Hello everyone!
Today’s episode of Tobi’s Take is a special one for two reasons. First, we’re taking a short break from our series after covering the core areas of our ESG sustainability strategy. Second, I’m joined by a guest to explore the “G” in ESG — Governance.
Please welcome Marcus Wailersbacher, NCP’s Chief of Sales & Marketing and a corporate influencer. Marcus recently shared his thoughts on LinkedIn about the importance of certifications and trust in the IT industry. Since these topics are central to governance, we sat down for a brief interview.
Question: Marcus, when people discuss ESG, they often focus on environmental or social issues. What role does governance play?
Answer: Great question. Governance is like the organizational backbone of ESG. While Environment and Social define our goals, governance creates the structures, responsibilities, and controls to reach those goals in a measurable and legally compliant way. It integrates sustainability targets and non-financial metrics into the overall business strategy. That ensures the right resources are allocated, clear responsibilities assigned, and sustainability moves beyond being just a niche concern.
Question: You recently wrote about trust in the IT sector. Why is trust so vital here?
Answer: In IT, the quality of products and services can be intangible at the point of sale. ESG serves as a clear signal of reliability and forward-thinking action, transforming from a “nice-to-have” into a fundamental part of IT strategy. With growing emphasis on data and cybersecurity, governance now includes safeguarding these critical areas. In fact, ESG standards often act as a filter in IT purchasing—companies that don’t meet minimum standards may be excluded before pricing is even discussed.
Question: NCP recently earned ISO 27001 certification. What does this mean for the company and its approach to information security?
Answer: ISO 27001 is a mark of excellence showing that a company manages its information security, data protection, and IT assets systematically and not by chance. It goes beyond the IT department, involving the entire company across confidentiality, integrity, and availability of information—continuously. Since ISO 27001 requires a Plan-Do-Check-Act cycle, it ensures security measures are regularly evaluated and updated to address new threats.
Question: Besides information security, sustainability is crucial. NCP was assessed by EcoVadis in the ESG context. What does this assessment cover?
Answer: There are many ESG ratings worldwide, but EcoVadis is among the most recognized. It evaluates the quality of a company’s overall sustainability management system. Unlike ISO 27001, which focuses solely on information security, EcoVadis looks at corporate responsibility across four areas: environment, labor and human rights, ethics, and sustainable procurement. The assessment results in a transparent scorecard that can be benchmarked and shared with partners. It also offers practical recommendations to improve sustainability efforts.
Question: Certifications are important both internally and externally. Can you briefly explain why?
Answer: Certifications demonstrate that NCP systematically and continuously addresses information security, ESG, and quality (like ISO 9001). This builds trust with customers, prospects, employees, and other stakeholders. We’re proud of the work we do in these fields.
Another practical benefit is that certifications simplify audits required during supplier onboarding or purchasing. Sustainability and security are now must-haves, and having verified certifications means we easily meet these requirements. Instead of lengthy questionnaires, we can simply share scorecards or certificates on demand.
This conversation with Marcus is a fitting way to pause our deep dive into ESG. For me, governance isn’t just a dry set of rules — it’s the foundation that makes our environmental and social goals measurable and accountable.
Thanks for following along with Tobi’s Take. We’re taking a short break but remain fully committed to our sustainability journey.
See you next time!
Best,
Tobi
You might also be interested in:
Secure by Default: Why Cybersecurity Must Start with Default Settings
Secure by Default is becoming the new cybersecurity standard. Learn how NIS-2, GDPR, and the Cyber Resilience Act are transforming IT architecture, remote access, and compliance requirements.
IT Emergency Plan: How IT Managers Should Handle a Data Breach
Mastering Data Breaches: Activate the Emergency Plan, Notify Authorities, Limit Damage – A 72-Hour Guide for IT Managers.
Sustainability in IT: Putting People First at NCP
Tobi's Take Episode 9: Putting People First in ESG. In the last episode, we focused on environmental sustainability in IT. As an avid soccer player, I’d compare it to this: the endurance training is done, and now it’s all about teamwork and spirit. In today’s episode, we turn to ...
![[Translate to Englisch:]](/fileadmin/user_upload/NCP_Blog/2026/Security_by_default.jpg "[Translate to Englisch:]")
![[Translate to Englisch:]](/fileadmin/user_upload/NCP_Blog/2026/DataBreach.jpg "[Translate to Englisch:]")
