Global Supplier Code of Conduct
NortonLifeLock is a global leader in providing security, storage, and systems management solutions. The very nature of our business-assuring the security, availability, and integrity of our customers' information-requires a global culture of responsibility. Ethics and integrity are the foundation of NortonLifeLock's business success. Therefore, NortonLifeLock declares its support for, and has elected to adopt this document as its Global Supplier Code of Conduct (or "Code") applicable to its Suppliers of products and services1.
Suppliers are responsible for ensuring that all of their employees and any subcontracted party performing work for NortonLifeLock are informed and agree to comply with this Code.
In addition to the Code, Suppliers are required to comply with the terms of their agreements with and commitments to NortonLifeLock, including without limitation, all representations and warranties. Nothing in this Code shall be deemed to amend, limit or otherwise impact any other obligations Supplier may have to NortonLifeLock (whether such obligation is written or otherwise).
Suppliers are required to comply with all laws and regulations applicable to their business, wherever conducted, and with this Code of Conduct. Compliance includes conducting business in a way that fulfills ethical responsibilities. Suppliers must comply with the Code or local law, whichever is more restrictive. NortonLifeLock expects Suppliers to demonstrate high ethical standards and to avoid activities that suggest even the appearance of impropriety.
NortonLifeLock will discontinue doing business with any Supplier and related parties who violate our restrictions or the law.
The Code is comprised of six (6) sections. Section A outlines the elements of an acceptable system to manage conformity to this Code. Sections B, C and D outline standards for Labor, Health and Safety, and the Environment, respectively. Section E adds standards relating to business ethics, and Section F contains additional provisions.
A. MANAGEMENT SYSTEM / COMPLIANCE WITH THE CODE
Suppliers shall have a management system and process in place that ensures compliance with the Code. This management system should cover areas such as Supplier commitment, management accountability and responsibility, legal and customer requirements, monitoring, risk management and assessment, supplier management, training, communication, and worker feedback and participation. In addition:
1. Audits, Assessments, and Certifications
Suppliers shall audit their compliance with this Code and customer contractual requirements related to social and environmental responsibility. NortonLifeLock may also audit its Suppliers for compliance to the Code or request certification from Supplier of its compliance with some or all of the provisions of the Code. Suppliers shall cooperate timely and fully with any such reasonable compliance audit or request for certification by NortonLifeLock, including without limitation, providing NortonLifeLock with documents related to NortonLifeLock business and making their Representatives available for interviews by NortonLifeLock and/or NortonLifeLock's representatives. Suppliers shall have a corrective and preventative action process in place to address non-compliances to the Code.
2. Documentation and Records
Suppliers shall create and maintain documents and records to ensure regulatory compliance and conformity to the Code and any other agreed NortonLifeLock requirements.
Suppliers are committed to uphold the human rights of workers, and to treat them with dignity and respect as understood by the international community and proclaimed under the Universal Declaration of Human Rights and the International Labor Organization's core conventions.
1. Freely Chosen Employment
Forced, bonded or indentured labor or involuntary prison labor shall not be used under any circumstances. All workers will be voluntary, and workers should be free to leave upon reasonable notice. Workers shall not be required to surrender government-issued identification, passports or work permits as a condition of employment.
2. Child Labor Avoidance
The use of child labor shall not be used under any circumstances. The term "child" refers to any person under the age of 15 (or 14 according to the applicable local laws), or under the minimum age for completion of compulsory education, or under the minimum age for employment in any particular country, whichever is the highest. Employees under the age of 18 should not perform hazardous work.
3. Working Hours
Workweeks shall not exceed the maximum set by local law. Workers shall be allowed at least one day off per seven-day week. Further, a workweek should not be more than 60 hours per week, including overtime, except in emergency or unusual situations.
4. Wages and Benefits
Suppliers should compensate workers in a timely manner at pay rates that comply with applicable wage laws. This includes overtime. Deductions from wages as a disciplinary measure is not permitted.
5. Anti-Human Trafficking and Humane Treatment
Consistent with United States law, NortonLifeLock seeks to eradicate slavery and human trafficking from our supply chains. Pursuant to U.S. and NortonLifeLock policy (the “Policy”), forced, bonded (including debt bondage) or indentured labor, commercial sex, involuntary prison labor, slavery, or trafficking of persons shall not be used. This includes transporting, harboring, recruiting, transferring or receiving persons by means of threat, force, coercion, abduction or fraud for labor or services. There shall be no unreasonable restrictions on workers’ freedom of movement in the facility in addition to unreasonable restrictions on entering or exiting company-provided facilities.
As part of the hiring process, workers must be provided with a written employment agreement in their native language that contains a description of terms and conditions of employment prior to the worker departing from his or her country of origin. All work must be voluntary and workers shall be free to leave work at any time or terminate their employment. Employers and agents may not hold or otherwise destroy, conceal, confiscate or deny access by employees to employees’ identity or immigration documents, such as government-issued identification, passports or work permits, unless the holding of work permits is required by law. Workers shall not be required to pay employers or agents recruitment fees or other fees and no recruiter that does not comply with local law shall be used. Each supplier must notify its employees and agents of the U.S. and NortonLifeLock Policy and of actions that will be taken for Policy violations. Each supplier should put in place a compliance plan or awareness plan.
