Our corporate governance
Code of Conduct
At SoftwareOne, we are guided by our Code of Conduct for Board Members and Employees and expect our partners to respect the Code of Conduct for Business Partners. As a useful resource, it is embedded with hyperlinks and references to online documents posted on the internet/intranet. After refreshing both Codes in 2023 to reflect our new corporate identity, we have further refined them in 2024 to clarify our values and responsibilities. Our practical guides to help colleagues interpret the Code also include updated policies enabling both employees and external partners to raise integrity cases. Our employees are required to complete mandatory online training on the Code of Conduct on an annual basis, allowing us to measure their understanding and engagement. We deliver the training in multiple formats, and our latest metrics show a steady increase in participation and completion rates.
Human rights
Our goals and policies
At SoftwareOne, our human rights focus is on modern slavery in our supply chain. Given the nature of our business, other areas of human rights concerns are not pertinent. For example, contamination of drinking water supplies, displacement of communities in the wake of new development projects, or concerns about child labour are not relevant to SoftwareOne, given that we are not a manufacturing organisation, nor do we impact communities with any of the associated risks. To determine this, we reviewed our software and cloud partners against the UN Global Compact Industry-Specific Risk Factors and concluded that there are no significant cases relating to these areas.
Modern slavery
We are doing everything we can to prevent modern slavery in all its forms. Our objective is to ensure that no SoftwareOne employee or anyone in our supply chain is subject to such injustice. To enforce this commitment, we enforce measures such as training and communication on our Code of Conduct with a zero-tolerance policy, a modern slavery statement outlining steps taken to prevent slavery, a Supplier Code of Conduct, due diligence on suppliers, and regular employee training programmes. In May 2024, SoftwareOne published its Global Modern Slavery Statement, reflecting our ongoing commitment to upholding human rights and ethical business practices across all our operations and global supply chains. The Statement covers our commitment to human rights and global frameworks, outlines our supply chain approach, details our Third-Party Risk Management programme and emphasises our commitment to continuous improvement and training. It also includes information pertaining to the German Supply Chain Act, ensuring compliance with current legislative requirements. In 2024, targeted training was provided to key employees in the UK to improve their skills to detect modern slavery and identify and mitigate potential risks. These employees work directly with service providers and suppliers.
Anti-corruption
Anti-corruption and Bribery programme
Building on our upgraded third-party risk management processes in 2024, we further refined and expanded the platform to keep pace with evolving regulatory demands. These enhancements have strengthened our ability to monitor and mitigate risks effectively, ensuring we maintain the highest ethical standards across our operations.
Alongside our intensified efforts to monitor the compliance of our partners, SoftwareOne is placing additional priority on enhancing the training of our people. SoftwareOne seeks to ensure that targeted training courses are made available to finance, sales, and procurement teams to raise their sensitivity and awareness in all matters relating to anti-bribery and corruption.
We do not tolerate any form of extortion or bribery, including improper offers for payments or entertainment to or from our employees or organisations. We forbid bribery of office holders, clients, business partners, suppliers, or any other party, accepting improper payments from such persons or inciting these persons to such behaviour to achieve unfair advantages.
We are committed to complying with all applicable competition and antitrust laws and regulations. We also strive to comply with all applicable export control regulations to prevent the proliferation of software and/or technology that can be used for military purposes.
We expect our third parties to abide by all applicable laws and regulations and adhere to values and principles comparable to our own. To ensure that this is the case, we have introduced a third-party risk management process that entails onboarding for new and existing business partners, with automated workflows for assessments, risk mitigations, reporting, monitoring, and offboarding. Our business partners, including suppliers, distributors, and contractors, will be successively evaluated and undergo a scrutiny process that covers aspects of Compliance, Data Privacy, Procurement and Security and will be rated accordingly. The rollout of this third-party risk management process commenced in 2022, initially targeting third parties with higher risk ratings. Our policies and procedures regarding anti-corruption are shared with our colleagues through our Code of Conduct training. This year we saw an increase in completion of this training, from 85% in 2023 to 95% in 2024.
Integrity Line
Our Integrity Line is the internal reporting mechanism that allows employees and external third parties to report incidents confidentially and securely. The Integrity Line is operated via EQS, our third-party provider, to ensure anonymity and impartiality. Using the Integrity Line, employees can report a wide range of issues, including bribery, corruption, discrimination, harassment, violence, conflict of interest, theft, and health and safety violations. It provides a comprehensive case management system designed to facilitate the logging, tracking, and resolution of reported cases. This includes interview notes, disciplinary actions and case outcomes. The Integrity Line encourages a culture of openness and transparency within SoftwareOne and demonstrates our commitment to ethical behaviour and compliance with applicable laws and regulations.
