Code of Ethics
Entrust is committed to the highest possible standards of ethical, moral and legal business conduct. If you have concerns about potential wrongdoing, we encourage you to report those concerns to us at [email protected] or through our Ethics Hotline which is available 24/7, 365 days a year by telephone or website. The hotline is staffed by an independent third party and not by Entrust colleagues.
- USA, Canada and Puerto Rico: 855-689-1303
- All other countries: Click here for access codes and dialing instructions.
- Click to select...
At Entrust our commitment to integrity drives everything we do. Every colleague is responsible for knowing and complying with applicable laws and regulations as well as this Code of Ethics. The Code serves as a guide to help you make good decisions and navigate complex situations where the answer might not always be clear.
Every colleague must confirm their commitment to comply with the code and what is expected of them.
Respectful and Diverse Workplace
Entrust is committed to creating and maintaining an environment in which all individuals are treated with respect and dignity. Entrust values and celebrates the diversity of our workforce and the uniqueness of every colleague representing all backgrounds and characteristics, including those represented by our many Alliances (employee resource groups). Everyone has the right to work in a professional atmosphere that promotes equal employment opportunities. Entrust prohibits discrimination and harassment and strictly adheres to all applicable labor and employment laws in the countries in which we operate.
All colleagues are expected to demonstrate respect, professionalism, and good judgment in both their work and workplace interactions. This includes, but is not limited to, avoiding behaviors such as:
- Dishonesty, willful omission, or falsification of information
- Carelessness, neglect, or behavior that limits or hinders productive work, including unexcused absences or tardiness
- Violation of any applicable company policy
- Other unprofessional or disrespectful behaviors that could endanger good working relationships or interfere with productivity
Entrust also strives to provide an inclusive environment where colleagues feel appreciated for their unique characteristics and are comfortable sharing their ideas and authentic selves. We best serve our customers and one another through the diverse skills, experiences, and backgrounds that each of us brings to the company. Our diversity, equity, and inclusion program aims to celebrate, educate, and empower all individuals. Every member of the Entrust team is expected to contribute to a collaborative, positive, and healthy work environment by exhibiting:
- Respect to all colleagues including in how feedback is given and received
- Inclusive behavior and language
- Kindness, politeness, and friendliness toward all colleagues
Non-inclusive language and behavior, even if unintentional, can have a negative effect on workplace culture. Examples of this include but are not limited to, misgendering, microaggressions, ableist language, racist or sexist jokes, and disrespectful comments related to any characteristic protected by law. Be mindful of behavior that may demonstrate disrespect or cause others to feel excluded or devalue their contributions.
For questions or more information, refer to the Global Fair Employment Practices Policy and the Global Anti-Harassment Policy or contact your HR Business Partner. For information about Entrust’s diversity and inclusion efforts, visit the Diversity and Inclusion site.
Reporting a Concern
Entrust is committed to the highest possible standards of ethical, moral, and legal business conduct. In conjunction with this commitment, you have a duty to report serious concerns of wrongdoing or danger in relation to business activities that could have a large impact on the Company, such as actions that:
- Are unlawful
- Are not in line with company policy, including the Code of Ethics
- May lead to incorrect financial reporting
- Otherwise amount to serious improper conduct
All good faith reports can be made without fear of retaliation. You can contact:
- Your supervisor or manager
- Human Resources
- A trusted member of management
- [email protected]
24-HOUR Anonymous Compliance Hotline
Phone: 855-689-1303 (USA, Canada, and Puerto Rico)
*All other countries click here for access codes and dialing instructions. Website: entrust.ethicspoint.com
The earlier a concern is expressed, the easier it is for the Company to investigate and/or take appropriate action. We take all reports of alleged violations seriously. Although you are not expected to prove the truth of an allegation, you must demonstrate through the information you provide that there are sufficient grounds for concern. Reporting malicious or knowingly false allegations may result in disciplinary action, up to and including termination. You have a duty to bring all compliance and ethics concerns forward and to cooperate in both internal and external investigations pertaining to Entrust.
REPORTING A CONCERN
- Describe the situation in detail and how it occurred.
- Share the names of individuals involved.
- Provide dates when and where the events occurred.
- State whether you witnessed the situation or if someone shared it with you.
- Identify any relevant documents and their location.
Entrust will not tolerate any retaliation of an individual based on knowledge or suspicion that the individual has reported a concern either through the Ethics Hotline or directly to management, the Legal department, Human Resources, or [email protected]. If you feel that you have been retaliated against for raising a concern in good faith, you should immediately notify your manager or Human Resources.
