Code of Conduct and Business Ethics
A MESSAGE FROM OUR CHIEF EXECUTIVE OFFICER
We are known throughout our industry for exceeding expectations: those of our customers, partners, communities, and fellow employees. Before we can excel, however, we must first be sure we meet some basic requirements around ethical and trustworthy behavior. That may seem obvious in principle, but in practice, our business is complex and global, and so are the requirements and expectations we face.
The Code of Business Conduct and Business Ethics (the Code) is designed to guide us through a variety of real-world situations. It helps us make sure that we comply with regulations and expectations in all the places where we do business. It helps us maintain our reputation for upholding the highest standards of integrity.
Each of us is accountable for upholding the CyberFortress principles of ethical and honest operations, along with our Core Values. Thank you for following our Code, your commitment to our mission and for upholding our Core Values.
CyberFortress is built upon a foundation of strong corporate values and business practices. The Company works hard every day to ensure that it can uphold its reputation for integrity and ethical leadership. The Company’s standards represent the core of how it creates the solid foundation of respect, trust, and success that is reflected in its relationships with CyberFortress employees, customers, stakeholders, representatives, and their communities. CyberFortress knows that the way to achieve these objectives matters as much, if not more than the results.
All employees, regardless of title and jurisdiction, are expected to read this Code and ensure they understand and comply with it. Although this Code covers a wide range of business practices and procedures, it does not address every issue that may arise. Rather, the Code sets out basic principles to guide all parties in the professional and ethical conduct of business. All CyberFortress employees are responsible for exercising good judgment, applying ethical standards, obeying the law, and raising questions when in doubt.
CyberFortress leaders show a commitment to values through their actions. They also promote an environment where compliance is expected, and ethical behavior is the norm. All CyberFortress employees must comply with the Company’s values and principles. No one should ask CyberFortress employees to break the law or go against the Company’s values, policies, and procedures.
Those who violate the standards in this Code may be subject to disciplinary action, up to and including termination of employment. CyberFortress employees who have knowledge of a violation and fail to move promptly to report or correct it, or who direct or approve violations, may also be subject to disciplinary action, up to and including termination of employment. Further, violations of some provisions of the Code are also illegal and may subject the
employee or representative to civil and criminal liability. Anyone found in a situation that they believe may violate or lead to a violation of this Code should follow the guidelines described in this Code.
The Code is not a replacement of the Company’s policies or Employee Handbook. It is a statement of additional standards, practices, and guidelines, which are applicable to all CyberFortress employees. CyberFortress employees should refer to the Company’s other policies and procedures for implementing the general principles set forth below. CyberFortress employees are encouraged to seek guidance from managers or other appropriate personnel when in doubt about the best course of action to take in a particular situation. Any questions about the Code should be directed to the Legal and Compliance department.
CyberFortress may periodically revise and supplement the Code. Thus, comments and suggestions regarding the Code are encouraged and should be directed to the Chief Ethics and Compliance Officer.
Waivers of the Code of Business Conduct and Ethics
CyberFortress may waive certain provisions of this Code where circumstances warrant granting a waiver based on the best interests of CyberFortress and its stakeholders. Any waiver pertaining to an employee must be approved by the Chief Ethics and Compliance Officer, or General Counsel and by the Chief Executive Officer. Waivers of the Code for Directors and executive officers may be made only by those members of the Board of Directors not involved in the possible waiver and must be promptly disclosed as required by law.
Creating Trust (Act on the Truth)
Compliance with Laws, Rules, and Regulations
CyberFortress’ standards of business conduct serve as an important resource for CyberFortress employees and representatives in support of day-to-day decision making. The Code should be used as a resource when questions of legal or ethical appropriateness arise. It is not a comprehensive rulebook, but rather a statement of how CyberFortress is committed to doing business. All employees and representatives of CyberFortress have a personal responsibility to uphold the letter and spirit of the code of conduct in their individual roles, every single day. It is important that CyberFortress employees and representatives are aware of, and never intentionally violate, relevant laws and regulations. CyberFortress employees and representatives should also be alert to changes in the law or new requirements that may affect their business unit, as well as new products or services that may be subject to special legal requirements.
