Symantec is a global leader in providing security, storage, and systems management solutions. The very nature of our business - assuring the security, availability, and integrity of our customers' information - requires a global culture of responsibility. Ethics and integrity are the foundation of Symantec's business success. Therefore, Symantec declares its support for, and has elected to adopt this document as the Global Supply Chain Manufacturing and Fulfillment Code of Conduct applicable to its Direct Suppliers¹.
We have looked to the Electronics Industry Code of Conduct² (EICC) and International Labor Organization's core conventions. as guides to best practices in this Code. The EICC outlines standards to ensure that working conditions in the electronics industry supply chain are safe, that workers are treated with respect and dignity and that manufacturing processes are environmentally responsible.
Suppliers are responsible for ensuring that all of their employees and any subcontracted party performing work for Symantec are informed and agree to comply with this Code.
Suppliers are required to comply with the terms of their contractual agreements with Symantec, including without limitation, all representations and warranties.
Suppliers are required to comply with all laws and regulations applicable to their business, wherever conducted, and with this Code of Conduct. Compliance includes conducting business in a way that fulfills ethical responsibilities. Suppliers must comply with the Code or local law, whichever is more restrictive. Symantec expects Suppliers to demonstrate high ethical standards and to avoid activities that suggest even the appearance of impropriety.
Symantec will discontinue doing business with any Supplier and related parties who violate our ban.
The Code is comprised of six sections. Section A outlines the elements of an acceptable system to manage conformity to this Code. Sections B, C and D outline standards for Labor, Health and Safety, and the Environment, respectively. Section E adds standards relating to business ethics, and Section F contains additional provisions.
A. MANAGEMENT SYSTEM / COMPLIANCE WITH THE CODE
Symantec requires our Suppliers to establish a management system whose scope is related to the content of this Code. The management system shall be designed to ensure:
1. Company Commitment
Corporate social and environmental responsibility policy statements affirming the Suppliers commitment to compliance and continual improvement, endorsed by top management.
2. Management Accountability and Responsibility
Supplier should nominate a representative(s) who is responsible for compliance to the Code and for the implementation of the management system.
3. Legal and Customer Requirements
A process in place to identify and monitor applicable laws and regulations including without limitation environmental, health and safety, labor practice and ethics risks associated with its operations.
4. Risk Assessment and Risk Management
Social and environmental objectives and targets program in order to improve performance in these areas.
5. Performance Objectives with Implementation Plan and Measures
Written standards, performance objectives, targets and implementation plans including periodic assessment of Supplier's performance against those objectives.
A training program in place to implement policies, procedures and improvement objectives for managers and workers.
A formal communication process in place for communicating clear and accurate information about the Suppliers policies.
8. Worker Feedback and Participation
Ongoing processes to assess workers understanding of and obtain feedback on practices and conditions covered by this Code and to foster continuous improvement.
9. Audits and Assessments
Suppliers shall audit their compliance with this Code and customer contractual requirements related to social and environmental responsibility. Symantec may also audit its Suppliers for compliance to the Code. Suppliers shall cooperate timely and fully with any such compliance audit by Symantec, including without limitation, providing Symantec with documents related to Symantec business and making their Representatives available for interviews by Symantec and/or Symantec's representatives. Suppliers shall have a corrective and preventative action process in place to address non compliances to the Code.
10. Documentation and Records
Suppliers shall create and maintain documents and records to ensure regulatory compliance and conformity to the Code and any other Symantec requirements.
Suppliers are committed to uphold the human rights of workers, and to treat them with dignity and respect as understood by the international community and proclaimed under the Universal Declaration of Human Rights and the International Labor Organizationt's core conventions.
1) Freely Chosen Employment
Forced, bonded or indentured labor or involuntary prison labor is not to be used. All workers will be voluntary, and workers should be free to leave upon reasonable notice. Workers shall not be required to hand over government-issued identification, passports or work permits as a condition of employment.
2) Child Labor Avoidance
The use of child labor shall not be used under any circumstances. The term "child" refers to any person under the age of 15 (or 14 according to the applicable local laws), or under the minimum age for completion of compulsory education, or under the minimum age for employment in any particular country, whichever is the highest. Employees under the age of 18 should not perform hazardous work.
3) Working Hours
Workweeks shall not exceed the maximum set by local law. Further, a workweek should not be more than 60 hours per week, including overtime, except in emergency or unusual situations. Workers shall be allowed at least one day off per seven-day week.
4) Wages and Benefits
Suppliers should compensate workers in a timely manner for overtime at pay rates greater than regular hourly rates. Deductions from wages as a disciplinary measure should not be permitted. Compensation paid to employees will comply with applicable national wage laws.
5) Humane Treatment
Consistent with the California Transparency in Supply Chains Act of 2010, Symantec seeks to eradicate slavery and human trafficking from our direct supply chains for tangible goods offered for sale. Additionally, there is to be no harsh and inhumane treatment, including any sexual harassment, sexual abuse, corporal punishment, mental or physical coercion or verbal abuse of workers; nor is there to be any threat of such treatment.