Environmental, Social, & Governance Program
Entrust’s ESG program drives initiatives to support the environment; promote diversity, equity, and inclusion; ensure ethical business conduct; and positively impact the communities where we live and work. Our ESG focus areas include the following:
- Enhancing access and affordability for our products and services
- Ensuring ethical business conduct by our colleagues and business partners
- Contributing to the communities where our colleagues live and work
- Protecting and securing the data we hold
- Promoting diversity, equity, and inclusion among our colleagues and suppliers
- Reducing our carbon footprint and driving enhanced sustainability of our products
- Combating child and labor trafficking
- Increasing product quality and safety
For more information, visit Entrust’s ESG webpage.
Entrust is committed to being an outstanding corporate citizen and to minimizing the impact of our business, products, and services on the environment. Entrust accomplishes this through operation of an Environmental Management System (EMS) that is audited annually to International Standard ISO 14001. This ISO standard sets forth the elements of an organizational structure that ensures adherence to applicable environmental standards and regulations as well as monitors and sets goals for continuous improvement.
What are Entrust’s most significant environmental wastes?
Entrust’s three most significant environmental wastes are hazardous waste, electronics waste, and packaging waste.
Has Entrust made improvements to reduce our impact on the environment?
Yes, Entrust has made significant improvements such as retrofitting its global headquarters, and principal manufacturing facility, with LED lighting and updating a heating, ventilation, and air conditioning (HVAC) unit to reduce energy usage. Additionally, the headquarters location uses 100% renewable energy. Entrust has also developed its greenhouse gas (GHG) inventory and baseline carbon emissions for Scopes 1, 2, and 3 in furtherance of its commitment to be carbon neutral (“Net Zero”) by 2050. The emissions inventory will be used to set targeted action to further reduce and eliminate emissions.
What environmental management system does Entrust use?
Entrust’s global headquarters is ISO 14001 certified through an approved certification body. This certification requires a series of internal and external audits conducted annually to ensure compliance with ISO 14001 standards and adherence to existing Entrust processes.
For more information, visit the Environmental site.
Conflicts of Interest
As an Entrust colleague, you are required to report all potential conflicts. You have a responsibility to avoid putting yourself in a position where your own personal interests are at risk of conflicting with the interests of the Company. Trust is key to Entrust’s continued success in the marketplace. Operating with integrity means avoiding activities, relationships, or situations that can create an actual or potential conflict of interest, or the appearance of one.
A conflict of interest arises when your judgment could be influenced by the possibility of receiving a personal benefit. Even if it is not intentional, the appearance of a conflict may be just as damaging as an actual conflict. You should always be on the lookout for situations that may create a conflict of interest and do everything you can to avoid them. It is your responsibility to disclose any situation you think creates, or could create, a conflict of interest.
While it is not possible to list every situation in which an actual or apparent conflict of interest may exist, Entrust considers the following activities to be conflicts of interest. As such, colleagues are prohibited from engaging in these activities without receiving prior written approval from the Chief Legal and Compliance Officer (CLCO) and the Chief Human Resources Officer (CHRO):
- Competing, either directly or indirectly, with Entrust.
- Holding a financial interest in or receiving compensation from an Entrust competitor other than a nonsubstantial, passive ownership of securities.
- Holding a financial interest in or receiving compensation from an Entrust third party other than a nonsubstantial, passive ownership of securities, if you are directly or indirectly involved in decisions with respect to that third party (e.g., awarding business, overseeing the day-to-day relationship).
- Awarding business to a third party due to a family relationship or a close personal relationship and/or in exchange for personal favors or business.
- Leveraging Entrust’s brand, third-party relationships, or position in the marketplace to advance your outside financial interests.
- Participating in outside employment that interferes with the colleague’s responsibilities as an Entrust employee, benefits from the use of Entrust assets, competes with Entrust, or reflects negatively on Entrust.
- Serving on company boards, as well as the boards of community and non-profit organizations or trade associations, if the affiliation diminishes the colleague’s ability to perform their responsibilities for Entrust.
- Accepting gifts or entertainment from a person or organization that does business with Entrust or seeks to do business with Entrust except as permitted under the section entitled “Gifts and Entertainment.”
- Using confidential or proprietary company information obtained during your employment legitimately or otherwise for personal gain.
- Personally exploiting a corporate opportunity or receiving any personal benefit from a business transaction in which Entrust engages, especially where the personal benefit appears to outweigh the benefits to Entrust.
Can I seek outside employment in addition to my job at Entrust?
Maybe. Our standard employment agreement requires you first to obtain the written consent of the Company before seeking or engaging in outside employment or business activities during the course of your employment at Entrust. You should talk to your manager and your HR Business Partner to seek the required approval. Outside employment is usually approved provided it would not interfere with your job at Entrust.
For questions or more information, refer to the Global Conflicts of Interest Policy or contact [email protected].
Gifts and Entertainment
Transfers of value (e.g., gifts, entertainment, meals, travel, other hospitality and political or charitable contributions) can create improper influence (or the appearance of improper influence) and must be given and/or received in accordance with the Global Anti-Corruption Policy.