Question: I’m not a lawyer, so how can I be sure that I won’t violate some little technicality? Laws are so complicated and cover so many different areas.
Answer: Everyone has a basic understanding of right and wrong. If something seems intuitively wrong to you, ask before acting. You also have an obligation to understand the rules governing your job; however, do not hesitate to contact the legal department if you need clarification of the laws or of our standards and policies.
Question: What happens if I am faced with a situation when acting ethically conflicts with making a profit for the Company?
Answer: CyberFortress’ long-term profitability depends on our reputation. If you feel that there is a conflict between what is “right” and what is profitable, you should seek guidance from your supervisor, the legal department, or any other senior leader of the company.
Maintaining ethical standards is the responsibility and obligation of every CyberFortress employee. Early identification and resolution of violations of or questions about the Code are critical to maintaining the commitments to CyberFortress, customers, partners, suppliers, service providers, and to fellow CyberFortress employees. If something seems unethical or improper, or if employees have questions about the best course of action, they should promptly contact any of the following:
- Their department manager or any CyberFortress manager,
- Their human resources representative, or
- The Chief Ethics and Compliance Officer
Concerns will be taken seriously, and all information provided will be treated confidentially. CyberFortress will thoroughly investigate and seek to resolve the matter promptly.
All reported violations will be acted on appropriately. If a concern requires an investigation, the Company will respond promptly. To the extent possible, the individual raising the concern will be informed about the status of the investigation and the outcome of the matter.
It is against Company policy to retaliate against any CyberFortress employee or representative who, in good faith, reported a violation or suspected violation of law, this Code, or other Company policies. Additionally, retaliation against those who assist in an investigation or reported violation is also prohibited. Any CyberFortress employee who retaliates against anyone who made a good faith complaint may be subject to disciplinary action by the Company up to and including termination of employment.
The CyberFortress’ Board of Directors or its designated committee will be accountable for investigating violations and determining appropriate disciplinary action for matters involving executive officers. The CyberFortress Board of Directors reserves the right to investigate violations and determine appropriate disciplinary action on its own or to designate others to do so in place of, or in addition to, the General Counsel.
It is imperative that persons reporting potential violations not investigate on their own. However, CyberFortress employees are expected to cooperate fully with any Company investigation into reported violations.
Trust in Each Other (People First)
Discrimination and Harassment
Having a diverse workforce–made up of team members who bring a wide variety of skills, abilities, experiences, and perspectives is essential to CyberFortress’ success. The Company is committed to the principles of equal employment opportunity, inclusion, and respect. CyberFortress does not tolerate discrimination against anyone–team members, customers, business partners, or other stakeholders–on the basis of race, color, religion, national origin, sex (including pregnancy), age, disability, sexual orientation, gender identity, marital status, past or present military service, or any other status protected by the laws or regulations in the locations where CyberFortress operates. CyberFortress complies with laws regarding employment of immigrants and non-citizens and provides equal employment opportunity to everyone who is legally authorized to work in the applicable country. CyberFortress provides reasonable accommodations to individuals with disabilities and removes any artificial barriers to success.
As is the case with any violation of the Code, all CyberFortress employees and representatives have a responsibility to report any discriminating or harassing behavior or condition even if they are not directly involved or are just a witness. Retaliation for making a complaint or for assisting in the investigation of a discrimination or harassment complaint is prohibited.
A CyberFortress employee or representative should report acts of discrimination or harassment to any of the following:
- Their department manager or any CyberFortress manager,
- Their human resources representative, or
- The Chief Ethics and Compliance Officer
Question: I asked a question during a team meeting. I felt humiliated by the response I received, and several other people in the room started to laugh. What should I do?
