Our corporate governance

Our goals and policies

Integrity has, and always will be, a core value at SoftwareOne. We continuously strive to protect and enable our employees to prioritise compliance and maintain an ethical work environment. As such, our 2030 governance ambitions span the full scope of our compliance and ethics environment with the exemption applied regarding conflict minerals and reporting on child labour due to the nature of our business and lack of manufacturing processes.

Code of Conduct

At SoftwareOne, we are guided by our Code of Conduct for Board Members and Employees and expect that our partners respect the Code of Conduct for Business Partners. As a useful resource, it is embedded with hyperlinks and references to online documents posted on the internet/intranet.  We refreshed both of these Codes of Conducts in 2023 to incorporate the new corporate identity as well as make minor improvements. Additionally, we provide helpful guides that now assist all colleagues in their interpretation of the Code. Our employees are required to complete mandatory online training on the Code of Conduct on an annual basis, allowing us to measure their understanding and engagement. The training is deployed in different formats and includes metrics tracking completion.

Human rights

Our goals and policies

Our focus has, and always will be, ensuring that our employees, partners and clients are at the centre of who we are. Given the nature of our business, our goals and policies on human rights have been focused on the impact we have on our supply chain.

Risks and opportunities

At SoftwareOne, our focus regarding human rights is on modern slavery in our supply chain. Given the nature of our business, other areas of human rights concerns are not relevant. For example, contamination of drinking water supplies, displacement of communities in the wake of new development projects, and concerns of child labour are not relevant to SoftwareOne given the fact that we are not a manufacturing organisation, nor do we impact communities with such associated risks. To determine this, we reviewed our software and cloud partners against the UN Global Compact Industry Specific Risk Factors and concluded that there are no significant cases relating to these areas. With every risk comes an opportunity for us to stay proactive in our approach to learning about the changing business and regulatory landscape.

Modern slavery

At SoftwareOne we are doing everything we can to prevent modern slavery in all its forms. Our objective is to ensure that no SoftwareOne employee or anyone in our supply chain is subject to such injustice. To enforce this commitment, we enforce measures such as training and communication on our Code of Conduct with a zero-tolerance policy, a modern slavery statement outlining steps taken to prevent slavery, a Supplier Code of Conduct, due diligence on suppliers, and regular employee training programmes. More information can be found in our Modern Slavery Statement.

Anti-corruption

Our goals and policies

SoftwareOne maintains a strict no-tolerance policy towards any form of extortion or bribery, including any improper payments or entertainment offers involving employees, office holders, clients, business partners, suppliers, or any other party. This commitment is further evidenced by our adherence to all relevant competition, antitrust, and export control laws, especially those aimed at preventing the misuse of software and technology for military purposes.

In previous years, further strengthening our Anti-Corruption and Bribery program, we implemented a detailed internal policy. This policy underlines our zero-tolerance approach in all business operations and plays a crucial role in our training roadmap. Complementing these efforts, we introduced a disclosure tool developed by Convercent, now part of OneTrust, to improve the management and reporting of disclosures.

Anti-corruption and Bribery Programme

In 2023, recognising the need for more robust tools that also satisfy the requirements of the German Supply Chain Act and the anticipated EU legislation, we upgraded our third-party risk management processes to a new tool. This will further enhance our oversight capabilities regarding not only anti-corruption but many other areas of corporate compliance, allowing us to future-proof our third-party due diligence and risk management efforts.

Alongside our intensified efforts in monitoring the compliance of our partners, the company is placing additional effort on enhancing the training of our people. SoftwareOne seeks to ensure that targeted training courses are made available to finance, sales, and procurement teams to raise their sensitivity and awareness in all matters relating to anti-bribery and corruption.

Training completed regarding anti-corruption policies and procedures 2023

We tolerate no form of extortion or bribery, including improper offers for payments or entertainment to or from our employees or organisations. We forbid bribery of office holders, clients, business partners, suppliers, or any other party, accepting improper payments from such persons or inciting these persons to such behaviour to achieve unfair advantages.

We are committed to complying with all applicable competition and antitrust laws and regulations. We also strive to comply with all applicable export control regulations to prevent the proliferation of software and/or technology that can be used for military purposes.

We expect our third parties to abide by all applicable laws and regulations and uphold values and principles that compare with our own. To ensure that this is the case, we have introduced a third-party risk management process that entails onboarding for new and existing business partners, with automated workflows for assessments, risk mitigations, reporting, monitoring, and offboarding. Our business partners, including suppliers, distributors, and contractors, will be successively evaluated and undergo a scrutiny process that covers aspects of Compliance, Data Privacy, Procurement and Security and will be rated accordingly. The rollout of this third-party risk management process commenced in 2022, first targeting third parties with higher risk ratings.