Gifts refer to any transfer of value, e.g., cash, gift certificates, prizes, loans, favorable terms on a product or service, use of vehicles or vacation facilities, tickets to music or sporting events, stocks, other securities, or participation in stock offerings. Entertainment is considered a gift, and subject to the gift guidelines, when the giver or representative from the giving organization will not accompany you to the event.
Acceptable for self-approval
Some gifts and entertainment are sufficiently modest and do not require prior approval. Think through the intent (e.g., is the gift in keeping with social norms or customs or an attempt to try and influence the recipient’s objectivity in making a business decision), materiality, frequency, and transparency (e.g., would you be embarrassed if your manager, colleagues, or anyone else outside Entrust became aware that you had accepted the gift). The following are usually acceptable without prior approval:
- Meals: Reasonable, occasional meals with someone with whom we do business
- Entertainment: Occasional attendance at sporting events, music, theater, and other cultural events
- Gifts: Gifts of nominal value such as pens, calendars, or small promotional items
The following types of gifts and entertainment are never permissible:
- Any gift or entertainment that would be illegal
- Anything of value to any government official, political party or party official, or any candidate for political office, official or employee of an international organization, or officer, director, or employee of a customer for the purpose of inducing the recipient to misuse their position to provide any improper or undue business advantage to Entrust
- Anything of value given to an Entrust colleague by a vendor, supplier, or partner or an officer, director, or employee of a vendor, supplier, or partner for the purpose of inducing the colleague to misuse their position at Entrust to provide any improper or undue business advantage to the payor or to any other person or entity
- Gifts or entertainment involving parties engaged in a tender or competitive bidding process
- Any gift of cash or cash equivalent (with the exception of gift certificates or gift cards, which may be retained in accordance with the requirements and approvals set forth in this section)
- A gift or entertainment that you pay for personally to avoid having to seek approval
- Any entertainment that is inappropriate, indecent, or sexually oriented, or might otherwise adversely affect Entrust’s reputation
May be acceptable with prior approval
For anything that does not fit into the other categories, the gift or entertainment may or may not be permissible. You must get advance approval in writing from your SLT member and submit the Gifts Log Submission Form for the following:
- Entertainment that exceeds $150 USD or equivalent
- Gifts valued at more than $50 USD or equivalent
- Lavish meals that cost more than $150 USD or equivalent per person (or $50 USD for a government official)
- Special events such as a World Cup game or major golf tournaments (these usually have avalue of more than $150 USD)
- Travel or overnight accommodation, as this normally raises the personal benefit to material levels
Any entertainment valued at more than $500 USD, gifts over $250 USD, or political and charitable contributions in any amount must be pre-approved in writing by the CEO.
When assessing the value of entertainment, colleagues should consider the total anticipated transfer of value (even if only an estimate) for reporting and approval purposes. For example, if the evening is expected to include dinner, attendance at an event, and drinks afterward, the estimated total value for reporting and approval purposes would include the meal and drinks and not just the face value of the ticket to attend the main event.
Other important things to know about gifts and entertainment
It is acceptable to receive a gift that exceeds a designated monetary limit if it would be insulting to decline, but the gift must be reported to management, who will decide whether it:
- May be retained by the recipient in accordance with the requirements and approval set forth in this section
- Will be retained for the benefit of Entrust
- Will be sold and the money donated to charity
- Will be returned to the donor
You may not accept or must immediately return any gift of cash or a cash equivalent such as bank check, money order, negotiable instrument, or loan (with the exception of gift certificates as noted above). If the hospitality or entertainment is at an inappropriate venue, includes “adult entertainment,” or would otherwise cause harm or draw negative attention to Entrust, you must decline.
In some departments or jurisdictions, more restrictive rules or regulations on both giving and receiving gifts and entertainment may apply, particularly regarding government officials. Colleagues must be careful not to give or accept gifts or entertainment that do not comply with local requirements.
Please refer to the Global Anti-Corruption Policy for further guidance.
A customer offered me tickets to a sporting event but will not be attending with me. Is it okay if I accept the tickets?
In this scenario, the tickets would be considered a gift. Only gifts of nominal value may be accepted without prior approval from your manager or SLT member.
A vendor invited me to attend a dinner, a professional baseball game, and to go out for drinks after. None of these individual events cost more than $150. Is it okay if I accept and attend without prior approval?
Approval thresholds are based on the total value of the gift or entertainment being offered. If you add up the cost of the dinner, the cost of the tickets to the baseball game, and any food or beverages that will be consumed at the game, and the cost of going out for drinks afterward, this total would be above the threshold for self-approval.
How should I respond if I am offered a gift that I am uncomfortable accepting or that I know is not permissible under Entrust policy?