Suppliers must maintain a workforce free of harassment and unlawful discrimination.
7) Freedom of Association
The rights of workers to seek representation, associate freely, join or not join labor unions and workers' councils in accordance with local laws should be respected.
C. HEALTH AND SAFETY
1) Occupational Safety
Suppliers should have procedures in place to minimize potential safety hazards from chemical, biological or physical agents. Personal protective equipment shall be provided when appropriate. Workers shall not be disciplined for raising safety concerns. Suppliers will comply with all applicable quality, health, safety and environmental regulations. All required permits, licenses and registrations will be obtained, maintained and kept up-to date. Suppliers will fulfill their operational and reporting requirements.
Procedures and systems to prevent, manage, track and report occupational injury and illness should be in place. Suppliers should report all incidents at work and provide or provide access to necessary medical treatment to employees.
2) Emergency Preparedness
Emergency plans and response procedures must be in place.
3) Occupational Injury and Illness
Procedures and systems are to be in place to prevent, manage, track and report occupational injury and illness, including provisions to: a) encourage worker reporting; b) classify and record injury and illness cases; c) provide necessary medical treatment; d) investigate cases and implement corrective actions to eliminate their causes; and e) facilitate return of workers to work.
4) Industrial Hygiene
Suppliers must provide workers with reasonable access to clean toilet facilities, food preparations, storage, clean drinking water and eating facilities.
5) Physically Demanding Work
Suppliers should have in place procedures and systems to identify, evaluate and control worker exposure to the hazards of physically demanding tasks.
6) Machine Safeguarding
Suppliers should evaluate machinery for safety hazards. Where machinery presents an injury hazard to workers measures must be taken to install safety precautions on the equipment. This equipment must be properly monitored and maintained.
Environmental responsibility is an integral part of Symantec's business strategy. It is also critical in the manufacturing of our products. Suppliers supplying or shipping product on behalf of Symantec should be compliant with the ISO14001 and ISO9001 at their current version.
1) Environmental Permits and Reporting
All required environmental permits, approvals and registrations must be obtained, maintained and kept current and their operational and reporting requirements are to be followed.
2) Pollution Prevention and Resource Reduction
Waste of all types should be reduced or eliminated at the source or by practices such as modifying production, maintenance and facility processes, using materials substitution, conservation, recycling and re-using materials.
3) Hazardous Substances
Chemicals and other materials posing hazard if released to the environment, should be identified and managed to ensure safe handling, movement, storage, recycling or reuse and disposal.
4) Waste and Emissions
Suppliers should characterize, monitor, control and treat wastewater, solid waste and air emissions generated from operations as required prior to discharge or disposal.
5) Product Content Restrictions
Suppliers shall comply with all applicable laws, regulations and customer requirements regarding prohibition or restriction of specific substances, including labeling and recycling and disposal.
Symantec requires the highest standards of integrity in all business interactions between Symantec and the Supplier and its suppliers.
1. Business Integrity
Symantec requires the highest standards of integrity in all business interactions. Any and all forms of corruption, extortion and embezzlement are strictly prohibited.
2. No Improper Advantage
Suppliers are prohibited from making, promising to make, or offering to make any payments or providing any item of value, directly or indirectly, to any government or public international organization officials, political parties, candidates for political office, employees of state owned or controlled companies, or any director, officer, employee or agent of a commercial customer or supplier, for the purpose of obtaining or retaining business or securing an improper business advantage or inducing the recipient to perform a job function improperly. Items of value may include, without limitation, gifts, gratuities, favors, entertainment, and travel.
Product or service discounts, equipment loans, marketing funds, or other permitted business activity shall not be used to disguise or facilitate an improper payment. Suppliers shall not utilize other entities to make or offer payments that they are not permitted to make or offer.
Suppliers should adopt internal policies and procedures to ensure no payments or gifts are offered, made, requested, or received unless consistent with this provision, applicable local law, the U.S. Foreign Corrupt Practices Act, and the U.K. Bribery Act.
Moreover, Suppliers shall not provide, offer, request, or receive a kickback, directly or indirectly, to obtain or reward favorable treatment in any transaction.
Suppliers shall ensure that all expenditures related to Symantec transactions are reasonable, customary, and done in the ordinary and proper course of business. No expenditures should be made which could be construed as bribes or inducements to act improperly. Suppliers should not offer any business courtesies, including meals, entertainment, or gifts, which could be construed as intended to influence the judgment of the recipient in an effort to secure preferential treatment or gain an improper advantage. Suppliers should not offer any business courtesies which they are aware are violative of the recipient's employer's code of conduct. Moreover, Suppliers should not accept or request any business courtesies with the intention of influencing their conduct in favor of the person or entity providing the business courtesy.
