Updated: Jul 22
All too often companies find that they are only one accident, one explosion, one fatality, or one recall away from not only losing their regulatory license, but also (perhaps more importantly) losing their social license to operate.
The concept of a social license is a complex topic on which several papers, books, and presentations have been written. This concept grew out of the resource sector with roots in social contracts theory. John Morrison's book , "The Social License – How to Keep your Organization Legitimate" is an excellent source for those who wish to dive deeper into this topic.
A social license is not a formal one. It is granted by a community (i.e. network of stakeholders) based on factors such as: legitimacy, trust and consent. A social license is hard to measure but you know when you don't have it. This is often made visible when a organization does not receive government approval to proceed with a project.
The definition of a social license varies based on the type of business, industry, and stakeholder. Jim Cooney (thought leader on the topic of social responsibility and sustainability issues) writes that a social license may mean :
Corporate social responsibility (CSR)
Sustainable economic, environmental and social development
Community rights and entitlements
Social justice: distributional and procedural fairness
Evolution in the decision-making power of government
A new social contract that legitimizes corporations by redefining their obligations to society
Any broad public policy issue that is not addressed in government approval processes for industrial projects
Although, the nature and how a social license is obtained may vary, it results in the identification and follow-through of stakeholder obligations  both mandatory and voluntary. How well a company meets these obligations will determine to what extent their social license survives after an adverse situation.
Companies may find that after a significant incident has occurred that regaining their social license may be more challenging than addressing regulatory issues. The loss of trust is particularly at risk and as we know, trust takes time to earn and is quickly lost.
"If you once forfeit the confidence of your fellow citizens, you can never regain their respect and esteem – Abraham Lincoln (1854)"
Trust can only be addressed after the legitimacy of the business has been established .
Legitimacy, is also the last line of defense should the other boundaries be rescinded for whatever reason. Legitimacy is the foundation on which a social license is sustained. The stronger a company's legitimacy the more resilient it is to threats against their social license.
Morrison  presents several factors that contribute to a company's legitimacy. From a compliance perspective the following two are essential to demonstrate that obligations are being treated seriously:
Company structure, governance, and accountability (meeting obligations)
Due diligence, mitigation and prevention (doing no harm)
Sarah A. Altshuller, author of the corporate social responsibility chapter in the book, "Corporate Legal Compliance Handbook ," writes:
"... failure to demonstrate that a company is fulfilling its commitments to stakeholders can be costly. There are strong business reasons, therefore, to leverage and integrate CSR commitments and compliance processes."
There are international and national standards that can be applied to help manage obligations such as: ISO 26000 (Social Responsibility), ISO 19600 (Compliance Management System), and others that deal with specific domains such as quality, health and safety, environment, process and pipeline safety, and so on.
What is important is that social license obligations are reflected and tracked throughout all management systems and processes within the organization. Doing so will provide greater evidence of legitimacy and reinforce that obligations are managed effectively.
Where to Start
An important step that organizations can take to increase legitimacy is to document each obligation made to stakeholders. To operationalize these obligations the following additional steps are recommended:
Document the context and expectations (i.e. outcomes)
Define what constitutes evidence of compliance
Identify what standard is being used to establish normative processes
Identify what is needed (structure, resources, technology, culture, etc.) by the organization to achieve the desired outcomes
Identify and evaluate risks (both threats and opportunities) for each obligation
Identify implementation steps to embed obligations into the organization
 - John Morrison, The Social License – Keeping Your Organization Legitimate
 - https://socialicense.com/
 - ISO 19600 defines obligations as being either requirements (mandatory) or commitments (voluntary). Both of which are treated the same way in terms of this discussion.
 - http://www.ryerson.ca/content/dam/csrinstitute/pdf/Jim%20Cooney%27s%20powerpoint%20presentation.pdf
 - http://www.csrandthelaw.com/2016/08/11/corporate-social-responsibility-and-compliance-a-functional-convergence/