Entrust is committed to the highest possible standards of ethical, moral and legal business conduct. If you have concerns about potential wrongdoing, we encourage you to report those concerns to us at [email protected] or through our Ethics Hotline which is available 24/7, 365 days a year by telephone or website. The hotline is staffed by an independent third party and not by Entrust colleagues.

Website: entrust.ethicspoint.com

Toll-Free Telephone:

    Introduction

    At Entrust Corporation, we lead by acting with integrity and urgency in all we do. This Code of Ethics defines what is expected of all Entrust colleagues—every colleague must confirm their understanding of and commitment to comply with the Code of Ethics.

    The Entrust Code of Ethics is only a starting point. Every colleague is responsible for knowing and complying with the spirit and the letter of applicable laws and regulations as well as this Code of Ethics. In evaluating whether a contemplated course of action complies with the Code of Ethics, a good question to ask yourself is how you would feel if your actions were publicized in the media?

    So, how do we act with integrity in all we do to ensure we are successful, innovative and trusted in our industry?

    We do business legally, fairly and free from undue influence.

    We ensure the confidentiality, security and accuracy of information we hold.

    We promote a safe, diverse and inclusive work environment.

    Conflicts of Interest

    We do business legally, fairly and free from undue influence.

    Colleagues must avoid any situation in which they have, or appear to have, an interest that conflicts with the best interests of Entrust. Conflicts of interest can arise in situations where the colleague or a member of the colleague’s immediate family have an interest or relationship (financial, employment or otherwise) that may have an adverse effect on Entrust or may unduly influence the colleague’s exercise of independent judgment due to considerations of personal gain or benefit.

    While it is not possible to list every situation in which an actual or apparent conflict of interest may exist, Entrust considers the following activities to be conflicts of interest. As such, colleagues are prohibited from engaging in these activities without receiving prior written approval from the Chief Executive Officer (CEO) or the CEO’s designee:

    • Competing, either directly or indirectly, with Entrust.
    • Having an interest, either direct or indirect, in competitors, suppliers, or customers of Entrust, other than a non-substantial, passive ownership of securities. What constitutes a “substantial” interest will depend on facts such as the size of the entity, whether it is a public or private company, the type and dollar amount of business the entity does with Entrust, the nature of its competition with Entrust, and the significance of the investment considering the colleague’s other financial resources.
    • Serving as a colleague, consultant, officer, or director of, or receiving income from, any person or organization that the colleague knows, or reasonably should know, does business with Entrust, seeks to do business with Entrust or directly competes with Entrust.
    • Engaging in non-Entrust employment or consulting work that may conflict with Entrust’s business interests or that prevents the colleague from satisfactorily performing the colleague’s responsibilities to Entrust.
    • Accepting gifts or entertainment from a person or organization that does business with Entrust or seeks to do business with Entrust except as permitted under the section entitled “Gifts and Entertainment.”
    • Trading in the stock of any company or dealing for personal gain on the basis of material, non-public information learned in the course of employment with Entrust.
    • Personally exploiting a corporate opportunity or receiving any personal benefit from a business transaction in which Entrust engages.

    Can I seek outside employment in addition to my job at Entrust?

    Maybe. Our standard employment agreement requires you first to obtain the written consent of the Company before seeking or engaging in outside employment or business activities during the course of your employment at Entrust. You should talk to your manager and your HR Business Partner to seek the required approval. Outside employment is usually approved provided it would not be too time consuming or overly burdensome such that it would interfere with your job at Entrust.

    For questions or more information, contact the Legal Department.

    Gifts and Entertainment

    We do business legally, fairly and free from undue influence.

    Transfers of value (e.g., gifts, entertainment, meals, travel, other hospitality and political or charitable contributions) can create improper influence (or the appearance of improper influence) and must be given and/or received in accordance with the Code of Ethics and the Global Anti-Corruption Policy.

    Gifts and entertainment means anything of value, e.g. loans, favorable terms on a product or service, prizes, use of another company’s vehicles, tickets, gift certificates, use of vacation facilities, attendance at sporting events, stocks, other securities or participation in stock offerings. Entertainment is considered a gift, subject to these guidelines, when the giver or representative from the giving organization will not accompany you to the event.