Answer: Our Company encourages open communication, differing opinions on issues and healthy debate when decisions are being made. However, disagreements must be handled professionally and respectfully. Talk to the individual who made you uncomfortable or contact your manager or your human resources representative.
Health and Safety
The Company strives to provide each employee with a healthy and safe work environment. Each employee has responsibility for maintaining a safe and healthy workplace by following the applicable health and safety rules and practices and reporting accidents and injuries, as well as any unsafe equipment, practices, or conditions as per local country procedures. Employees should contact their manager for more information.
The Company requires honest and accurate recording and reporting of information to make responsible business decisions.
Many CyberFortress employees regularly use business expense accounts. These accounts must be properly documented, and expenses recorded accurately for reimbursement. Employees who are not sure whether a certain expense is authorized for reimbursement should ask their manager.
The Company’s books, records, accounts, and financial statements must be maintained in reasonable detail, must appropriately reflect the Company’s transactions, and must conform both to applicable legal requirements and to the Company’s system of internal controls. All assets of the Company are to be carefully and properly.
accounted for. Written contracts with customers, suppliers, and others must be reflective of the entire agreement. Unreported side agreements are prohibited. The making of false or misleading records or documentation is strictly prohibited. Unrecorded or “off the books” funds, assets, or personnel benefits such as time off should not be maintained unless permitted by applicable law or regulation and approved by the General Counsel and Chief Financial Officer.
Business records and communications often become public. CyberFortress employees and representatives should avoid exaggeration, defamatory or otherwise derogatory remarks, guesswork, or inappropriate characterizations of people and companies that can be misunderstood. This applies equally to all forms of communication including, for example, telephone calls, emails, chat rooms, and instant messaging. Professionalism in all communications is the Company’s goal.
Employee Information Privacy
CyberFortress respects the privacy of its employees and representatives and will protect personal and confidential information that it is required to obtain for operating or legal purposes. Access to confidential information, such as personnel records, is strictly limited by Company policy, jurisdictional privacy laws, and other data protection regulations and frameworks. CyberFortress employees and representatives may have the right to access their own confidential information but may not access or use the employee records of others unless authorized to do so. While the Company respects employees’ privacy, CyberFortress expressly reserves the right to inspect its property. This can include any device that contains company information such as computers, mobile phones, telephone records, e-mails, files, business documents, and workspaces. CyberFortress employees and representatives should not expect privacy when using Company-provided services or equipment or when using personal equipment to conduct Company business.
CyberFortress is committed to upholding fundamental human rights and believes that all human beings around the world should be treated with dignity, fairness, and respect. The Company will only engage suppliers and hire contractors who demonstrate a serious commitment to the health and safety of their workers and operate in compliance with human rights laws. CyberFortress does not use or condone the use of slave labor or human trafficking, and the Company denounces any degrading treatment of individuals or unsafe working conditions.
Installing Trust with the Marketplace (Why & What’s Next)
Antitrust and Fair Competition
It is CyberFortress policy that all Directors, officers, and employees comply with antitrust and competition laws. Global antitrust and competition laws prohibit efforts and actions to restrain or limit competition between companies that otherwise would be competing for business in the marketplace.
CyberFortress employees and representatives must be particularly careful when they interact with any employees or representatives of CyberFortress’ competitors. They should use extreme care to avoid any improper discussions with competitors, especially at trade association meetings or other industry or trade events where competitors may interact. If an employee or representative is not careful, they could find that they have violated antitrust and competition laws if they discuss or make an agreement with a competitor regarding:
- Prices or pricing strategy,
- Terms of customer relationships,
- Sales policies,
- Marketing plans,
- Customer selection,
- Allocating customers or market areas,
- Not hiring former employees, or
- Contract terms and contracting strategies.
