Integrity has, and always will be, a core value at SoftwareOne. We continuously strive to protect and enable our employees to prioritise compliance and maintain an ethical work environment. As such, our 2030 governance ambitions span the full scope of our compliance and ethics environment.
Third-party risk management
We mandate all our third-parties to adhere to our Supplier Code of Conduct and we carry out a comprehensive third-party risk management assessment entailing a risk-based selection process for our first-tier suppliers. This process identifies suppliers that pose the highest risk based on factors such as location and industry. A questionnaire evaluates the supplier's compliance with various standards, including Data Protection, ESG, Risk, Compliance, Procurement, and Data Security. The questionnaire provides a comprehensive assessment of the supplier's practices, policies, controls, allowing for a consistent and objective evaluation of supplier risk.
By using this process, our business can effectively manage third-party risks, mitigate potential vulnerabilities, and ensure compliance with applicable regulations and industry standards.
Acquisitions and Integrations
The Acquisitions and Integrations (A&I) team has piloted a new ESG due diligence process on prospective acquisition targets. As part of the process, the A&I team poses a series of questions to the targets regarding their ESG strategy and impact. The aim is to assess alignment between the target companies and our ESG programme in terms of integrity, strategy, and ambitions. These questions give us a full outline of the target companies’ level of ESG maturity and strategy, and highlights their best practices, allowing us to take inspiration from their culture and integrate their ethos, values and ambitions into ours.
Modern slavery
At SoftwareOne we are doing everything we can to prevent modern slavery in all its forms. SoftwareOne enforces measures such as a Code of Conduct with a zero-tolerance policy, a modern slavery statement outlining steps taken to prevent slavery, a Supplier Code of Conduct, due diligence on suppliers, and regular employee training programmes. READ MORE
Training roadmap
In 2022 we launched the first stage of our compliance training roadmap with our Code of Conduct training, which is a foundational training that provides an overview of company policies and expectations for ethical behaviour. This training was available in both Spanish and English, and in 2023 will also be available in German and Chinese.
In 2023, we will launch the second stage of our roadmap which is our Conflict of Interest and Anti-harassment training. This new Anti-harassment training will be available in English and will also be translated into Spanish, German and Chinese during the year.
The third stage, to be launched in 2024, involves targeted group training courses, which are designed to address specific areas of risk or compliance requirements for different departments or job roles. For example, finance and accounting staff may receive training on anti-bribery and corruption, while human resources staff may receive training on discrimination and the handling of harassment cases.
As the programme evolves, the company will introduce more targeted training courses and engagement activities that address specific compliance risks or areas where employee behaviour may be of particular concern.
Integrity Line
Our Integrity Line is the internal reporting mechanism that allows employees to confidentially and securely report incidents. Integrity Line is operated via EQS, our third-party provider, to ensure anonymity and impartiality. Via Integrity Line employees can submit reports of bribery, corruption, discrimination, harassment, violence, conflict of interest, theft, and health and safety violation cases. This third party provider also provides us with a full case management system, designed to log, track and manage outcomes of such cases, including interview notes, disciplinary actions and case outcomes. Integrity Line encourages a culture of openness and transparency within SoftwareOne and demonstrates our commitment to ethical behaviour and compliance with applicable laws and regulations.
Anti-corruption and bribery
Previously, SoftwareOne established a solid basis for our Anti-Corruption and Bribery programme in our Code of Conduct. However, in July 2022, we introduced a dedicated internal policy, providing more detail and as a topic-specific resource. We set a zero-tolerance strategy for bribery and corruption within all business activities. As mentioned, this topic is vital to our training roadmap. This commitment was further highlighted in SoftwareOne’s updated Code of Conduct for 2022.
To further promote compliance with our Anti-corruption Policy, SoftwareOne launched a disclosure tool developed by Convercent, which is now a part of OneTrust. This tool facilitates improved management and reporting of gifts, entertainment, donations, incentives, and external opportunities such as secondary jobs and volunteering.
Data privacy and cybersecurity
SoftwareOne has measures in place for lawful data transfer to countries outside the EU and conducts regular Transfer Impact Assessments. Privacy Port, our data protection management system, was established in 2019 and the data protection team frequently publishes new policies and guidelines for data management. SoftwareOne provides annual data protection training to all relevant employees who are required to report data breaches as they occur. These include internal incidents, such as leaking salary and payment information to unauthorised colleagues, and external breaches which refer to leaking confidential customer information to other customers. Overall, only 47 incidents were reported in 2022 and these were resolved through SoftwareOne’s management system. In 2023, SoftwareOne will implement a new data protection law in Switzerland, adhere to HIPAA regulations in the US, and evaluate data protection regulations in LATAM and in China.
Ecovadis rating 2022
Since 2019 SoftwareOne has participated in the EcoVadis assessment annually. This assessment evaluates SoftwareOne’s sustainability performance in areas such as environment, labour and human rights, ethics, and sustainable procurement. In 2022, SoftwareOne was awarded a silver medal for the second year in recognition of our sustainability achievement. SoftwareOne’s overall rating is in the top 25% of the companies assessed by EcoVadis in the provision of information technology industry services. For ethics and sustainable sourcing, SoftwareOne is in the top 13% and top 20% respectively.