You should politely decline the offer if it will not damage the relationship with the offeror. If it could cause harm or would be insulting to decline, you may accept the gift, but you must immediately report the gift to your manager. You must always decline or immediately return a gift of cash.
May I accept a prize or award from a vendor drawing?
Colleagues may accept a prize or award from a bona fide competition held in public such as a drawing at a conference or training session that meets the requirements outlined in this section. For questions or more information, contact [email protected].
Anti-Corruption and Coercion
The nature of Entrust’s business requires colleagues and third parties with whom we do business to interact regularly with government officials and private sector customers. Applicable anti-corruption laws (e.g., the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, the U.S. Foreign Corrupt Practices Act (FCPA), the International Travel Act, the UK Bribery Act, and Canada’s Corruption of Foreign Public Officials Act (CFPOA)) establish certain rules and restrictions on those interactions in all countries where Entrust does business. Colleagues should be aware of all applicable anti-corruption laws, rules, and regulations where they are located, in the locations where services will be performed, or that are relevant to a particular project or tender, as well as multilateral development bank (MDB) guidelines, where applicable.
Entrust prohibits paying, offering to pay, promising to pay, or authorizing the payment of money or anything of value, directly or indirectly, to any government official or private-sector customer to secure an improper business advantage. Entrust also strictly prohibits any colleague from soliciting or accepting a bribe from any individual or entity as an Entrust colleague. International law prohibits all of the above — anti-bribery laws are not just restricted to offers of improper payment to government officials.
Extortion and coercive practices – impairing or harming, or threatening to impair or harm, any individual, organization, or their property or financial interests in order to influence that person or organization will not be tolerated and will result in disciplinary action, up to and including termination of employment.
If I suspect, but don’t have proof or evidence that an Entrust distributor or systems integrator is going to pay a bribe in connection with a bid it has submitted, do I need to take any action?
Yes, willful ignorance and failure to investigate the possibility that a bribe will be paid results in imputed knowledge to Entrust and makes the Company liable for the act of the third party.
We have heard a rumor that other companies may be paying for lavish trips and entertainment for government officials. If we don’t do the same, our competitors will have an unfair advantage over us in the bidding process. Why do we have to abide by anti-corruption laws while our competitors do not?
Regardless of their compliance or non-compliance, most of our competitors are subject to the same anti-corruption laws as Entrust. More than 100 countries have adopted anti-corruption legislation. Our actions will never be dictated by what our competitors are doing. We achieve outstanding financial results and enjoy an excellent reputation with our customers and the public by strictly adhering to our values, our Code of Ethics, and all applicable laws. Doing the right thing is always good for business.
Entrust is committed to maintaining high-quality standards for our products and services. This is achieved through a culture of continuous improvement and identifying and implementing effective practices and processes to provide products and services that support customer and shareholder objectives.
In support of that effort, Entrust’s Shakopee location is ISO 9001 certified. In addition, cross-functional teams work continuously using a D5 development process, regularly assess and monitor the supplier base, use manufacturing control processes, and promote active customer feedback loops to ensure Entrust can monitor relevant components of Quality and continue to improve the way we do business.
How does Entrust ensure the quality of its products?
Entrust has many systems in place to ensure product quality. These include:
- Working with the Product Development Team and D5 process to design Quality into our products
- Conducting supplier assessments and continuously monitoring suppliers’ performance
- Validating purchased components through incoming inspection
- Performing tests, quality checks, and audits during the manufacturing process
- Using data feedback loops to ensure product and Service performance at customer sites
What Quality system does Entrust use?
Entrust’s global headquarters is ISO 9001 certified through an approved certification body. This certification requires annual internal and external audits to ensure compliance with ISO 9001 standards and adherence to Entrust processes.
For questions or more information, visit the Quality section of Entrust’s external homepage or contact the Global Quality Manager.
Third-Party Due Diligence
Entrust is legally responsible for any corrupt actions by third parties contracted to represent Entrust or otherwise perform services on its behalf. As such, Entrust must understand the qualifications and associations of its thirdparty partners to ensure that it only does business with reputable third parties who act with integrity and deliver quality products and services. Prior to contracting with a third party for goods or services, appropriate due diligence must be conducted.
Entrust’s Due Diligence Assessment must be completed prior to contracting and approved by Compliance if any of the following apply:
- The third party will become a formal channel partner, a referral entity, a managed service provider (MSP) or a technology alliance partner (TAP)
- The third party will serve as a system integrator, consortium member, or contracting partner on a government or state-owned project or tender
- The third party scores 5 or higher on the Third Party Risk Matrix in Appendix 1 of the Global Anti-Corruption Policy
Additionally, contracts to retain third parties must contain a contractual commitment to comply with all applicable laws and regulations including, but not limited to, anti-corruption laws such as the U.S. FCPA, the International Travel Act, the UK Bribery Act, and Canada’s CFPOA as well as local anti-corruption laws where services will be performed. If the contract does not include this language, use the Anti-Corruption Commitment or contact [email protected] for the standard language.
