top of page


RISK: Losing Your Social License

Social License

All too often companies find that they are only one accident, one explosion, one fatality, or one recall away from not only losing their regulatory license, but also (perhaps more importantly) losing their social license to operate.

The concept of a social license is a complex topic on which several papers, books, and presentations have been written. This concept grew out of the resource sector with roots in social contracts theory. John Morrison's book [1], "The Social License – How to Keep your Organization Legitimate" is an excellent source for those who wish to dive deeper into this topic.

A social license is not a formal one. It is granted by a community (i.e. network of stakeholders) based on factors such as: legitimacy, trust and consent. A social license is hard to measure but you know when you don't have it. This is often made visible when a organization does not receive government approval to proceed with a project.

The definition of a social license varies based on the type of business, industry, and stakeholder. Jim Cooney (thought leader on the topic of social responsibility and sustainability issues) writes that a social license may mean [4]:

  • Corporate social responsibility (CSR)

  • Sustainable economic, environmental and social development

  • Community rights and entitlements

  • Social justice: distributional and procedural fairness

  • Evolution in the decision-making power of government

  • A new social contract that legitimizes corporations by redefining their obligations to society

  • Any broad public policy issue that is not addressed in government approval processes for industrial projects

Although, the nature and how a social license is obtained may vary, it results in the identification and follow-through of stakeholder obligations [3] both mandatory and voluntary. How well a company meets these obligations will determine to what extent their social license survives after an adverse situation.


Companies may find after a significant incident has occurred that regaining their social license may be more challenging than addressing regulatory issues. The loss of trust is particularly at risk and as we know, trust takes time to earn and is quickly lost.

"If you once forfeit the confidence of your fellow citizens, you can never regain their respect and esteem – Abraham Lincoln (1854)"

Trust can only be addressed after the legitimacy of the business has been established [2].

Legitimacy, is also the last line of defence should the other boundaries be rescinded for whatever reason. Legitimacy is the foundation on which a social license is sustained. The stronger a company's legitimacy the more resilient it is to threats against their social license.


Morrison [1] presents several factors that contribute to a company's legitimacy. From a compliance perspective the following two are essential to demonstrate that obligations are being treated seriously:

  1. Company structure, governance, and accountability (meeting obligations)

  2. Due diligence, mitigation and prevention (doing no harm)

Sarah A. Altshuller, author of the corporate social responsibility chapter in the book, "Corporate Legal Compliance Handbook [5]," writes:

"... failure to demonstrate that a company is fulfilling its commitments to stakeholders can be costly. There are strong business reasons, therefore, to leverage and integrate CSR commitments and compliance processes."

There are international and national standards that can be applied to help manage obligations such as: ISO 26000 (Social Responsibility), ISO 37301(Compliance Management System), and others that deal with specific domains such as quality, health and safety, environment, process and pipeline safety, and so on.

What's important is that social license obligations are reflected and tracked throughout all management systems and processes within the organization. Doing so will provide greater evidence of legitimacy and reinforce that obligations are managed effectively.

Where to Start

An important step that organizations can take to increase legitimacy is to document each obligation made to stakeholders. To operationalize these obligations the following additional steps are recommended:

  1. Document the context and expectations (i.e. outcomes)

  2. Define what constitutes evidence of compliance

  3. Identify what standard is being used to establish normative processes

  4. Identify what is needed (structure, resources, technology, culture, etc.) by the organization to achieve the desired outcomes

  5. Identify and evaluate risks (both threats and opportunities) for each obligation

  6. Identify implementation steps to embed obligations into the organization


[1] - John Morrison, The Social License – Keeping Your Organization Legitimate

[3] - ISO 37301, ISO 19600 defines obligations as being either requirements (mandatory) or commitments (voluntary). Both of which are treated the same way in terms of this discussion.



Become a Member

Lean Compliance Member



Every month

Access to Exclusive Resources and Programs

Valid until canceled

Access to Recorded Webinars

Access to Exclusive Content (worksheets, templates, etc.)

Access to Exclusive Articles

Access to Exclusive Resources

Access to Elevate Compliance Huddle Worksheets and Content

50% Off First Compliance Consultation ($225 value)

Elevate Compliance Huddle

Mondays @ Noon on Zoom (weekly)

Elevate Compliance Huddle / Free Online Session

bottom of page