    Acceptable for self-approval

    Some gifts and entertainment are sufficiently modest that they do not require prior approval. Think through the intent (e.g., is it normal courtesy or to build a business relationship versus influencing the recipient’s objectivity in making a business decision?), materiality, frequency and transparency (e.g., would you be embarrassed if your manager, colleagues or anyone else outside Entrust became aware?). The following are usually acceptable without prior approval:

    • Meals: Modest occasional meals with someone with whom we do business
    • Entertainment: Occasional attendance at ordinary sports, theater and other cultural events
    • Gifts: Gifts of nominal value such as pens, calendars, or small promotional items

    Never acceptable

    Other types of gifts and entertainment are never permissible. They are:

    • Any gift or entertainment that would be illegal
    • Any thing of value to any government official; political party or party official; or any candidate for political office; official or employee of an international organization; or officer, director, or employee of a customer for the purpose of inducing the recipient to misuse their position to to provide any improper or undue business advantage to Entrust
    • Anything of value given to an Entrust colleague by a vendor, supplier, or partner or an officer, director, or employee of a vendor, supplier, or partner for the purpose of inducing the colleague to misuse their position at Entrust to the provide any improper or undue business advantage to the payor or to any other person or entity
    • Gifts or entertainment involving parties engaged in a tender or competitive bidding process
    • Any gift of cash or cash equivalent (such as gift certificates, gift cards, or loans)
    • A gift or entertainment that you pay for personally to avoid having to seek approval
    • Any entertainment that is inappropriate, indecent, or sexually oriented or might otherwise adversely affect Entrust’s reputation

    May be acceptable with prior approval

    For anything that does not fit into the other categories, the gift or entertainment may or may not be permissible. You must get advance approval in writing from your manager or SLT member as appropriate for the following:

    • Entertainment that exceeds 150 USD or equivalent
    • Gifts valued at more than 50 USD or equivalent
    • Lavish meals that cost more than 150 USD or equivalent per person (or 50 USD for a government official)
    • Special events such as a World Cup game or major golf tournament (these usually have a value of more than 150 USD)
    • Travel or overnight accommodation, as this normally raises the personal benefit to material levels

    Any entertainment valued at more than 500 USD, gifts over 250 USD, or political and charitable contributions must be pre-approved in writing by the CEO.

    Other important things to know about gifts and entertainment

    It is acceptable to receive a gift that exceeds a designated monetary limit if it would be insulting to decline, but the gift must be reported to management who will decide whether it:

    • May be retained by the recipient
    • Will be retained for the benefit of Entrust
    • Will be sold and the money donated to charity
    • Will be returned to the donor

    You may not accept or must immediately return any gift of cash or a cash equivalent such as bank check, money order, negotiable instrument, gift card, gift certificate, loan). If the hospitality or entertainment is at an inappropriate venue, includes “adult entertainment,” or would otherwise embarrass Entrust, you must decline.

    In some departments or jurisdictions, more restrictive rules or regulations on both giving and receiving gifts and entertainment may apply, particularly regarding government officials. Colleagues must be careful not to give or accept gifts or entertainment that do not comply with local requirements. Please refer to the Global Anti-Corruption Policy for further guidance.

    A customer offered me tickets to a sporting event but won’t be attending with me. Is it okay if I accept the tickets?

    In this scenario, the tickets would be considered a gift. Only gifts of nominal value may be accepted without prior approval from your manager or SLT member.

    How should I respond if I am offered a gift that I am uncomfortable accepting or that I know is not permissible under Entrust policy?

    You should politely decline the offer if it will not damage the relationship with the offeror. If it could cause harm or would be insulting to decline, you may accept the gift, but you must immediately report the gift to your manager. You must always decline or immediately return a gift of cash or a cash equivalent.

    May I accept a prize or award from a vendor drawing?

    Colleagues may accept a prize or award from a bona fide competition held in public such as a drawing at a conference or training session that meets the requirements outlined in this section.

    For questions or more information, contact the Legal Department or your HR Business Partner.

    Anti-Corruption and Coercion

    We do business legally, fairly and free from undue influence.

    The nature of Entrust’s business requires colleagues and third parties with whom we do business to interact regularly with government officials and private sector customers. Applicable anti-corruption laws (e.g., the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, the US Foreign Corrupt Practices Act (FCPA), the International Travel Act, the UK Bribery Act, and Canada’s Corruption of Foreign Public Officials Act (CFPOA) establish certain rules and restrictions on those interactions in all countries where Entrust does business. Colleagues should be aware of all applicable anti-corruption laws, rules, and regulations where they are located and in the locations where services will be performed or that are applicable to a particular project or tender, as well as multilateral development bank (MDB) guidelines, where applicable.

    Entrust prohibits paying, offering to pay, promising to pay or authorizing the payment of money or anything of value, directly or indirectly, to any government official or private sector customer in order to secure an improper business advantage. Entrust also strictly prohibits any colleague from soliciting or accepting a bribe from any individual or entity as an Entrust colleague. International law prohibits all of the above—anti-bribery laws are not just restricted to offers of improper payment to government officials.

    Extortion and coercive practices – impairing or harming, or threatening to impair or harm, any individual, organization, or their property or financial interests in order to influence that person or organization will not be tolerated and will result in disciplinary action, up to and including termination of employment.

    If I suspect, but don’t have proof or evidence that an Entrust distributor or systems integrator is going to pay a bribe in connection with a bid it has submitted, do I need to take any action?