Integrity Line

Our Integrity Line is the internal reporting mechanism that allows employees and external third parties to confidentially and securely report incidents. The Integrity Line is operated via EQS, our third-party provider, to ensure anonymity and impartiality. Via the Integrity Line employees can report a wide range of issues, including bribery, corruption, discrimination, harassment, violence, conflict of interest, theft, and health and safety violations.  It provides a comprehensive case management system, designed to facilitate the logging, tracking, and resolution of reported cases. This includes interview notes, disciplinary actions and case outcomes. The Integrity Line encourages a culture of openness and transparency within SoftwareOne and demonstrates our commitment to ethical behaviour and compliance with applicable laws and regulations.

A key objective of managing grievances is to learn from such cases and prevent the same from reoccurring. The focus is on remediation and conflict resolution, alongside preventing adverse media exposure, reputational damage and involvement in court cases. Remediation processes are tailored to the specifics of each case, involving pertinent departments as required, including, but not limited to, People and Culture for disciplinary measures and Finance Compliance to address procedural flaws. Escalation to the Board of Directors is also undertaken where appropriate. Crucially, our Code of Conduct and Compliance Reporting Policy embody the principle of non-retaliation, ensuring that individuals who report concerns in good faith are protected from any form of retaliation. Our remediation strategy includes developing new policies, sharing ad hoc learnings with business leaders, and incorporating real-life cases into our compliance training materials, reinforcing our commitment to continuous improvement and ethical business practices.

Conflicts of interest

Our employees and other SoftwareOne representatives must avoid conflicts of interest and, if unable to do so, must disclose conflicts internally for appropriate action to be taken to avert challenging situations or allegations of impropriety. These principles are set out in our Conflict of Interest Policy passed in 2022 which describes conflicting situations and the disclosure, recusal, and management processes. In 2023, we had 85 disclosures of conflicts of interest at SoftwareOne which were submitted via our new disclosure management tool covering outside opportunities, close personal relationships, gifts, donations, sponsorships, entertainment, intellectual property, and other potential situations of conflict.

Training roadmap

At SoftwareOne, our training programme demonstrates a lasting commitment to ethical compliance. Over the years, we have continuously evolved our roadmap to address compliance more meticulously, always aligning with the needs of our employees.

We refined our compliance training roadmap, initially in English only, to successively include Spanish and, in 2023, to also feature in German and Chinese. In the same year, we introduced Conflict of Interest and Anti-Harassment training, offered in all four languages. Targeted training already included many instruction sessions for our employees on how to best use third-party tools that detect risk and ensure overall compliance. The training has raised employee awareness on how to detect potential red flags affecting the company and our supply chain. This effort will be further expanded to involve all staff onboarding and managing existing suppliers and will be enhanced with targeted training that illustrates human rights violations, and cases of modern slavery. Additionally, as part of our due diligence process, we mandate all onboarding suppliers and entities involved in mergers and acquisitions to certify their non-involvement in these issues.

In 2024, we are embarking in the next phase of improvement, focusing on targeted training tailored to specific job roles and departments, designed to address areas of risk and compliance. As our programme evolves, we remain dedicated to developing more specialised training and activities specifically designed to address distinct compliance risks and behavioural concerns, ensuring our company stays at the forefront of ethical practice and compliance.

Data privacy and cybersecurity

In Switzerland, the revised Federal Data Protection Act (revDSG) came into effect on 1st September 2023. The revDSG introduced significant changes to the existing data protection regulations. After a gap analysis between the already implemented GDPR requirements and the requirements of the revDSG, the new Swiss data protection law has been implemented at SoftwareOne.

As a result of business and legal requirements in the US Healthcare Sector and customer requirements for multiple safeguards to protect their sensitive personal and health information, HIPAA (Health Insurance Portability and Accountability Act) was successfully implemented at SoftwareOne for a subset of offerings with plans for expansion in the coming year. The HIPAA Progamme will help SoftwareOne improve the business in the healthcare industry, and ensure that the protected health information of customers is shared securely.

Additionally, data protection teams have implemented measures to protect data during its lifecycle. Extensive support was provided to the different teams for the handling of data privacy-related aspects and customised training sessions were held for the teams to enhance their understanding of data protection laws. Furthermore, internal and external data protection policies were reviewed and updated to keep them aligned with the latest data protection regulations. SoftwareOne provides annual data protection training to all relevant employees.

26 data breaches were reported to the data protection team and handled accordingly; most breaches were primarily caused by human errors that resulted in unauthorised access to personal data. The data protection team promptly investigated each incident, assessed the scope of the breach, and recommended the implementation of appropriate remediation measures to protect impacted individuals.

Data breaches in 2023

To ensure that personal data is obtained properly, kept securely and only used for the business purposes for which it was initially intended, our IT policies, namely the IT end-user policy and Data Protection Policies, guide our employees in compliance and have been updated in 2023 to the new standard.

Finally, 2023 saw the kick-off of important projects such as the evaluation of global tools from a data protection perspective.

Artificial Intelligence

As AI becomes more important for our customers and our work, we plan to implement an AI Governance structure internally in 2024. AI governance is a system of rules, processes, best practices and tools for ensuring that AI is used ethically and responsibly.

