ESG Focus Areas

  • Climate Change
  • Social Responsibility
  • Governance

Environmental Achievements

  • Recycles all unwanted or used computer equipment annually, avoiding this equipment contributing to landfill and causing greenhouse gas emissions.

Social Achievements

  • Nuix matches staff donations made to supported causes. Nuix offers one day of volunteer leave for all staff globally.
  • Implemented risk management measures in accordance with ISO/IEC 27001:2013 – Information Technology – Security Techniques – Information Security Risk Management (Second Edition) Standard.
  • Maintains ISO 27001:2013 certification and in 2020 was assessed to host Australian Government data classified as PROTECTED under the Information Security Registered Assessors Program (iRAP).

Governance Achievements

  • Established corporate governance practices formally embodied in corporate governance policies and codes adopted by the Board.
  • Implemented Risk Management Framework (RMF) aligned to the ISO31000 Risk Management Standard.

Climate Goals & Targets

Short-term Goals:
  • Become Net Zero or Carbon Neutral for global operations.

Environmental Challenges

  • ASIC commenced civil proceedings alleging deficient market disclosure of ACV and statutory revenue.
  • Attracting and retaining talent in a competitive global environment.
  • Competition in the market.
  • Partner distribution channel performance.
  • Integrating acquisitions.
  • Data privacy and protection.
  • Cybersecurity incidents.
  • Product strategy and innovation.
  • Product functionality and performance.
  • Open-source software vulnerabilities.
  • Intellectual property protection.
  • Legal and regulatory compliance.
  • Contractual risks.
  • Maintaining accreditations and certifications.
  • Litigation.
  • Funding and refinancing.
  • Financial risks (foreign exchange, credit, liquidity).
  • Business continuity and third-party reliance.
  • Environmental, Social, and Governance (ESG) risks and expectations.
Mitigation Strategies
  • Nuix denies the allegations and intends to defend the proceedings.
  • Values-led business strategy, remuneration strategy, board committees, flexible work policies, communication, and manager training.
  • Multi-horizon customer-centric strategy, sales enablement optimization, market monitoring, strong customer relationships.
  • Partner program focused on strategic partnerships, relationship management, partner portal, enablement, training, and advisory council.
  • Board oversight, due diligence, integration roadmaps, and milestone planning.
  • In-house expertise, privacy policy, privacy officer, certifications (ISO 27001:2013, ISO 27018:2019, iRAP), FedRAMP High readiness, multi-factor authentication, encryption, and 24/7 operational management.
  • Cybersecurity strategy, skilled cybersecurity employees, 24/7 SOC, continuous monitoring, employee awareness program, environment separation, and third-party tools.
  • Technology and product roadmap, R&D investment, skilled engineers, and Agile development.
  • Skilled engineers, SDLC with robust testing, vulnerability management tools, and customer support.
  • Register of open-source libraries, security monitoring tools, and vulnerability management.
  • IP legal protection, trademark, copyright, and patent registration, contractual safeguards.
  • Regular compliance risk review, policies, training, and external legal advice.
  • In-house legal function, delegations of authority, standard T&Cs, and processes to manage deviations.
  • Investment in accreditation strategy, dedicated in-house team, and annual audits.
  • Effective and efficient litigation management, specialized legal counsel, and communication strategy.
  • Board-approved capital management strategy, external advisors, investor relations, working capital management.
  • Financial risk management strategies, early engagement with auditors, budgeting, forecasting, and controls.
  • High-availability and resilience architecture, third-party vendor management, continuous monitoring, and continuity plans.
  • ESG strategy, investment, and reporting, diversity policy, anti-corruption and modern slavery policies, training, processes, and controls, and high-risk countries policy.

Supply Chain Management

Responsible Procurement
  • Nuix strives to do business with customers, partners and suppliers of sound business character and reputation. Nuix does not knowingly support any public or private organisation which espouses unethical or discriminatory policies or practices.

Climate-Related Risks & Opportunities

Reporting Standards

Frameworks Used: SASB Software and IT Services Sustainability Standard

Certifications: ISO/IEC 27001:2013, ISO/IEC 27017, ISO/IEC 27018, iRAP