    Yes, willful ignorance and failure to investigate the possibility that a bribe will be paid results in imputed knowledge to Entrust and makes the Company liable for the act of the third party.

    We have heard a rumor that other companies may be paying for lavish trips and entertainment for government officials. If we don’t do the same, our competitors will have an unfair advantage over us in the bidding process. Why do we have to abide by anti-corruption laws while our competitors do not?

    Regardless of their compliance or non-compliance, most of our competitors are subject to the same anti-corruption laws as Entrust. More than 100 countries have adopted anti-corruption legislation. Our actions will never be dictated by what our competitors are doing. We achieve outstanding financial results and enjoy an excellent reputation with our customers and the public by strictly adhering to our values, our Code of Ethics, and all applicable laws. Doing the right thing is always good for business.

    For questions or more information, visit Entrust’s Global Anti-Corruption Policy or contact the Legal Department.

    Third Party Due Diligence

    We do business legally, fairly and free from undue influence.

    Entrust is legally responsible for any corrupt actions by third parties contracted to represent Entrust or otherwise perform services on its behalf. As such, Entrust must understand the qualifications and associations of its third-party partners to ensure that it only does business with reputable third parties who act with integrity and deliver quality products and services. Prior to contracting with a third party for goods or services, appropriate due diligence must be conducted.

    Entrust’s Due Diligence Questionnaire must be completed prior to contracting and vetted with the Compliance Director if any of the following apply:

    • The third party will become a formal channel partner.
    • The third party will serve as a system integrator, consortium member or contracting partner on a government or state-owned project or tender
    • The third party scores 5 or higher on the Third Party Risk Matrix in Appendix 1 of the Global Anti-Corruption Policy

    Additionally, contracts to retain third parties must contain a contractual commitment to comply with all applicable laws and regulations including, but not limited to, anti-corruption laws such as the US FCPA, the International Travel Act, the UK Bribery Act and Canada’s CFPOA as well as local anti-corruption laws where services will be performed. If the contract does not include this language, use the Anti-Corruption Commitment or contact the Legal Department for standard language.

    While the following risk factors do not automatically disqualify a third party from working with Entrust, you should carefully consider whether to establish a relationship with a third party that exhibits one or more of the following characteristics as these may be indicative of corrupt behavior:

    • Third party does business in a high-risk country as defined in the Third Party Risk Matrix;
    • Third party has a reputation for improper, illegal or unethical conduct;
    • Third party refuses to provide requested information during the due diligence process;
    • Third party refuses to provide assurances that it will comply with applicable anti-corruption laws;
    • Third party refuses to execute a written contract;
    • Third party charges a rate or fee that is unusually high compared to market rates;
    • Third party makes unusual payment requests (e.g., requests for cash payments, advance payments, deposits to multiple accounts or deposits to offshore accounts);
    • Third party requests approval or reimbursement of unusual expenditures, amounts significantly above budgeted or projected costs or payments in cash;
    • Third party has direct family or business ties to a government official or government agency;
    • Third party makes large and/or frequent political contributions;
    • Third party uses unnecessary third parties, agents or intermediaries; or
    • Third party suggests payments are needed to “get the business.”

    Entrust values its reputation for ethical behavior and recognizes that engaging in bribery or other corrupt behavior would undermine customer and colleague trust. No Entrust colleague or third party will ever suffer adverse consequences for refusing to pay a bribe or for refusing to engage in otherwise corrupt behavior, even if Entrust loses business as the result of such refusal.

    Supplier Due Diligence

    We do business legally, fairly and free from undue influence.

    For direct and indirect suppliers, additional due diligence requirements may exist. Depending on the type of service or product the third party will provide, due diligence may be required to ascertain whether the third party has adequate information security controls and data privacy protections or to ensure the third party complies with relevant government regulations. An assessment may also be required to determine whether the new third-party service or product is needed as Entrust works where possible to leverage existing business relationships.

    I want to contract with a new third party for a cloud-based software solution to support my business function. Do I need to involve Corporate Purchasing?

    Yes, if the commitment is for any of the following: (a) over $50,000 and not software-related, (b) involves any software licensing, (c) is a cloud-based solution or (d) is high risk due to the nature of the work that will be performed or the terms of the proposed contract. Colleagues should consult Corporate Purchasing early on in the process and prior to engaging with the third party.

    Can I begin work with a new third party without a formal contract in place?

    No. Commitments may only be made via a formal contract or purchase order. Work should not begin until one of these is in place.

    For questions or more information, visit the Corporate Purchasing Policies and Guidelines and Corporate Purchasing Policy Quick Guide or contact Corporate Purchasing.

    Fraud and Financial Impropriety

    We do business legally, fairly and free from undue influence.