With AI, SoftwareOne will bring a fundamental shift in every customer environment and unlock a new era of productivity growth. On the other hand, AI will deeply change the work environment internally at SoftwareOne. As AI intersects with the products we sell and the tools we use, AI governance will help our employees and clients understand how to work with this new technology in the most compliant manner.

Acquisitions and Integrations

Launched in 2022, the Acquisitions and Integrations (A&I) team have continued their ESG due diligence process on prospective acquisition targets. As part of the process, the A&I team poses a series of questions to the targets regarding their ESG strategy and impact. The aim is to assess alignment between the target companies and our ESG programme in terms of integrity, strategy, and ambitions. Previously, such due diligence was primarily focused on our compliance and business ethics areas (such as anti-corruption and conflicts of interest). These additional questions gave us a full outline of the target companies’ level of ESG maturity and strategy, and highlighted their best practices, allowing us to both take inspiration from their culture and, where necessary, to integrate our ethos, ESG values and ambitions into theirs.

In 2023, all targets that were deemed to be relevant for these questions were assessed and completed. The results of these questionnaires have allowed us to diligently follow up, engage and improve integration into our ESG programme.

Labour Standards

We support and respect the protection of internationally proclaimed human rights and ensure that we are not complicit in any human rights abuses. As a corporation, we will only hire people who are above the minimum legal age for employment and demand equal commitment on the part of our partners. We provide all employees with a safe work environment that respects their health and well-being. As far as any relevant laws allow, all our employees are free to form and join or not join trade unions or similar external representative organisations and to bargain collectively. We are subject to collective bargaining agreements or similar labour contracts in Brazil and Mexico. In other jurisdictions, including Spain, Austria, Italy, Sweden, Belgium and the Netherlands, a workers’ council is in place. Forced, bonded or compulsory labour is not tolerated and employees are free to leave their employment after reasonable notice as required by national law or work contract.

Approach to tax

Our approach to tax, tax governance, control, and risk management:

SoftwareOne aims to comply with all relevant tax legislation applicable to the group, in a complete, accurate and timely fashion. Tax compliance obligations are fulfilled by qualified employees in cooperation with external advisors. The global tax compliance progress including deliverables and adherence to legal deadlines is monitored centrally with appropriate tools and checks in place. We constantly monitor new developments in tax regulations and, if necessary, introduce prompt measures to comply with these new regulations, if required with the support of our network of external tax experts.

SoftwareOne is committed to paying its fair share of taxes in the jurisdictions where it operates and therefore refrains from aggressive tax planning or tax structures. Furthermore, we have a process in place to detect potential tax risks concerning our group subsidiaries and to subsequently initiate measures to minimise and mitigate such risks. We are committed to maintaining open and collaborative relationships with governments and tax authorities worldwide. SoftwareOne does not condone any form of tax evasion or the facilitation of tax evasion.

Applied standards, certifications and Indices

The Business Concept CSR Excellence Awards 2023

The Business Concept covers all aspects of the business world and sees it important to pay attention to those who remain conscious of how their business can evolve and adapt to positively impact society and the environment. The CSR Excellence Awards recognise the firms and individuals who implement CSR concepts into their day-to-day operations. We are delighted to announce that SoftwareOne’s Laura Mozden, Global Head of ESG, won "Best Software Solutions In-House ESG Specialist" for 2023.

EcoVadis rating 2023

Since 2019 SoftwareOne has participated in the EcoVadis assessment annually. This assessment evaluates SoftwareOne’s sustainability performance in areas such as environment, labour and human rights, ethics, and sustainable procurement. In 2023 SoftwareOne was awarded a bronze medal in recognition of our sustainability achievement.

Carbon Disclosure Project (CDP)

CDP is a non-profit charity that runs the global disclosure system for investors, companies, cities, states and regions to manage their environmental impacts. In 2023 SoftwareOne disclosed our environmental data and carbon emissions through CDP and received a C score for the Climate Change questionnaire. Through CDP we can benchmark our environmental performance against our industry peers, with an internationally recognised sustainability score and feedback against our climate targets. CDP enables companies to meet reporting rules in multiple regions. With CDP, SoftwareOne can fully align with the best-practice TCFD recommendations.

ISO Standards

SoftwareOne puts a strong emphasis on independent validation and assurance of our operational measures and standards of service delivery. We are committed to maintaining and evolving relevant ISO standards and other independently audited certifications across all aspects of ESG. To align our global product and services with the highest regional standards, our work is certified annually by TÜV Süd, and The American Institute of Certified Public Accountants (AICPA).

SoftwareOne’s current certifications include:

• ISO 14001:2015 – Environmental Management
• ISO 27001:2013 – Information Security Management
• ISO/IEC 27017:2015 – Information Security Controls for Cloud Services
• SOC2 Type II report proved by AICPA
• SOC3 report provided by AICPA

The full list of SoftwareOne’s current standards is available at ISO Certifications

Global Reporting Initiative (GRI)

Since 2022, SoftwareOne has reported to the Global Reporting Initiative (GRI) framework with reference. We aimed to improve our data sharing and work towards reporting to GRI in accordance.