Ethics Policy

  1. Overview

<FULL COMPANY NAME> (hereafter “<SHORT COMPANY NAME>”) establishes this Ethics Policy, to serve and guide business behavior to ensure ethical conduct.  The Ethics Policy program helps <SHORT COMPANY NAME> implement security best practices to serve and guide business behavior to ensure ethical conduct. <SHORT COMPANY NAME> is committed to protecting employees, partners, vendors and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.  When <SHORT COMPANY NAME> addresses issues proactively and uses correct judgment, it will help set us apart from competitors.

<SHORT COMPANY NAME> will not tolerate any wrongdoing or impropriety at any time.  <SHORT COMPANY NAME> will take the appropriate measures act quickly in correcting the issue if the ethical code is broken.

  1. Purpose

<SHORT COMPANY NAME> security policies serve to be consistent with best practices associated with organizational Security management.  It is the intention of this policy to serve and guide business behavior to ensure ethical conduct throughout <SHORT COMPANY NAME> and its business units to help the organization implement security best practices with regard to serve to guide business behavior to ensure ethical conduct.

  1. Scope

The scope of this policy is applicable to all Information Technology (IT) resources owned or operated by <SHORT COMPANY NAME>.  Any information, not specifically identified as the property of other parties, that is transmitted or stored on <SHORT COMPANY NAME> IT resources (including email, messages and files) is the property of <SHORT COMPANY NAME>. All users (<SHORT COMPANY NAME> employees, contractors, vendors or others) of IT resources are responsible for adhering to this policy.

  1. Policy

<SHORT COMPANY NAME> has chosen to adopt the Ethics Policy principles established in <STANDARD REFERENCES> as the official policy for this domain.  The following subsections outline the Ethics Policy standards that constitute <SHORT COMPANY NAME> policy.  Each <SHORT COMPANY NAME> business system is then bound to this policy, and must develop or adhere to a program plan which demonstrates compliance with the policy related the standards documented.

  • Executive Commitment to Ethics
    • Senior leaders and executives within <SHORT COMPANY NAME> must set a prime example. In any business practice, honesty and integrity must be top priority for executives.
    • Executives must have an open door policy and welcome suggestions and concerns from employees. This will allow employees to feel comfortable discussing any issues and will alert executives to concerns within the work force.
    • Executives must disclose any conflict of interests regard their position within <SHORT COMPANY NAME>.
  • Employee Commitment to Ethics
    • <SHORT COMPANY NAME> employees will treat everyone fairly, have mutual respect, promote a team environment and avoid the intent and appearance of unethical or compromising practices.
    • Every employee needs to apply effort and intelligence in maintaining ethics value.
    • Employees must disclose any conflict of interests regard their position within <SHORT COMPANY NAME>.
    • Employees will help <SHORT COMPANY NAME> to increase customer and vendor satisfaction by providing quality product s and timely response to inquiries.
    • Employees should consider the following questions to themselves when any behavior is questionable:

Is the behavior legal?

Does the behavior comply with all appropriate <SHORT COMPANY NAME> policies?

Does the behavior reflect <SHORT COMPANY NAME> values and culture?

Could the behavior adversely affect company stakeholders?

Would you feel personally concerned if the behavior appeared in a news headline?

Could the behavior adversely affect <SHORT COMPANY NAME> if all employees did it?

  • Company Awareness
    • Promotion of ethical conduct within interpersonal communications of employees will be rewarded.
    • <SHORT COMPANY NAME> will promote a trustworthy and honest atmosphere to reinforce the vision of ethics within the company.
  • Maintaining Ethical Practices
    • <SHORT COMPANY NAME> will reinforce the importance of the integrity message and the tone will start at the top. Every employee, manager, director needs consistently maintain an ethical stance and support ethical behavior.
    • Employees at <SHORT COMPANY NAME> should encourage open dialogue, get honest feedback and treat everyone fairly, with honesty and objectivity.
    • <SHORT COMPANY NAME> has established a best practice disclosure committee to make sure the ethical code is delivered to all employees and that concerns regarding the code can be addressed.
    • Employees are required to recertify their compliance to Ethics Policy on an annual basis.
  • Unethical Behavior
    • <SHORT COMPANY NAME> will avoid the intent and appearance of unethical or compromising practice in relationships, actions and communications.
    • <SHORT COMPANY NAME> will not tolerate harassment or discrimination.
    • Unauthorized use of company trade secrets & marketing, operational, personnel, financial, source code, & technical information integral to the success of our company will not be tolerated.
    • <SHORT COMPANY NAME> will not permit impropriety at any time and we will act ethically and responsibly in accordance with laws.
    • <SHORT COMPANY NAME> employees will not use corporate assets or business relationships for personal use or gain.
  1. Policy Compliance
  • Compliance Measurement

The Human Resource Team (HRT) will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback.

  • Exceptions

None

  • Non-Compliance

An employee or system user found to have violated this policy may be subject to disciplinary or legal action.

  1. Related Standards, Policies, and Processes

None

  1. Accountability and Responsibility

The <SHORT COMPANY NAME> HRT manager is accountable for the maintenance and execution of this policy via the <SHORT COMPANY NAME> governance committee change management. It is the responsibility of all employees, contractors, consultants, temporary, and other workers at <SHORT COMPANY NAME> and its subsidiaries to adhere to this policy.

  1. Acronyms and Definitions of Terms

Acronyms and Definition and terms can be found in the <SHORT COMPANY NAME>’s Glossary of Acronyms and Definition of Terms Document.

9. Revision History

Date of Change:

<EXAMPLE

11/14/2017                  –           Change Description>

Appendix A – References The following references illustrate public laws which have been issued on the subject of cyber security and should be used to demonstrate <SHORT COMPANY NAME> responsibilities associated with protection of its assets.

<EXAMPLE

  1. NIST Special Publication 800-171 Revision 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, December 2016
  2. United States Department of Commerce National Institute for Standards and Technology (NIST) Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations, April 2013.
  3. United States Department of Commerce National Institute for Standards and Technology (NIST) Special Publication 800-100 “Information Security Handbook: A Guide for Manager” March 2007.
  4. United States Department of Commerce National Institute for Standards and Technology (NIST) Special Publication 800-92 “Guide to Computer Security Log Management” September 2006.>