Facilitation payments are nominal amounts paid to entry level employees or non-decision makers to facilitate the performance of their lawful job responsibilities, i.e. the processing of a visa application or custom request. Facilitation payments are not intended to influence an individual to behave improperly or inconsistent with job responsibilities. Many countries prohibit facilitation payments. Any facilitation payments made by Suppliers in connection with Symantec-related business must be disclosed promptly to Symantec, must meet the standards set forth above, and must be recorded accurately and transparently in the Suppliers's books and records.
Suppliers shall document accurately, timely, and fully all transactions related to all business involving Symantec. Supporting documentation for each transaction shall be maintained by Suppliers and made available for inspection by Symantec. Business records shall be retained in accordance with applicable laws and regulations.
The disbursement of funds related to Symantec business dealings must be done pursuant to a duly authorized written contract with clearly defined procedures. Documents shall be signed by individuals with proper authority and shall not be altered, unless in accordance with the terms of the contract. No unauthorized fund or asset related to Symantec business may be created or maintained.
3. Disclosure of Information
Suppliers should not disclose information regarding business activities, structure, financial situation and performance to any other party. Suppliers shall act in accordance with applicable regulations and prevailing industry practices in this area.
4. Intellectual Property
Suppliers are required to protect and responsibly use the intellectual assets and confidential information of Symantec, consistent with Symantec's authority for such use. Suppliers' use of such data is restricted to Symantec business-related purposes or as otherwise set forth in any applicable license agreement between Symantec and such Suppliers. Suppliers shall comply with Symantec's requirements for the maintenance of passwords, confidentiality, security, and privacy of Symantec's confidential information and intellectual property. Suppliers must adhere to the intellectual property ownership rights of Symantec and others, including without limitation copyrights, patents, trademarks, licenses, and trade secrets. Suppliers are prohibited from using patented technology, copyrighted materials, or other intellectual property without written permission. Suppliers are further prohibited from transferring, publishing, disclosing, or using confidential information other than as necessary in the ordinary course of business or as authorized by Symantec.
Suppliers are required to abide by applicable data privacy laws.
5. Fair Business, Advertising and Competition
Suppliers shall maintain all standards of fair business, advertising and competition using appropriate means to safeguard customer information at all times.
6. Protection of Identity
Programs that ensure the confidentiality and protection of Suppliers and employee whistleblower confidentiality are to be maintained. Symantec prohibits any retaliation or retribution by Suppliers against any individual who, in good faith, reports questionable behavior or non-compliance with this Code or Symantec's Code of Conduct.
7. Community Engagement
Suppliers should realize the impacts its business has on itsâ€™ local community and should strive to have a positive impact on its community. Suppliers are encouraged to make charitable donations and investments within it's social community including provisions for employee volunteering activities.
F. ADDITIONAL PROVISIONS
1. Conflicts of Interest
Suppliers must be free to act with total objectivity in their business dealings with Symantec, and thus, must avoid conflicts of interest. If a potential or actual conflict of interest arises that impedes a Supplier's ability to act objectively on behalf of Symantec, the Suppliers must report all relevant details to Symantec.
2. Lobbying Government Officials
Unless specifically retained for lobbying services, Suppliers are prohibited from lobbying government officials on behalf of Symantec. Lobbying generally includes activities designed to influence laws, regulations, and policies.
3. Quality Assurance
Suppliers shall ensure that they provide products and services related to Symantec business pursuant to the highest quality standards.
4. Insider Trading
Avoid insider trading by buying or selling Symantec's or another company's stock when in possession of information about Symantec or another company that is not available to the investing public and that could influence an investor's decision to buy or sell stock and, in the case of information about another company, that was obtained in the course of doing business with Symantec.
5. Regulatory Officials
Be honest in discussions with regulatory agency representatives and government officials and cooperate with Symantec representatives in any internal or external investigations or audits of Suppliers’ business dealings involving or related to Symantec.
Suppliers shall inform their Symantec contact person if any situation develops that causes the Supplier or its Representatives to act in violation of this Code or Symantec’s Code of Conduct. Symantec has a variety of resources available to facilitate a Supplier’s reporting of a violation. Suppliers are encouraged to promptly contact their Symantec contact person and to work together in resolving the compliance concern.
If such reporting is not appropriate, reports of concern also may be raised through Symantec’s EthicsLine: US/Canada1-877-231-0837; internationally: SymantecEthicsLine.ethicspoint.com; Email: firstname.lastname@example.org. Symantec’s Ethics Line is 24 hours a day, seven days a week, confidential and toll free. Interpreters are available if needed.
¹ Global Supply Chain Manufacturing and Fulfillment are Symantec's Direct Supplier providing goods and services used in the manufacture or distribution of our products or services. For purposes of this document, "Supplier" includes, but is not limited to, any third party supplier, vendor, consultant, sub-contractor, the Supplier's employees, agents, subcontractors or other representatives or any individual (including relationship and non-employee workers) who is/are engaged or proposed to be engaged by Symantec for the provision or performance of work or services concerning Direct goods and services.
² EICC was initially developed by a number of companies engaged in the manufacture of electronics products. Additional information is available at www.eicc.info.