While the following risk factors do not automatically disqualify a third party from working with Entrust, you should carefully consider whether to establish a relationship with a third party that exhibits one or more of the following characteristics as these may be indicative of corrupt behavior:
- Third party does business in a high-risk country as defined in the Third Party Risk Matrix
- Third party has a reputation for improper, illegal or unethical conduct
- Third party refuses to provide requested information during the due diligence process
- Third party refuses to provide assurances that it will comply with applicable anti-corruption laws
- Third party refuses to execute a written contract
- Third party charges a rate or fee that is unusually high compared to market rates
- Third party makes unusual payment requests (e.g., requests for cash payments, advance payments, deposits to multiple accounts or deposits to offshore accounts)
- Third party requests approval or reimbursement of unusual expenditures, amounts significantly above budgeted or projected costs or payments in cash
- Third party has direct family or business ties to a government official or government agency
- Third party makes large and/or frequent political contributions
- Third party uses unnecessary third parties, agents, or intermediaries
- Third party suggests payments are needed to “get the business”
Entrust values its reputation for ethical behavior and recognizes that engaging in bribery or other corrupt behavior would undermine customer and colleague trust. No Entrust colleague or third party will ever suffer adverse consequences for refusing to pay a bribe or for refusing to engage in otherwise corrupt behavior, even if Entrust loses business as the result of such refusal.
Supplier Due Diligence
For direct and indirect suppliers, additional due diligence requirements may exist. Depending on the type of service or product the third party will provide, due diligence may be required to ascertain whether the third party has adequate information security controls and data privacy protections or to ensure the third party complies with relevant government regulations. An assessment may also be required to determine whether the new third-party service or product is needed as Entrust works where possible to leverage existing business relationships.
I want to contract with a new third party for a cloud-based software solution to support my business function. Do I need to involve Corporate Purchasing?
Yes, if the commitment is for any of the following: (a) over $50,000 and not software-related, (b) involves any software licensing, (c) is a cloud-based solution, or (d) is high risk due to the nature of the work that will be performed or the terms of the proposed contract. Colleagues should consult Corporate Purchasing early in the process and prior to engaging with the third party.
Can I begin work with a new third party without a formal contract in place?
No. Commitments may only be made via a formal contract or purchase order. Work should not begin until one of these is in place.
For questions or more information, refer to the Corporate Purchasing Policies and Guidelines or contact Corporate Purchasing.
Fraud and Financial Impropriety
Entrust is committed to conducting business honestly, fairly, and transparently. Illegal activities such as fraud, tax evasion, money laundering, or anti-competitive behavior including, but not limited to, price-fixing and bid-rigging, can occur, particularly on large projects. Entrust defines fraud as any knowing misrepresentation of the truth or concealment of a material fact to induce another to act to their detriment. Violation of these laws or facilitating violations of these laws by our business partners, third parties, or clients, can have significant criminal and civil repercussions for both Entrust and any individuals involved. Entrust strictly prohibits colleagues from knowingly facilitating or assisting government officials or private-sector clients in violating the law. For example:
- Any submissions related to tenders, whether they be bids, specifications, or offers of any kind must be completely accurate and transparent and cannot be misleading in any way. If there is any uncertainty as to the accuracy of any representation, for example as to whether Entrust has particular experience, it should not be included until its accuracy has been verified.
- All information in the books and records of the company must be accurate and complete.
- Unusual payment arrangements, such as the use of third currencies or payments outside of where the work is performed, should be fully vetted with the Legal Department.
- Payments to individuals, rather than to organizations performing the service, is never permitted.
If you are unsure whether a proposed activity suggested by a partner or vendor might indicate fraud or other financial impropriety, contact [email protected] before moving forward with the proposed activity.
Entrust is committed to conducting business in compliance with laws governing competition. Violation of these laws may result in civil and criminal liability not just for the Company, but also for the individuals involved. Engaging in any of the following activities is strictly prohibited:
- Any agreement, understanding, plan, or arrangement with a competitor relating to pricing or any matter relating to or affecting pricing or any element of price (e.g., pricing methods or policies, bids, discounts, promotions, terms or conditions of sale (e.g., warranties), costs, and profits). Entrust independently determines the prices for its products and services. If any confidential information about a competitor’s prices is obtained, it should not be used. Additionally, Entrust customers who resell Entrust’s products and services must independently determine the prices they will charge.
- Any agreement, understanding, plan or arrangement with a competitor to allocate customers or markets or control production or availability of products or services.
- Any agreement, understanding, plan or arrangement with a competitor to limit business orrefrain from doing business with a particular company.