Agreements with competitors do not need to be written to violate applicable antitrust and competition laws. Informal, verbal, or implicit understandings could be violations. More specifically, there are no circumstances under which agreements among competitors relating to prices may be found legal. Price fixing is a criminal offense and may subject the Company to substantial fines and penalties and the offending employee to imprisonment and fines.
Obtain and Use Competitive Information Fairly
Gathering and using information about CyberFortress’ competitors, often called Competitive Intelligence, is a legitimate business practice. Doing so helps the Company stay competitive in the marketplace; however, one must never use any illegal or unethical means to get information about other companies, nor use information in a misleading way. Legitimate sources of competitive information include information such as news accounts, industry surveys, competitors’ displays at conferences and trade shows, and information publicly available on the internet. CyberFortress employees may also gain competitive information appropriately from customers and suppliers (unless they are prohibited from sharing the information) and by obtaining a license to use the information or purchasing the ownership of the information. When working with consultants, vendors, and other partners, ensure that they understand and follow CyberFortress’ policy on gathering competitive information.
Honest Advertising and Marketing
CyberFortress employees are responsible for accurately representing CyberFortress and its products in marketing, advertising, and sales materials. Deliberately misleading messages, omissions of important facts or false claims about CyberFortress products, individuals or competitors and their products, services, or employees are inconsistent with the Company’s values. Sometimes it is necessary to make comparisons between CyberFortress products and its competitors. When this happens, the Company will make factual and accurate statements that can be easily verified or reasonably relied upon. If a competitor makes false or misleading statements about CyberFortress or its products and services, seek guidance from the General Counsel.
Question: A competitor is constantly making misleading comparisons with our product. What can I do to counter this?
Answer: You should contact the Legal Department since certain legal remedies may be available to our Company. On the other hand, we expect our employees to compete vigorously and effectively but never unfairly. Therefore, you must make sure that any comparisons with the competition are fair and accurate.
Anti-Bribery / Anti-Corruption
Many countries have laws that prohibit bribery, kickbacks, and other improper payments. No CyberFortress employee, officer, agent, or independent contractor acting on the Company’s behalf may offer or provide bribes or other improper benefits to obtain business or an unfair advantage. A bribe is defined as the offer, promise, giving, demand or acceptance of a gift, hospitality, or other business advantage as an inducement for something in return.
The exchange of appropriate gifts and entertainment is often a way to build business relationships. When determining whether a gift or entertainment is appropriate, consider its value and whether its public disclosure would be an embarrassment to the individual or CyberFortress. Never allow a gift or entertainment to compromise professional judgment or create the appearance of doing so. The giving or receiving of cash by a CyberFortress employee is never acceptable regardless of the amount. This would include the receipt of a gift card that contains a logo and can be used at any location for any purpose (e.g., Visa, Mastercard, AMEX, etc.).
Even in locations where such activity may not be illegal, it is prohibited by Company policy. Any form of bribery is not only a breach of CyberFortress policy but may be a criminal offense. CyberFortress employees may be prosecuted for such acts. Furthermore, CyberFortress may be found liable not only for the acts of its employees, but also for failing to prevent such acts by others working on its behalf.
Offering a gift or entertainment that could be perceived as a bribe becomes especially problematic when dealing with a government official. Government officials include any government employee, candidate for public office, or employee of government-owned or controlled companies, public international organizations, or political parties. CyberFortress employees and representatives must not offer payment or anything of value to a government official for the purpose of influencing official action or securing an improper advantage. If CyberFortress cannot obtain a contract without paying a bribe, the employee should walk away from the deal and immediately report the matter to the Chief Ethics and Compliance Officer. CyberFortress’ reputation for integrity is more important than the profit from any contract.
Employees should report any acts they believe are in violation of anti-bribery laws to the Chief Ethics and Compliance Officer or the General Counsel.
Question: What is the difference between a «gift» and a «bribe?»
Answer: A «gift» is made with «no strings attached» in the interest of, for example, building a business relationship or expressing thanks. A «bribe» occurs if you accept or give something of value to someone in return for something else.
