Issued November 1, 2022
BitSight is committed to conducting our business with the highest ethical standards and in compliance with applicable laws, rules, and regulations. We expect our vendors, suppliers, contractors, and consultants (herein referred to as “Vendor(s)” or “Supplier(s)”) to share this commitment and to operate in compliance with applicable laws, rules, regulations, and the conduct set forth in the BitSight
Vendor Code of Conduct (“Code”).
This Code applies globally to all BitSight’s vendors and sets forth BitSight’s expectations for ethical business practices, employee health and safety, labor practices, diversity and inclusion, environmental sustainability, and business management. If, at any point, the Code conflicts with the terms and conditions of a Vendor’s written contract with BitSight, the Vendor’s contract with BitSight will govern.
BitSight helps organizations worldwide manage cybersecurity risk and enables cyber risk-based decision making for enterprises, insurers, governments, and other entities. BitSight’s core values include integrity, engagement, and inclusivity, and we expect Vendors to operate with business ethics that support those values.
Business Practices & Ethics
BitSight’s Vendors are expected to conduct their business with the highest ethical standards and in compliance with all applicable laws and regulations relating to, without limitation, employment of employees and the engagement of contractors, protection of personal data and privacy, environmental protection and any other laws mentioned in the Code.
Compliance with Laws and Regulations
Suppliers are required to comply with all applicable federal, state, provincial, local and international laws, rules, and regulations and orders of any authority with jurisdiction over the Vendor’s business, products, and services they supply to BitSight.
Anti-Bribery and Anti-Corruption
Vendors are required to comply with all applicable laws, including anti-bribery and anti-corruption laws. These include, but are not limited to, the United States Foreign Corruption Practices Act and the UK Bribery Act.
Vendors must not offer to pay bribes and will not provide business courtesies—such as gifts, entertainment, or other hospitality, or other things of value—to public officials or business contacts for the purpose of rewarding a person for performing a function or activity that he or she is otherwise required to perform, or for including or rewarding the improper performance of a function or activity.
Confidentiality is an essential part of BitSight’s business, so Vendors may have access to non-public, sensitive and/or private information, data and materials belonging to BitSight, its affiliates or respective employees, customers, clients, or third-party suppliers or contractors. BitSight requires its Vendors to protect the confidential information they obtain, access or process on behalf of BitSight or its customers in accordance with all applicable laws and in the same manner they used to protect their own highly sensitive information.
Vendors may not use or disclose any confidential information other than for the performance of services or provision of products to BitSight and its affiliates, and in no case shall use or share confidential information for the purpose of trading securities. In addition, Vendors acknowledge that unauthorized disclosure or use of BitSight’s confidential information may violate applicable laws and could result in significant fines, reputational damage, and criminal penalties.
To the extent Vendors are given access to BitSight’s systems, they must use such systems solely for the purpose of providing services to BitSight or its affiliates, and not for any other purposes. They must also comply with all policies and procedures communicated by BitSight with respect to the use of such systems, including the BitSight Acceptable Use Policy.
Vendors should immediately report any actual or suspected breach of confidentiality of BitSight’s non-public, sensitive and/or private information, data and materials of which they become aware to [email protected].
Forced Labor & Human Trafficking
BitSight denounces all forms of forced labor including slavery and human trafficking. Vendors must comply with all laws and regulations pertaining to the prohibition of slavery, forced labor and human trafficking such as the UK Modern Slavery Act 2015 and any similar laws of other jurisdictions. Vendors will implement reasonable due diligence procedures for their own suppliers, subcontractors, and others in their supply chain, and promptly notify BitSight upon becoming aware of any actual or suspected breach of any slavery-related laws.
Vendors will not use or employ child labor and must take all means necessary to ensure they do not use or employ anyone under the relevant legal minimum working age. In addition, Vendors must comply with all employment laws and regulations.
Wages & Benefits
Vendors must comply with applicable wage and hour laws, including minimum wage and overtime laws in the relevant jurisdiction(s), as well as to provide all payments on behalf of Vendor’s employees, including the required income and social security withholding taxes, unemployment and disability insurance payments and taxes, and all other amounts of benefits owed or payable to or on behalf of Vendor’s employees. Suppliers must understand and agree that there is no employment relationship between BitSight and Suppliers’ personnel.
Working Hours & Environment
BitSight expects that Suppliers comply with applicable laws, rules, and regulations governing working hours. Vendors’ employees should not be forced to work in excess of legal limits, and overtime should be voluntary in nature and agreed upon between Suppliers and their employees. Vendors must provide a safe and healthy working environment that supports accident prevention and ensures the health and safety of all employees.
Non-Discrimination and Harassment
Vendors will treat their own and BitSight’s employees with the highest level of respect and maintain a workplace free of harassment and discrimination. Vendors must not tolerate discrimination or harassment based on race, color, age, sex, gender or gender identity, sexual orientation, ethnicity, citizenship, national origin, genetic information, disability, pregnancy, religion, political affiliation, medical condition, veteran status, ancestry, union membership, or marital status. Vendors are also expected to comply with all local laws and regulations pertaining to discrimination in hiring and employment practices.
Vendor Diversity and Environmental Protection
BitSight seeks to provide small business enterprises and businesses with owners who are minorities, women, veterans, disabled, or LGBTQ+, with equal access to purchasing opportunities. As part of this commitment, Vendors should use commercially reasonable efforts to purchase from diverse suppliers.
Environmental Protection and Sustainability
BitSight believes in creating an environmentally sustainable future, reducing adverse impact on the planet, and doing our part to protect and care for the environment. BitSight’s Vendors should adhere to similar environmental and sustainability goals. Suppliers’ efforts to optimize the use of water and energy and reduce waste through reuse, recovery, and recycling, are valued by BitSight and these efforts are an important aspect of environmental management that we promote within our supply chain. To the extent applicable to their businesses, Vendors should have processes in place to identify, assess, mitigate, and manage potentially significant risks and impacts to human health and the environment.
General Management & Administration
BitSight’s Acceptable Use Policy
BitSight’s Acceptable Use Policy describes the obligations of all users of BitSight’s technology resources and BitSight information, including without limitation, the responsibilities to safeguard confidential information. BitSight expects its suppliers, when applicable to comply with the Use Policy in their use of BitSight’s technology resources and information.
Material Adverse Events
Vendors should promptly report to BitSight any event or circumstance that could reasonably be expected to compromise their ability to fulfill their contractual obligations to BitSight.
Raising Concerns/Reporting Vendor Code Violations
If you have a concern or suspect a violation of this Vendor Code, please speak to your BitSight contact or raise the issue to BitSight Whistleblower Hotline at 1-800-603-2869 or online at www.lighthouse-services.com/bitsight. Retaliation against anyone for raising such issues in good faith is contrary to BitSight’s policies.
We encourage Vendors to provide a confidential avenue for reporting violations of laws or their own policies.