I have heard references to prohibited “vertical” and “horizontal” restraints on trade. What is the difference?
Vertical restraints are competition restrictions in agreements between entities at different levels of the production and distribution process (e.g., between an entity and its supplier). Horizontal restraints are agreements between competitors that restrict competition.
If you are unsure whether a proposed activity with a competitor breaches the above requirements, contact [email protected] before moving forward with the proposed activity.
Entrust colleagues who arrange, approve, or effect any export or import of products, services, or information must coordinate with International Trade Compliance to ensure that the transaction is compliant with all applicable legal requirements, and that all documentation and record-keeping requirements have been satisfied.
Are there countries Entrust is prohibited from doing business with?
Yes. Entrust may never sell, directly or indirectly, product or services to countries with comprehensive sanctions as defined here.
All Entrust entities are also required to abide by sanctions that have been put in place to prevent or restrict trade — typically, nations, entities, or individuals who have violated internationally recognized human rights, been associated with terrorist activities, and/or have directed significant acts of corruption. These lists change over time, so it is important to check with International Trade Compliance if you have doubts about whether we can do business with a potential customer based on location.
How long does it take for an export permit license to be issued?
While this varies depending on the country of export, once an export license permit application has been submitted, it takes government agencies an average of eight to 12 weeks or longer to issue a license, depending on the government entity issuing the permit. As a result, it is important to engage International Trade Compliance early in the development of a new product or a significant upgrade to an existing product to allow enough lead time for any required licenses to be obtained prior to the desired release date.
For questions or more information, refer to Entrust’s Export and Import Compliance Manuals or contact International Trade Compliance (within Global Logistics).
Entrust must comply with laws that prevent U.S. companies from being used to implement foreign policies of other nations that run counter to U.S. policy. As a result, Entrust is prohibited from refusing or agreeing to refuse to do business with or in a boycotted country, with any business organized under the laws of a boycotted country, with any national or resident of a boycotted country, or with any person who has dealt with a boycotted person or country, when refusal is due to an unsanctioned foreign boycott.
U.S. regulations require that the mere receipt of a boycott request be reported in a timely manner. Entrust must report a request even if the Company does not comply with the requested action or the request is withdrawn. If you receive a boycott-related request, immediately contact [email protected].
What does an antiboycott provision look like in a tender document?
Here is an example: Equipment or any of its units quoted by bidders must not be manufactured in Israel or India. Furthermore, the Bidder/Principal supplier must not have any linkage with Israel or India regarding ownership, sponsoring, and financing. The Bidder must furnish undertaking on judicial paper (Rs. 100/-) to this effect.
How should Entrust respond to an antiboycott request?
Contact Legal to ensure receipt of the request is properly reported. While we cannot agree to comply with a boycott request, we can affirmatively state where we manufacture our products. Here is a sample response to a bid request that contains antiboycott language:
Although the country of origin for Entrust products is primarily Canada, Denmark, Spain, the United Kingdom, or the United States, Section X contains language that violates United States Antiboycott Laws. As such, Entrust will not agree to comply with this provision. This clause will need to be removed from any resulting contract in order for Entrust to supply product pursuant to this tender.
For questions or more information, refer to the Global Antiboycott Policy or contact [email protected].
Confidential Information and Asset Protection
Entrust colleagues must commit to protecting the confidentiality of the Company’s proprietary information as well as confidential information received from third parties. Confidential information is not to be disclosed unless there is a business need to do so and the party who will receive the confidential information has signed an appropriate nondisclosure agreement. All confidential information disclosed under an appropriate nondisclosure agreement must be clearly labeled as “confidential” at the time of disclosure.
Identifying Confidential Information
Entrust confidential information is any information that Entrust does not wish to have displayed publicly or that the Company has determined has economic value to Entrust.
- Manufacturing processes
- Engineering drawings
- Financial documents
- Business strategies
- New product and service introduction plans
- Customer lists
- Personally identifiable information (e.g., credit card numbers, payroll information, driver’s license numbers, and passports)
- Source code
- Unpublished patent applications
- Product roadmaps and development projects
Colleagues should be careful to protect confidential information in meetings that include individuals outside of Entrust, correspondence (including email), telephone calls, and at restaurants, trade shows, and in other circumstances where third parties could overhear or obtain confidential information.
How do I know if information is confidential?
A good question to ask yourself is whether the information would be beneficial to an Entrust competitor? If you are unsure, contact [email protected]. If the answer is yes, then the information likely can only be disclosed outside the Company with a nondisclosure agreement in place. Additionally, security controls will need to be in place to govern proper storage and transmission of the information. See the section on “Data Privacy” for proper handling of confidential personal data.
What should I do if I receive confidential information that I have reason to believe is not authorized by the owner?