Question: While at a customer visit, I was taken to an elaborate dinner. I did not want to offend the customer by offering to pay for my own meal. Was it alright to allow the customer to pay for my meal?
Answer: Typically, yes. Nominal gifts and entertainment are considered part of doing business. However, if you are in doubt, you may always reach out to your legal and compliance team if you have time prior to the event, or if there is no time to do so, you can explain that you are prohibited from accepting the meal by your company policy.
Money laundering is a global problem with serious consequences. Money laundering is defined as the process of converting illegal proceeds so that funds are made to appear legitimate, and it is not limited to cash transactions. Complex commercial transactions may hide financing for criminal activity such as terrorism, illegal narcotics trade, bribery, and fraud. Involvement in such activities undermines the Company’s integrity, damages its reputation, and can expose CyberFortress and individuals to severe sanctions. The Company forbids knowingly engaging in transactions that facilitate money laundering. CyberFortress takes affirmative steps to detect and prevent unacceptable or illegal forms of payment and financial transactions. CyberFortress is committed to full compliance with anti-money laundering laws throughout the world and will conduct business only with reputable customers involved in legitimate business activities and transactions.
Trust for our Stakeholders (Humble & Driven to Results)
Conflicts of Interest
CyberFortress expects every employee, officer, and Director of the Company to act in the best interests of CyberFortress and to protect against conflicts of interest, including even the appearance of a conflict. This means that employees, officers, and Directors should avoid any investment, interest, association, or activity that may cause others to doubt the Company’s fairness or integrity, or that may interfere with their ability to perform job duties objectively and effectively. Many potential conflicts of interest can be prevented or remedied by making full disclosure of the situation to the Chief Ethics and Compliance Officer.
Some activities that could be conflicts of interest include:
- Owning – directly or indirectly – a significant financial interest in any entity that does business, seeks to do business, or competes with the Company.
- Holding a second job that interferes with employees’ ability to do their CyberFortress job.
- Employing, consulting, or serving on the board of a competitor, customer, supplier, or other service provider.
- Hiring a supplier, distributor, or other agent managed or owned by a relative or close friend.
- Soliciting or accepting any cash, gifts, entertainment, or benefits that are more than modest in value from any competitor, supplier, or customer.
- Taking personal advantage of what would otherwise be a CyberFortress business opportunity; and
- Campaigning for an elected political office while on duty or representing CyberFortress.
Question: I would like to work part-time for another business to earn additional money. Is this allowed?
Answer: It depends. This is an example where disclosure to the Chief Ethics and Compliance Officer is warranted as we need to ensure the other business is not a customer, supplier, or competitor of CyberFortress. We also need to ensure your part-time work does not interfere with your primary functions at CyberFortress.
Customer and Supplier Relationships
CyberFortress employees and representatives must act in a manner that creates value for the Company’s customers and helps to build relationships based upon trust. The Company has provided services for many years and has built up significant goodwill over that time. This goodwill is one of its most important assets, and all employees and representatives must act to preserve and enhance the Company’s reputation.
The Company’s suppliers make significant contributions to the Company’s success. To create an environment where the Company’s suppliers have an incentive to work with the Company, suppliers must be confident that they will be treated lawfully and in an ethical manner. A supplier to the Company is generally free to sell its products or services to any other party, including Company competitors. In some cases where the products or services have been designed, developed, or manufactured to the Company’s specifications, the agreement between the parties may contain restrictions on sales to others where this is lawful to do so.
Protecting Customer/Third Party Information Privacy
Keeping customer information secure and using it appropriately is a top priority for the Company. CyberFortress must safeguard all confidential information customers, or third parties share with it. The Company must also ensure that such.
information is used only for the reasons for which the information was gathered unless further use is allowed by law.
Customer or third-party information is any information about a specific customer or third party, which includes but is not limited to the following: name, address, phone numbers, and financial information. CyberFortress does not disclose any information about a third party without written approval unless legally required to do so (for example, under a court-issued subpoena).