    Entrust is committed to conducting business honestly, fairly, and transparently. Illegal activities such as fraud, tax evasion, money laundering, or anti-competitive behavior including, but not limited to, price-fixing and bid-rigging, can occur, particularly on large projects. Violation of these laws, or facilitating violations of these laws by our business partners, third parties, or clients, can have significant criminal and civil repercussions for both Entrust and any individuals involved. Entrust strictly prohibits colleagues from knowingly facilitating or assisting government officials or private sector clients in violating the law. For example:

    • Any submissions related to tenders, whether they be bids, specifications, or offers of any kind must be completely accurate and transparent and cannot be misleading in any way. If there is any uncertainty as to the accuracy of any representation, for example as to whether Entrust has particular experience, in should not be included until its veracity has been verified.
    • All information in the books and records of the company must be accurate and complete.
    • Unusual payment arrangements, such as the use of third currencies or payments outside of where the work is performed, should be fully vetted with the Legal Department.
    • Payments to individuals, rather than to organizations performing the service, is never permitted.

    If you are unsure whether a proposed activity suggested by a partner or vendor might indicate fraud or other financial impropriety, contact the Legal Department before moving forward with the proposed activity.

    Fair Competition

    We do business legally, fairly and free from undue influence.

    Entrust is committed to conducting business in compliance with laws governing competition. Violation of these laws may result in civil and criminal liability not just for the Company, but also for the individuals involved. Engaging in any of the following activities is strictly prohibited:

    • Any agreement, understanding, plan or arrangement with a competitor relating to pricing or any matter relating to or affecting pricing or any element of price (e.g., pricing methods or policies, bids, discounts, promotions, terms or conditions of sale (e.g., warranties), costs, and profits). Entrust independently determines the prices for its products and services. If any confidential information about a competitor’s prices is obtained, it should not be used. Additionally, Entrust customers who resell Entrust’s products and services must independently determine the prices they will charge.
    • Any agreement, understanding, plan or arrangement with a competitor to allocate customers or markets or control production or availability of products or services.
    • Any agreement, understanding, plan or arrangement with a competitor to limit business or refrain from doing business with a particular company.

    I have heard references to prohibited “vertical” and “horizontal” restraints on trade. What is the difference?

    Vertical restraints are competition restrictions in agreements between entities at different levels of the production and distribution process (e.g., between an entity and its supplier). Horizontal restraints are agreements between competitors that restrict competition.

    If you are unsure whether a proposed activity with a competitor breaches the above requirements, contact the Legal Department before moving forward with the proposed activity.

    International Trade

    We do business legally, fairly and free from undue influence.

    Entrust colleagues who arrange, approve or effect any export or import of products, services, or information must coordinate with Global Trade Compliance to ensure that the transaction is compliant with all applicable legal requirements, and that all documentation and record-keeping requirements have been satisfied.

    Are there countries Entrust is prohibited from doing business with?

    Yes. Entrust may never sell, directly or indirectly, product or services to the following embargoed countries: Cuba, Iran, North Korea, Syria, the Crimea region of Ukraine. All Entrust entities are also required to abide by sanctions that have been put in place to prevent or restrict trade—typically, nations, entities or individuals who have violated internationally recognized human rights, been associated with terrorist activities, and/or have directed significant acts of corruption. These lists change over time, so it is important to check with Trade Compliance if you have doubts about whether we can do business with a potential customer based on location.

    How long does it take for an export permit license to be issued?

    While this varies depending on the country of export, once an export license permit application has been submitted, it takes government agencies an average of four to eight weeks to issue a license. As a result, it is important to engage Trade Compliance early on in the development of a new product or a significant upgrade to an existing product to allow enough lead time for any required licenses to be obtained prior to the desired release date.

    For questions or more information, refer to Entrust’s Export and Import Compliance Manuals or contact Global Trade Compliance (within Global Logistics).

    Antiboycott Laws

    We do business legally, fairly and free from undue influence.

    Entrust must comply with laws that prevent US companies from being used to implement foreign policies of other nations that run counter to US policy. As a result, Entrust is prohibited from refusing or agreeing to refuse to do business with or in a boycotted country, with any business organized under the laws of a boycotted country, with any national or resident of a boycotted country, or with any person who has dealt with a boycotted person or country, when refusal is due to an unsanctioned foreign boycott.

    US regulations require that the mere receipt of a boycott request be reported in a timely manner. Entrust must report a request even if the Company does not comply with the requested action or the request is withdrawn. If you receive a boycott-related request, immediately contact the Legal Department.

    What does an antiboycott provision look like in a tender document?

    Here is an example: Equipment or any of its units quoted by bidders must not be manufactured in Israel or India. Furthermore, the Bidder/Principal supplier must not have any linkage with Israel or India regarding ownership, sponsoring and financing. The Bidder must furnish undertaking on judicial paper (Rs. 100/-) to this effect.

    How should Entrust respond to an antiboycott request?