If you believe you have received confidential information in error or that was not authorized by the source, immediately return or destroy all copies and contact [email protected]. Use of unauthorized confidential information is strictly prohibited and could have serious consequences for Entrust including civil and criminal penalties.
When do I need a nondisclosure agreement?
Customers, vendors, and other entities doing business with Entrust may disclose confidential information to Entrust. We may be obligated to protect this information and not share it with others. In addition, when providing services to Entrust customers, colleagues may encounter information that Entrust is legally obligated to protect and not disclose. This type of third-party confidential information should not be disclosed without first consulting the Legal Department.
What about storing confidential data in the Cloud?
Confidential or proprietary information should never be stored or shared on a Cloud service that has not been preapproved by Information Security.
If you determine that confidential information must be disclosed, you must have an NDA in place. Follow Legal’s Nondisclosure Agreement Process, refer to the Global Confidential Information Policy for more information, and contact [email protected] if you have any questions.
Protecting Entrust Assets
Colleagues must use Entrust assets and property appropriately and in accordance with Company policy. The following are examples of conduct that constitutes inappropriate use:
- Unauthorized removal or use of property, tangible, or intangible, belonging to Entrust, its customers, vendors or other colleagues
- Improper use of Entrust funds (e.g., failure to follow the Global Travel & Expense Policy)
- Failure to comply with policies regarding acceptable computer usage
Security controls are in place to help protect Entrust’s assets. Attempts to intentionally damage, steal, or hinder the Company’s resources are prohibited.
Is there a policy regarding streaming videos?
Downloading large files or streaming content requires excessive bandwidth. To ensure availability of Entrust information resources for business needs, use of any high-bandwidth applications must have a business justification.
For questions or more information, refer to the Global Acceptable Use Policy or contact [email protected].
Accounting, Reporting, and Auditing Controls
Entrust maintains an adequate and uniform system of accounting, reporting, and auditing controls in order to protect Entrust’s assets and ensure the accuracy and reliability of its financial records. Entrust’s financial reports must reflect a full, fair, accurate, timely, and comprehensible disclosure of our financial position and results.
As a result, all colleagues are responsible for keeping accurate accounts, books, ledgers, journals, and records. In addition, colleagues must:
- Not allow the establishment of any undisclosed or unrecorded funds or assets
- Ensure that all documentation under which funds are disbursed accurately state the purpose for which the funds are paid and that such documentation is not misleading
- Decline to authorize the payment of corporate funds with the intent or belief that any part of such payment will be used for any purpose other than that described by the documents supporting such payment
- Follow all generally accepted accounting principles and all applicable laws and accounting procedures
- Ensure that all accounting information is both truthful and accurate
- Report any accounting or bookkeeping violations immediately upon discovery
Where can I access Entrust’s current fiscal year Internal Audit Plan?
The Internal Audit Plan is approved each March by the Audit Committee of the Board of Directors and can be accessed via the Internal Audit site.
Where can I find Entrust’s Annual Report?
The Annual Report is a confidential, non-public document. A Financial Summary is available on the Internal Audit site for colleagues to review and/or share outside the company (e.g., upon request from regulators, customers, and vendors). If you receive a request for other Entrust information that is not fully public and may be controlled, please direct the request to the Compliance team through the Customer Due Diligence Response Request Form.
For questions or more information, contact Finance or Internal Audit. For more information on the Internal Audit function, refer to the Internal Audit Charter.
As a business and an employer, it is necessary for Entrust to process personal data about colleagues, contingent workers, customers, suppliers, and other third parties with whom we engage to provide products or services on our behalf. Entrust is subject to enhanced requirements for processing personal data under the European General Data Protection Regulation (GDPR) and other applicable laws governing data protection. Entrust takes this obligation very seriously and has achieved ISO 27701 certification. ISO 27701 is an extension to ISO 27001, and it specifies the requirements for establishing, implementing, maintaining, and continually improving a privacy information management system (PIMS). Achieving certification to both ISO 27701 and ISO 27001 helps us to demonstrate how Entrust meets applicable privacy and data security requirements, upholds data subjects’ rights and has taken the necessary measures to protect the data we process.
Personal data is data relating to a living individual who can be identified (directly or indirectly) from that data (or from that data combined with other information in Entrust’s possession or available to Entrust). Personal data can be factual (e.g., name, address, date of birth) or it can be an opinion about the individual and their actions or behavior (e.g., colleague performance assessment). Personal data can also include identification numbers, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social status of an individual.
Processing describes activities performed with respect to personal data such as collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, disclosing by transmission, disseminating, or otherwise making available, aligning or combining, restricting use, erasing, or destroying data. Processing also includes transferring or disclosing personal data to third parties.