Intellectual Property and Protecting IP
The Company’s intellectual property is one of its most valuable assets. Intellectual property refers to creations of the human mind that are protected by various national laws and international treaties. Intellectual property includes copyrights, patents, trademarks, trade secrets, design rights, logos, expertise, and other intangible industrial or commercial property. CyberFortress employees and representatives must protect and, when appropriate, enforce its intellectual property rights. CyberFortress also respects intellectual property belonging to third parties. It is the Company’s policy not to knowingly infringe upon the intellectual property rights of others.
Proprietary and Confidential Information
Confidential information includes all non-public information that might be of use to competitors or harmful to CyberFortress or its customers, partners, or suppliers, if disclosed. It also includes information that partners, suppliers, and customers have entrusted to the Company. In connection with this obligation, every employee is required to execute a confidentiality agreement upon commencement of employment with the Company. The terms of the confidentiality agreement (which may be contained within an agreement of employment) should be periodically reviewed for additional detail. Any question about whether information is confidential should be directed to the General Counsel.
Question: We hired a person who formerly worked for a competitor. She is aware of proprietary and confidential information about her former employer. Is it okay for her to share this information at CyberFortress?
Answer: No. CyberFortress’ policy prohibits disclosing proprietary, technical information, and confidential business information about her former company. Even if it were accidentally disclosed, you cannot use the information. Simply stated, our Company will treat proprietary and confidential information about other companies in the same way that we expect former our employees to treat our confidential information after leaving.
Protection and Proper Use of Company Assets and Resources
CyberFortress provides an array of information and technology resources intended to maximize its employees’ efficiency, such as e-mail, computers, computer applications, networks, and the internet. Please remember that these tools are Company property and must be used in a manner that reflects positively on CyberFortress and all who work here. Occasional, limited personal use of these resources is permitted, but that use cannot interfere with employees’ work performance or the work performance of their colleagues. CyberFortress will not tolerate inappropriate or illegal use of these assets, and reserves the right to take appropriate disciplinary actions, as needed, up to and including termination of employment. Such inappropriate use of these resources can include, but are not limited to, the following:
- Pirating software or video/audio files,
- Sending inappropriate e-mail,
- Accessing inappropriate web sites (such as those advocating hate, violence, sexually explicit material, or promoting illegal activities), and
- Distributing confidential, proprietary or trade secret information of CyberFortress outside the Company.
Communicating with External Parties
CyberFortress employees are not authorized to speak with the media or other third parties on behalf of the Company or give the impression that they are speaking on behalf of the Company. This includes posts to online forums, social media sites, blogs, chat rooms, and bulletin boards. This policy also applies to comments to journalists about specific matters that relate to CyberFortress businesses, as well as letters to editors and endorsements of products or services. Direct all media inquiries to [email protected].
Social media is of growing importance in the marketplace. It enables CyberFortress to learn from and share information with the Company’s stakeholders, as well as communicate with the public about the Company. A general rule to remember when utilizing social media is to think about the effect of statements that one makes on that platform. Keep in mind that these statements are permanent and easily transferable, and can affect the Company’s reputation and relationships with coworkers and customers.
CyberFortress employees’ postings on internet sites and social media sites such as Facebook, Twitter, or LinkedIn may include the fact that they work for CyberFortress, their job title, a high-level job description (e.g., no specific project details, no proprietary application or software names, etc.) and their general office location. Be mindful not to disclose confidential and proprietary information about CyberFortress business, suppliers, or customers.
The CyberFortress Code of Conduct is intended to provide all employees and representatives with a better understanding of what is expected.
and to make them aware of the legal and ethical standards that the Company must maintain. Understanding what is expected will better enable them to meet their responsibilities. The Code also enables the Company to continue to grow and prosper in a responsible manner that will benefit CyberFortress shareholders, employees, customers, and the communities where they live and do business.