    Contact Legal to ensure receipt of the request is properly reported. While we cannot agree to comply with a boycott request, we can affirmatively state where we manufacture our products. Here is a sample response to a bid request that contains antiboycott language:

    Although the country of origin for Entrust products is primarily Canada, Denmark, Spain, the United Kingdom or the United States, Section X contains language that violates United States Antiboycott Laws. As such, Entrust will not agree to comply with this provision. This clause will need to be removed from any resulting contract in order for Entrust to supply product pursuant to this tender.

    For questions or more information, visit the Antiboycott Policy or contact the Legal Department.

    Confidential Information and Asset Protection

    We ensure the confidentiality, security and accuracy of information we hold.

    Entrust colleagues must commit to protecting the confidentiality of the Company’s proprietary information as well as confidential information received from third parties. Confidential information is not to be disclosed unless there is a business need to do so and the party who will receive the confidential information has signed an appropriate nondisclosure agreement. All confidential information disclosed under an appropriate nondisclosure agreement must be clearly labeled as “confidential” at the time of disclosure.

    Identifying Confidential Information

    Entrust confidential information is any information that Entrust does not wish to have displayed publicly or that the Company has determined has economic value to Entrust.

    Examples include:

    • Manufacturing processes
    • Engineering drawings
    • Financial documents
    • Business strategies
    • New product and service introduction plans
    • Customer lists
    • Personally identifiable information (e.g., credit card numbers, payroll information, driver’s license numbers, and passports)
    • Source code
    • Unpublished patent applications
    • Product roadmaps and development projects

    Colleagues should be careful to protect confidential information in meetings that include individuals outside of Entrust, correspondence (including email), telephone calls and at restaurants, trade shows and in other circumstances where third parties could overhear or obtain confidential information.

    How do I know if information is confidential?

    A good question to ask yourself is whether the information would be beneficial to an Entrust competitor? If you are unsure, contact the Legal Department. If the answer is yes, then the information likely can only be disclosed outside the Company with a nondisclosure agreement in place. Additionally, security controls will need to be in place to govern proper storage and transmission of the information. See the section on “Data Privacy” for proper handling of confidential personal data.

    What should I do if I receive confidential information that I have reason to believe is not authorized by the owner?

    If you believe you have received confidential information in error or that was not authorized by the source, immediately return or destroy all copies and contact the Legal Department. Use of unauthorized confidential information is strictly prohibited and could have serious consequences for Entrust including civil and criminal penalties.

    When do I need a nondisclosure agreement?

    Customers, vendors and other entities doing business with Entrust may disclose confidential information to Entrust. We may be obligated to protect this information and not share it with others. In addition, when providing services to Entrust customers, colleagues may encounter information that Entrust is legally obligated to protect and not disclose. This type of third-party confidential information should not be disclosed without first consulting the Legal Department.

    What about storing confidential data in the Cloud?

    Confidential or proprietary information should never be stored or shared on a Cloud service that has not been pre-approved by Information Security.

    If you determine that confidential information must be disclosed, follow Legal’s Nondisclosure Agreement Process and contact [email protected]. For questions or more information, visit the Confidential Information Policy or contact Information Security.

    Protecting Entrust Assets

    Colleagues must use Entrust assets and property to conduct Entrust business and guard against inappropriate or unlawful use. The following are examples of conduct that constitutes inappropriate use:

    • Unauthorized removal or use of property, tangible or intangible, belonging to Entrust, its customers, vendors or other colleagues
    • Improper use of Entrust funds (e.g., failure to follow Entrust’s Travel & Expense Policy)
    • Failure to comply with Entrust’s policies regarding acceptable computer usage

    Security controls are in place to help protect Entrust’s assets. Attempts to intentionally damage or hinder the Company’s resources are prohibited.

    Can I use my work computer for personal use?

    Casual and limited personal use of Entrust information resources is allowed provided it does not interfere with your job responsibilities and is in accordance with the Acceptable Use Policy (e.g., sending or receiving the occasional personal email, surfing the web or using social media on break time).

    Is there a policy regarding streaming videos?

    Downloading large files or streaming content requires excessive bandwidth. To ensure availability of Entrust information resources for business needs, use of any high-bandwidth applications must have a business justification.

    For questions or more information, visit the Acceptable Use Policy or contact Information Security.

    Accounting, Reporting, and Auditing Controls

    We ensure the confidentiality, security and accuracy of information we hold.

    Entrust maintains an adequate and uniform system of accounting, reporting and auditing controls in order to protect Entrust’s assets and ensure the accuracy and reliability of its financial records. Entrust’s financial reports must reflect a full, fair, accurate, timely and comprehensible disclosure of Entrust’s financial position and results.