In 2023, European countries commenced the adoption of new whistleblowing laws at the national level to align with the EU Directive 2019/1937. In response, we reassessed our whistleblowing approach in 2024 to ensure full compliance with the regulations.
The Compliance Reporting Policy has been updated to reflect our commitment to fostering transparency and ensuring alignment with evolving regulations. External whistleblowing lines have also been established. These initiatives reflect our ongoing commitment to fostering a culture of transparency and accountability. The number of reports received on the Integrity Line in 2024 saw an increase of over 200%, reflecting our continued commitment to fostering a strong speak-up culture.
A key objective of managing grievances is to learn from such cases and prevent their recurrence. The focus is on remediation and conflict resolution, along with prevention of adverse media exposure, reputational damage and involvement in court cases. Remediation processes are tailored to the specifics of each case, involving pertinent departments as required, including, but not limited to, People and Culture for disciplinary measures and Finance Compliance to address procedural flaws. Escalation to the Board of Directors is also undertaken where appropriate. Crucially, our Code of Conduct and Compliance Reporting Policy embody the principle of non-retaliation, ensuring that individuals who report concerns in good faith are protected from any form of retaliation. Our remediation strategy includes developing new policies, sharing ad hoc learnings with business leaders, and incorporating real-life cases into our compliance training materials, reinforcing our commitment to continuous improvement and ethical business practices.
Conflicts of interest
Our employees and other SoftwareOne representatives must avoid conflicts of interest and, if unable to do so, must disclose conflicts internally so that appropriate action can be taken to avert challenging situations or allegations of impropriety. These principles are set out in our Conflict of Interest Policy issued in 2022, which describes conflicting situations and the disclosure, recusal, and management processes. In 2024, we had 55 disclosures of conflicts of interest at SoftwareOne, which were submitted via our disclosure management tool. This tool covers outside opportunities, close personal relationships, gifts, donations, sponsorships, entertainment, intellectual property, and other potential situations of conflict of interest.
Training roadmap
At SoftwareOne, our training programme demonstrates a lasting commitment to ethical compliance. Over the years, we have continuously evolved our roadmap to address compliance more meticulously and advise employees on our policy landscape, always aligning with their needs.
We expanded our compliance training roadmap, initially in English only, to successively include Spanish and, in 2023, German and Chinese. In the same year, we introduced Conflict of Interest and Anti-Harassment training, offered in all four languages. Targeted training already included many instruction sessions for our employees on how to best use third-party tools that detect risk and ensure overall compliance. The training has raised employee awareness on how to detect potential red flags affecting the company and our supply chain. This work will be further expanded to involve all staff onboarding and management of existing suppliers and will be enhanced with targeted training illustrating human rights violations and cases of modern slavery. Additionally, as part of our due diligence process, we mandate that all onboarding suppliers and entities involved in mergers and acquisitions certify their non-involvement in these issues.
In 2024, we embarked on the next phase of improvement, focusing on targeted training tailored to specific job roles and departments, designed to address areas of risk and compliance. As our programme evolves, we remain dedicated to developing more specialised training and activities specifically designed to address distinct compliance risks and behavioural concerns, ensuring our company stays at the forefront of ethical practices and compliance. As part of this effort, we launched Compliance Data and Security Month, which yielded excellent completion rates as follows:
Data privacy and cybersecurity
In line with SoftwareOne’s ongoing commitment to safeguarding personal data, in 2024 SoftwareOne implemented a new Data Protection and Privacy Policy, which aims to ensure regulatory compliance, build customer trust, streamline internal processes, protect individual rights, and foster positive relationships with customers. At the same time, significant efforts have been made to ensure the proper compliance of any newly deployed third-party tool or system so that employee and customer data is appropriately safeguarded. Moreover, SoftwareOne provides annual data protection training to all its employees so that they can understand and comply with data protection laws, preventing breaches and fostering a culture of awareness.
Information breaches in 2024
In 2024, three separate instances were found on the DarkNet6) where SoftwareOne files were being sold. In each case, the files consisted of outdated quotes or customer offers that had been obtained from breaches at the customer end. There is no evidence that SoftwareOne systems were compromised or that their data was leaked to the DarkNet.
6) The DarkNet is a hidden portion of the internet that is not indexed by traditional search engines.
Data breaches in 2024
During 2024, 22 data breaches were reported to the data protection team and handled appropriately; most breaches were primarily caused by human error that resulted in unauthorised access to personal data. The data protection team, together with the designated Data Protection Officer, promptly investigated each incident, assessed the scope of the breach, and recommended the implementation of appropriate remediation measures to protect impacted individuals.
Artificial intelligence
As AI becomes more important for our customers and our work, we plan to implement an internal AI Governance structure in 2025. AI Governance is a system of rules, processes, best practices and tools for ensuring that AI is used ethically and responsibly.
