Third-party assurance can feel like a daunting step for companies new to the process. But as disclosure expectations increase and climate data becomes a critical input for business decisions, assurance is fast becoming a best practice for credibility and readiness.
Box successfully received third-party verification after completing its first assurance process this year. We sat down with Philippe Routhier, Senior Program Manager, Sustainability and ESG at Box, to learn what the company discovered along the way and what other sustainability teams can learn from their experience.
1. Leadership buy-in makes all the difference
Box’s assurance journey began with a clear directive from leadership. The company’s General Counsel requested third-party assurance to ensure its climate disclosures could withstand external scrutiny and align with Box’s broader ESG roadmap.
That top-down commitment made the decision straightforward and helped secure both internal alignment and funding.
“Our leadership team wanted to ensure that the information we share publicly, whether with customers, regulators, or investors, is accurate and credible,” Routhier said. “Pursuing limited assurance was a straightforward decision, especially since it aligned with our ESG roadmap.”
Leadership also understood that assurance could serve as more than an accounting exercise. By framing it as a proactive way to manage business risk and prepare for future regulations, the sustainability team was able to build even broader support across the company.
“It helped us secure budget by positioning assurance as a way to de-risk future reporting requirements, like California’s SB 253, and build trust internally and externally,” Routhier added.
Clear direction from the top and a strong business rationale laid the foundation for Box’s first year of assurance, turning what could have been a compliance exercise into a strategic investment.
2. Start small, scale in the future
For Box, the first assurance cycle was as much about learning as it was about verification. The company chose to pursue limited assurance for its Scope 1 and 2 emissions under the internationally recognized ISO 14064-3:2019 standard.
That decision struck the right balance for a first-year effort, rigorous enough to build confidence in the data but manageable for teams still establishing their processes.
“Limited assurance was the right starting point because it provided rigor without overburdening our teams,” Routhier explained. “We also intentionally chose standards and methodologies that align with future regulatory expectations and position us for a potential move to reasonable assurance later if needed.”
For many organizations, starting small with limited assurance and a focused scope helps build experience and systems that can scale over time.
3. Communicate early and often
For Box, the biggest takeaway from its first assurance cycle was simple: start early and communicate often.
Preparing for assurance is not just about gathering data; it is about building alignment and understanding across teams from the very beginning.
“Engage teams like workplace services, finance, cloud, and all data owners at the very beginning,” Routhier said. “Set clear expectations for timelines and evidence requirements, and plan for a second round of reviews. It makes the process far more predictable.”
Starting early gives teams time to clarify data ownership, close documentation gaps, and prevent last-minute challenges. Equally important, assurance depends on clear communication and coordination across teams, along with taking the time to educate people about the process itself.
“The process showed us that assurance is as much about coordination and education as it is about numbers,” Routhier said.
It is not just about asking for data, but explaining why it matters and how it contributes to credible reporting. When people understand the purpose behind the process, they are more likely to engage and deliver what is needed.
4. Use assurance to build internal visibility around ESG
Completing third-party assurance confirmed the reliability of Box’s sustainability data and built confidence in its accuracy across the company. That credibility helped raise the visibility of ESG efforts and positioned climate data as a more valuable resource for decision-making.
“Assurance strengthened internal confidence in our data and raised ESG visibility across the organization,” Routhier said. “Our leadership team now sees the GHG inventory as a reliable decision-making tool, not just a reporting exercise.”
Assurance can transform sustainability data from a compliance requirement into a trusted foundation for business decisions.
Conclusion: Lessons for a successful verification
Box’s first assurance experience shows how verification can do more than confirm data accuracy — it can strengthen systems, build alignment, and increase confidence in sustainability performance.
Based on Box’s experience, here are a few best practices for teams preparing for their own GHG assurance:
➜ Secure leadership support early. Executive sponsorship ensures organizational alignment, clear direction, and easier access to budget and resources.
➜ Start with the right scope. Begin with limited assurance or a focused emissions boundary to balance rigor with capacity in year one.
➜ Start early and communicate often. Engage data owners across teams, clarify expectations, and build shared understanding of why assurance matters.
➜ Use assurance to build trust. Verified data can strengthen confidence, visibility, and decision-making across the organization.
Together, these lessons highlight a simple truth: assurance is not just about meeting expectations; it is about creating the systems and relationships that enable credible climate action.