    As a result, all colleagues are responsible for keeping accurate accounts, books, ledgers, journals and records. In addition, colleagues must:

    • Not allow the establishment of any undisclosed or unrecorded funds or assets
    • Ensure that all documentation under which funds are disbursed accurately state the purpose for which the funds are paid and that such documentation is not misleading
    • Decline to authorize the payment of corporate funds with the intent or belief that any part of such payment will be used for any purpose other than that described by the documents supporting such payment
    • Follow all generally accepted accounting principles and all applicable laws and accounting procedures
    • Ensure that all accounting information is both truthful and accurate
    • Report any accounting or bookkeeping violations immediately upon discovery

    Where can I access Entrust’s current fiscal year Internal Audit Plan?

    The Internal Audit Plan is approved each March by the Audit Committee of the Board of Directors and can be accessed via the Internal Audit site.

    Where can I find Entrust’s Annual Report?

    The Annual Report is a confidential, non-public document. A Financial Summary is available on the Internal Audit site for colleagues to review and/or share outside the company (e.g., upon request from regulators, customers and vendors). If you receive a request for other Entrust information that is not fully public and may be controlled, please email [email protected] for assistance.

    For questions or more information, contact Finance or Internal Audit. For more information on the Internal Audit function, visit the Internal Audit Charter.

    Data Privacy

    We ensure the confidentiality, security and accuracy of information we hold.

    As a business and an employer, it is necessary for Entrust to process personal data about colleagues, contingent workers, customers, suppliers and other third parties with whom we engage to provide products or services on our behalf. With the introduction of the European General Data Protection Regulation (GDPR) and other applicable laws governing data protection, Entrust is subject to enhanced requirements for processing personal data.

    Personal data is data relating to a living individual who can be identified (directly or indirectly) from that data (or from that data combined with other information in Entrust’s possession or available to Entrust). Personal data can be factual (e.g., name, address, date of birth) or it can be an opinion about the individual and their actions or behavior (e.g., colleague performance assessment). Personal data can also include identification numbers, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social status of an individual.

    Processing describes activities performed with respect to personal data such as collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting use, erasing or destroying data. Processing also includes transferring or disclosing personal data to third parties.

    If you are responsible for developing new Entrust products and service offerings, contact the Legal Department and Information Security to consider what personal data the product or service will process at the outset of development and build in appropriate technical and organizational safeguards regardless of whether the product is on-premise or cloud-based/hosted. Personal data may be processed by the product itself or it may be processed for purposes of providing customer service and support. Not only does Entrust comply with its own obligations under existing data privacy laws, but the Company strives to assist its customers in meeting their obligations by designing products and services that make compliance simple.

    In addition to Entrust’s obligations to lawfully process personal data, the Company also has an obligation to ensure that any third parties used to process data on our behalf do so in accordance with our instructions and in compliance with relevant data privacy legislation. Contact Legal if you engage a third party that will process personal data on behalf of Entrust. We must ensure (typically through a mutually-agreed upon data processing agreement) that the third party has adequate measures in place to safeguard the personal data we provide to them for processing.

    Where can I learn more about how Entrust processes my personal data?

    Entrust’s Employee Privacy Notice (as well as other Company privacy notices) are all available on the Data Privacy site.

    I’ve been asked by a third party how Entrust complies with data privacy legislation. What can I provide?

    Entrust’s Data Protection Policy is a public-facing document. Work directly with the Compliance Director if you need additional detail about the Company’s data privacy program.

    Does Entrust have a process to comply with data subject access requests?

    Yes, and it is available on the Data Privacy site. Data subject access requests can be submitted using this form.

    For questions or more information, visit the Data Protection Policy or contact Entrust’s Compliance Director.

    Public Relations and Social Media

    We ensure the confidentiality, security and accuracy of information we hold.

    Entrust appreciates the value of thoughtful engagement with the public. For that reason, Entrust has designated spokespeople who may formally represent the Company in the media, with analysts or on social forums.

    Colleagues engaging in personal social media or other online activities are responsible for acting professionally and ethically when referring to Entrust or information related to employment with the Company. Colleagues are prohibited from posting discriminatory, harassing or threatening content or divulging non-public, sensitive information about the Company that is financial, legal or operational in nature or that contains customer or other information governed by Entrust’s data protection policies. Colleagues are expected to act responsibly, respectfully and with due care.

    I saw a post about Entrust that I feel requires a response. Can I respond?

    Do not respond to negative posts about the Company on social media. Instead, alert Public Relations. Public Relations will manage the response to the person who posted the comment—both online and offline. You are welcome to like or share positive comments about our company, products or services. If you have questions or aren’t sure about something you see online, email [email protected].

    May I post on my personal social media about Entrust?

    Yes, you can share content that has been posted on the official Entrust LinkedIn, Twitter, Facebook accounts or other official social media channels. Share or copy hashtags and links from our original posts whenever possible to help us relate social sharing to customer response.

    As an expert in my area, can I participate in online conversations about my profession?