New or modified Entrust products and service offerings require submission of the Privacy by Design Form to ensure appropriate privacy and security controls and protections are considered at the outset of design and development. Not only does Entrust comply with its own obligations under existing data privacy laws, but the Company strives to assist its customers in meeting their privacy obligations.
In addition to Entrust’s obligations to lawfully process personal data, the Company also has an obligation to ensure that any third parties used to process data on our behalf do so in accordance with our instructions and in compliance with relevant data privacy legislation. Third parties should be engaged using the Solution Insertion and Renewal Process to ensure adequate review by Compliance from a data privacy perspective. We must ensure (typically through a mutually agreed upon data processing agreement) that the third party has adequate measures in place to safeguard the personal data we provide to them for processing.
Where can I learn more about how Entrust processes my personal data?
Entrust’s Employee Privacy Notice (as well as other Company privacy notices) are available on the data privacy page of the Compliance site.
I’ve been asked by a third party how Entrust complies with data privacy legislation. What can I provide?
Details regarding Entrust’s global data privacy program are available at https://www.entrust.com/legal-compliance/data-privacy. You may also contact [email protected] if you need additional detail about our data privacy program.
Does Entrust have a process to comply with data subject requests?
For questions or more information, refer to the Global Personal Data Protection Policy or contact [email protected]
Public Relations and Social Media
Entrust benefits from thoughtful engagement with the public through news media, social networks, industry analysts and other influencers. For that reason, Entrust closely manages how we engage with these channels and who formally represents the Company in the media, with analysts, or in social media. Engagement with news media, social media, or industry analysts while representing the Company should only occur with the knowledge and involvement of the Entrust Public Relations & Communications team.
Colleagues are encouraged to share content that has been posted on Entrust managed social media channels with their personal and professional social media networks. Colleagues who engage in personal social media or other online activities are responsible for acting professionally and ethically when referring to Entrust or information related to employment with the Company. Colleagues are prohibited from posting discriminatory, harassing, or threatening content, or divulging non-public, sensitive information about the Company that is financial, legal, or operational in nature or that contains customer or other information governed by Entrust’s data protection policies. Colleagues are expected to act responsibly, respectfully, and with due care.
It is Entrust’s policy and the responsibility of every colleague to maintain a safe workplace free from threats and acts of violence. Colleagues, contractors, and vendors associated with Entrust are prohibited from making threats or engaging in aggressive or violent activities. This includes, but is not limited to, bullying behavior that undermines, patronizes, humiliates, intimidates, or demeans the recipient; stalking in person, in writing, by telephone, or in electronic format; making threats; or engaging in physical attacks or property damage. The possession of weapons in the workplace while conducting company business or at any company-sponsored function is also strictly prohibited.
For questions or more information, refer to the Global Workplace Violence Policy or contact your HR Business Partner.
Workplace Health and Safety
At Entrust, safety is a high priority. For the well-being of each individual and the Company, all colleagues must be conscious of safety risks and take reasonable steps to mitigate those risks where possible. Maintaining a culture of safety requires a team effort to identify and correct unsafe conditions. Colleagues are encouraged to report hazards and safety concerns to their managers so that Entrust can continue to build and maintain a safe and efficient workplace. In addition, colleagues can volunteer to join our Safety Committee and Emergency Response Team to take a more active role in identifying potential risk areas and responding to health issues on site.
For questions or more information about the Shakopee, MN headquarters location, visit the Safety site. For other Entrust locations, contact local management for applicable policies.
Entrust is committed to providing a safe and drug-free work environment for our customers and colleagues. With this goal in mind, the Company explicitly prohibits colleagues from:
- The use, possession, solicitation of, or sale of narcotics or other illegal drugs, alcohol, or prescription medication without a prescription on company or customer premises or while performing an Entrust assignment.
- The presence of any detectable amount of prohibited substances in the employee's system while at work, while on the premises of the company or its customers, or while on company business. "Prohibited substances" include illegal drugs, alcohol, or prescription drugs not taken in accordance with a prescription given to the employee.
- Possession, use, solicitation of, or sale of legal or illegal drugs or alcohol, or being impaired or under the influence of legal or illegal drugs or alcohol while away from company or customer premises, if such activity or involvement adversely affects the colleague's work performance, the safety of the colleague or of others, or puts at risk the company's reputation.
Colleagues are expected to report unsafe working conditions, including any suspicions that a colleague may be impaired in the workplace. Be aware that what looks like impairment may also be due to medical conditions (e.g., diabetes, epilepsy, or a stroke), the use of medications taken as prescribed, psychological factors, and/or fatigue, which is why it is important to report your concern and allow the Company to conduct an independent investigation.
For questions, more information, or local policy requirements, contact your HR Business Partner.
Compliance with the Code is a condition of your employment. If you have questions about the Code of Ethics, please email us at [email protected].
Thank you for everything you do to ensure we remain a trusted partner to our customers and to one another.