With AI, SoftwareOne will bring a fundamental shift to every customer environment and unlock a new era of productivity growth. On the other hand, AI will deeply change the work environment internally at SoftwareOne. As AI intersects with the products we sell and the tools we use, AI governance will help our employees and clients understand how to work with this new technology in the most compliant manner.
Acquisitions and Integrations
Launched in 2022, the Acquisitions and Integrations (A&I) team have continued their ESG due diligence process on prospective acquisition targets. As part of the process, the A&I team poses a series of questions to the targets regarding their ESG strategy and impact. The aim is to assess alignment between the target companies and our ESG programme in terms of integrity, strategy, and ambitions. Previously, such due diligence was primarily focused on our compliance and business ethics areas (such as anti-corruption and conflicts of interest). These additional questions gave us a full outline of the target companies’ level of ESG maturity and strategy and highlighted their best practices, allowing us to both take inspiration from their culture and, where necessary, to integrate our ethics, ESG values and ambitions with theirs.
In 2024, all target companies that were deemed to be relevant were assessed. The results of these questionnaires have allowed us to diligently follow up, engage and improve integration into our ESG programme.
Labour standards
We support and respect the protection of internationally proclaimed human rights and ensure that we are not complicit in any human rights abuses. As a corporation, we will only hire people who are above the minimum legal age for employment, and we demand the same commitment from our partners. We provide all employees with a safe work environment that respects their health and well-being. As far as any relevant laws allow, all our employees are free to form and join or not join trade unions or similar external representative organisations and to bargain collectively. We are subject to collective bargaining agreements or similar labour contracts in Brazil and Mexico. In other jurisdictions, including Germany, Spain, Austria, Italy, Sweden, Belgium and the Netherlands, workers’ councils are in operation. Forced, bonded or compulsory labour is not tolerated, and employees are free to leave their employment after reasonable notice as required by national law or work contract.
Approach to tax
SoftwareOne aims to comply with all relevant tax legislation applicable to the group in a complete, accurate and timely fashion. Tax compliance obligations are fulfilled by qualified employees in cooperation with external advisors. Global tax compliance progress, including deliverables and adherence to legal deadlines, is monitored centrally with appropriate tools and checks in place. We constantly monitor new developments in tax regulations and, if necessary, introduce timely measures to comply with these new regulations, with the support of our network of external tax experts if required.
SoftwareOne is committed to paying its fair share of taxes in the jurisdictions where it operates and therefore refrains from aggressive tax planning or tax structures. Furthermore, we have a process in place to detect potential tax risks concerning our group subsidiaries and to subsequently initiate measures to minimise and mitigate such risks. We are committed to maintaining open and collaborative relationships with governments and tax authorities worldwide. SoftwareOne does not condone any form of tax evasion or the facilitation of tax evasion.
Applied standards, certifications and Indices
S&P Corporate Sustainability Assessment
SoftwareOne completes the S&P Corporate Sustainability Assessment annually. This assessment evaluates our performance across all ESG topics to help us improve our performance. SoftwareOne’s ESG score for 2024 was 32 out of 100, with an industry average of 34. This score was 12 points higher than the previous year, with the best performing areas being Human Capital Management, Climate Strategy and Corporate Governance.
EcoVadis rating 2024
Since 2019, SoftwareOne has participated annually in the EcoVadis assessment. In 2024, SoftwareOne was awarded a bronze medal in recognition of our sustainability achievement. SoftwareOne’s overall rating is in the top 35% of the companies assessed by EcoVadis in 2024 and in the top 34% of those assessed in the provision of information technology industry services.
Carbon Disclosure Project (CDP)
In 2024, SoftwareOne disclosed our environmental data and carbon emissions through CDP and received a C score for the climate change and water questionnaires. Using CDP, we can benchmark our environmental performance against our industry peers with an internationally recognised sustainability score and feedback against our climate targets. CDP enables companies to meet reporting rules in multiple regions. With CDP, SoftwareOne can fully align with best-practice TCFD recommendations.
ISO Standards
SoftwareOne puts a strong emphasis on independent validation and assurance of our operational measures and standards of service delivery. We are committed to maintaining and evolving relevant ISO standards and other independently audited certifications across all aspects of ESG. To align our global products and services with the highest regional standards, our work is certified annually by TÜV Süd and the American Institute of Certified Public Accountants (AICPA).
SoftwareOne’s current certifications include:
- ISO 14001:2015 – Environmental Management
- ISO 27001:2013 – Information Security Management
- ISO/IEC 27701:2019 – Privacy Information Management System
- SOC2 Type II report proved by AICPA
- SOC3 report provided by AICPA
The full list of SoftwareOne’s current standards certifications is available at ISO Certifications.