    Subject matter experts may participate in online conversations that reflect their areas of professional expertise. Colleagues may not post content that violates Entrust policies, confidentiality or other agreements with the Company, customers and partners. (This guidance should not be interpreted to limit a colleague’s legal rights.) For further guidance on social posting, email [email protected]ntrust.com.

    I’m attending a professional event. Can I ‘live tweet’ or talk about this on social media?

    Generally, yes…this kind of social sharing enhances your professional reputation as well as that of Entrust. As always, any post should adhere to Entrust’s policies and avoid prohibited disclosures. As a representative of the Company, use your professional discretion to ensure that your work-related content is professional and in line with our values. If you are unsure whether something is appropriate to post or want to coordinate your posts with the Company on social media, email [email protected].

    I’m attending a social gathering with Entrust employees. Can I post about this on social media?

    If the event is not an Entrust sanctioned event, avoid references to the Company and be careful about what you post in photos or comments from the social gathering. Some photos from a party, for example, may not reflect well on you personally—or on our brand and values. If you do post online, avoid references to Entrust or our social media accounts. If you are unsure whether something is appropriate to post, email [email protected] before you post.

    For questions or more information, visit the Public Relations and Social Media Policy or contact Public Relations at [email protected].

    Respectful Workplace

    We promote a safe, diverse and inclusive work environment.

    Entrust is committed to creating and maintaining a quality working environment in which all individuals are treated with respect and dignity. Everyone has the right to work in a professional atmosphere that promotes equal employment opportunities and prohibits discrimination and harassment. Entrust strictly adheres to all applicable labor and employment laws in every country in which we operate.

    Even minor, unintentional inequities can, if they become a pattern of behavior, have a negative effect on workplace culture. Be mindful of behavior that may constitute discrimination including, but not limited to, the following:

    • Applying expectations differently amongst colleagues
    • Yielding to internalized stereotypes
    • Excluding a colleague, interrupting them, or providing them with less support (including, but not limited to, non-verbal behaviors)
    • Engaging in patronizing or paternalistic conduct
    • Dismissing the contributions of a colleague

    Entrust strives to provide an inclusive environment where colleagues feel appreciated for their unique characteristics and are comfortable sharing their ideas and authentic selves. Our diversity and inclusion program is aimed at celebrating, educating, and empowering all colleagues and cultures we represent.

    For questions or more information, visit the Fair Employment Practices Policy or contact your HR Business Partner. For information about Entrust’s diversity and inclusion efforts, visit the Diversity and Inclusion site.

    Workplace Violence

    We promote a safe, diverse and inclusive work environment.

    It is Entrust’s policy and the responsibility of every colleague to maintain a safe workplace free from threats and acts of violence. Colleagues, contractors and vendors associated with Entrust are prohibited from making threats or engaging in aggressive or violent activities. This includes, but is not limited to, bullying behavior that undermines, patronizes, humiliates, intimidates, or demeans the recipient; stalking in person, in writing, by telephone or in electronic format; making threats; or engaging in physical attacks or property damage. The possession of weapons in the workplace, while conducting company business or at any company-sponsored function is strictly prohibited.

    For questions or more information, visit the Workplace Violence Policy or contact your HR Business Partner.

    Impairment-Free Workplace

    We promote a safe, diverse and inclusive work environment.

    Entrust is committed to providing a safe and drug-free work environment for our customers and colleagues. With this goal in mind, the Company explicitly prohibits colleagues from:

    • The use, possession, solicitation of, or sale of narcotics or other illegal drugs, alcohol, or prescription medication without a prescription on company or customer premises or while performing an Entrust assignment.
    • The presence of any detectable amount of prohibited substances in the employee's system while at work, while on the premises of the company or its customers, or while on company business. "Prohibited substances" include illegal drugs, alcohol, or prescription drugs not taken in accordance with a prescription given to the employee.
    • Possession, use, solicitation of, or sale of legal or illegal drugs or alcohol, or being impaired or under the influence of legal or illegal drugs or alcohol while away from company or customer premises, if such activity or involvement adversely affects the colleague's work performance, the safety of the colleague or of others, or puts at risk the company's reputation.

    Colleagues are expected to report unsafe working conditions, including any suspicions that a colleague may be impaired in the workplace. Be aware that what looks like impairment may also be due to medical conditions (e.g., diabetes, epilepsy, or a stroke), the use of medications taken as prescribed, psychological factors, and/or fatigue which is why it is important to report your concern and allow the Company to conduct an independent investigation.

    For questions, more information or local policy requirements, contact your HR Business Partner.

    Quality

    We promote a safe, diverse and inclusive work environment.

    Entrust is committed to maintaining high quality standards for our products and services. This is achieved through a culture of continuous improvement and identifying and implementing effective practices and processes to provide products and services that support customer and shareholder objectives.

    In support of that effort, Entrust is audited annually to International Standard ISO 9001:2015. In addition, cross-functional teams work continuously through the D5 development process, assessment and control of the supplier base, manufacturing control processes, and customer feedback loops to ensure Entrust can monitor relevant components of Quality and continue to improve the way we do business.

    How does Entrust ensure the quality of its products?

    Entrust has many systems in place to ensure product quality. These include:

    • Working with the D5 Product Development Team
    • Conducting supplier assessments and continuous Quality monitoring of existing suppliers
    • Validating purchased components
    • Performing tests, quality checks and audits of manufacturing builds
    • Using data feedback loops to ensure Service performance at customer sites

    What Quality system does Entrust use?

    Entrust is ISO 9001:2015-certified through Bureau Veritas. This certification requires a series of internal and external audits conducted annually to ensure compliance with ISO 9001:2015 standards and adherence to existing Entrust processes.

    For questions or more information, visit the Quality section of Entrust’s external homepage or contact the Quality Manager.

    Workplace Environmental, Health, and Safety

    We promote a safe, diverse and inclusive work environment.

    Environmental

    Entrust is committed to being an outstanding corporate citizen and to minimizing the impact of our business, products, and services on the environment. Entrust accomplishes this through operation of an Environmental Management System (EMS) that is audited annually to International Standard ISO 14001:2015. This ISO standard sets forth the elements of an organizational structure that ensures adherence to applicable environmental standards and regulations as well as monitors and sets goals for continuous improvement.

    What are Entrust’s most significant environmental wastes?

    Entrust’s three most significant environmental wastes are hazardous waste, electronics waste, and packaging waste.

    Has Entrust made improvements to reduce our impact on the environment?

    Yes, Entrust has made significant improvements such as retrofitting facilities with LED lighting to reduce energy usage and eliminating disposable Styrofoam cups from facility service centers to reduce solid waste.

    For more information, visit the Environmental site.

    Health and Safety

    At Entrust, Safety is a high priority. For the well-being of each individual and the Company, all colleagues must be conscious of safety risks and take reasonable steps to mitigate those risks where possible. Maintaining a culture of safety requires a team effort to identify and correct unsafe conditions. Colleagues are encouraged to report hazards and safety concerns to their managers so that Entrust can continue to build and maintain a safe and efficient workplace.

    For questions or more information about the Shakopee, MN HQ location, visit the Safety site. For other Entrust locations, contact local management for applicable policies.

    Reporting a Concern

    We promote a safe, diverse and inclusive work environment.

    Entrust is committed to the highest possible standards of ethical, moral and legal business conduct. In conjunction with this commitment, you must report serious concerns of wrongdoing or danger in relation to business activities that could have a large impact on the Company, such as actions that:

    • Are unlawful
    • Are not in line with company policy, including the Code of Ethics
    • May lead to incorrect financial reporting
    • Otherwise amount to serious improper conduct

    These concerns can be reported directly to your supervisor, Human Resources, Legal, a trusted member of management, [email protected] or through the Ethics Hotline. Other concerns should be reported directly to your manager or Human Resources. Regardless of the nature of your concern, if you do not feel comfortable reporting directly to management or Human Resources for any reason or wish to make your report anonymously, you may use the Ethics Hotline.

    The Ethics Hotline is available 24/7, 365 days a year by telephone or website. The hotline is staffed by an independent third party and not by Entrust colleagues.

    • Website: entrust.ethicspoint.com
    • Toll-Free Telephone:
    • USA, Canada and Puerto Rico: 855-689-1303
    • All other countries: Click here for access codes and dialing instructions.

    Regardless of whether you are reporting directly to management, Human Resources, Legal, [email protected] or through the Ethics Hotline, the earlier a concern is expressed, the easier it is for the Company to investigate and/or take appropriate action. Although you are not expected to prove the truth of an allegation, you must demonstrate through the information you provide that there are sufficient grounds for concern. Reporting malicious or knowingly false allegations may result in disciplinary action, up to and including termination.

    All employees have a duty to cooperate, and to be honest and transparent, in both internal and external investigations pertaining to Entrust.

    Anti-Retaliation Policy

    Entrust will not tolerate harassment or victimization of an individual based on knowledge or suspicion that the individual has reported a concern either through the Ethics Hotline or directly to management, Legal, Human Resources or [email protected]. If you feel that you have been retaliated against for raising a complaint in good faith, you should immediately notify your manager or Human Resources.

    Compliance

    We promote a safe, diverse and inclusive work environment.

    Failure to comply with the provisions of this Code of Ethics may result in disciplinary action, up to and including termination.

    Conclusion

    We promote a safe, diverse and inclusive work environment.

    Thank you for everything you do to ensure we remain a trusted partner to our customers and to one another. If you have questions about the Code of Ethics, please email us at [email protected]