Furthermore, for the portion of all contracts and subcontracts above $500,000 in supplies (other than commercial off the shelf items) acquired outside the U.S., suppliers shall maintain a compliance plan consisting of: a process for employees to report human trafficking violations without fear of retaliation; a means to make available the number of the Global Human Trafficking Hotline at 1-844-888-FREE and its email address at firstname.lastname@example.org; a recruitment and wage plan that ensures that wages meet host country legal requirements; if housing is provided, a plan ensuring that it meets host country housing and safety requirements; and procedures to prevent agents and subcontractors at any tier or dollar value from violations and to monitor, detect, and terminate any agents, subcontractors, or subcontractor employees that have violated the Policy.
Covered suppliers shall post relevant content of their compliance plan at workplaces and on their website no later than the beginning of contract performance. They must also certify annually after receiving award of a contract that they have implemented a compliance plan, and after having conducted due diligence, either that: neither it nor any of its subcontractors or their agents have engaged in violations of the Policy, or if violations have occurred, that the supplier has taken appropriate remedial and referral actions.
Additionally, for all suppliers there is to be no harsh and inhumane treatment, including any sexual harassment, sexual abuse, corporal punishment, mental or physical coercion or verbal abuse of workers; nor is there to be any threat of such treatment.
Suppliers must maintain a workforce free of harassment and unlawful discrimination.
7. Freedom of Association
The rights of workers to seek representation, associate freely, join or not join labor unions and workers' councils should be respected in accordance with local laws.
C. HEALTH AND SAFETY
1. Occupational Safety
Suppliers should have procedures in place to minimize potential safety hazards from chemical, biological or physical agents. Personal protective equipment shall be provided when appropriate. Workers shall not be disciplined for raising safety concerns. Suppliers will comply with all applicable quality, health, safety and environmental regulations. All required permits, licenses and registrations will be obtained, maintained and kept up-to date. Suppliers will fulfill their operational and reporting requirements.
Procedures and systems to prevent, manage, track and report occupational injury and illness, as required by law or NortonLifeLock, should be in place. Suppliers should report all incidents at work and provide or provide access to necessary medical treatment to employees.
2. Emergency Preparedness
Emergency plans and response procedures must be in place.
3. Occupational Injury and Illness
Procedures and systems are to be in place to prevent, manage, track and report occupational injury and illness, including provisions to: a) encourage worker reporting; b) classify and record injury and illness cases; c) provide necessary medical treatment; d) investigate cases and implement corrective actions to eliminate their causes; and e) facilitate return of workers to work.
4. Industrial Hygiene
Suppliers must provide workers with reasonable access to clean toilet facilities, food preparations, storage, clean drinking water and eating facilities.
5. Physically Demanding Work
Suppliers should have in place procedures and systems to identify, evaluate and control worker exposure to the hazards of physically demanding tasks.
6. Machine Safeguarding
Suppliers should evaluate machinery for safety hazards. Where machinery presents an injury hazard to workers measures must be taken to install safety precautions on the equipment. This equipment must be properly monitored and maintained.
Environmental responsibility is an integral part of NortonLifeLock's business strategy. It is also critical in the manufacturing of our products. Suppliers supplying or shipping product on behalf of NortonLifeLock should be compliant with ISO14001 and ISO19001 and their current versions.
1. Environmental Permits and Reporting
All required environmental permits, approvals and registrations must be obtained, maintained and kept current and their operational and reporting requirements are to be followed.
2. Pollution Prevention and Resource Reduction
Waste of all types should be reduced or eliminated at the source or by practices such as modifying production, maintenance and facility processes, using materials substitution, conservation, recycling and re-using materials.
3. Hazardous Substances
Chemicals and other materials posing hazard if released to the environment, should be identified and managed to ensure safe handling, movement, storage, recycling or reuse and disposal.
4. Waste and Emissions
Suppliers should characterize, monitor, control and treat wastewater, solid waste and air emissions generated from operations as required prior to discharge or disposal.
5. Product Content Restrictions
Suppliers shall comply with all applicable laws, regulations and customer requirements regarding prohibition or restriction of specific substances, including labeling and recycling and disposal.
NortonLifeLock requires the highest standards of integrity in all business interactions between NortonLifeLock and the Supplier and its suppliers.
1. Business Integrity
NortonLifeLock requires the highest standards of integrity in all business interactions. Any and all forms of corruption, extortion and embezzlement are strictly prohibited.
2. No Improper Advantage
Suppliers are prohibited from making, promising to make, or offering to make any payments or providing any item of value, directly or indirectly, to any government or public international organization officials, political parties, candidates for political office, employees of state owned or controlled companies, or any director, officer, employee or agent of a commercial customer or supplier, for the purpose of obtaining or retaining business or securing an improper business advantage or inducing the recipient to perform a job function improperly. Items of value may include, without limitation, gifts, gratuities, favors, entertainment, and travel (including without limit to family members and friends of such individuals).
Product or service discounts, equipment loans, marketing funds, or other permitted business activity shall not be used to disguise or facilitate an improper payment. Suppliers shall not utilize other entities to make or offer payments that they are not permitted to make or offer.
Suppliers should adopt internal policies and procedures to ensure no payments or gifts are offered, made, requested, or received that are inconsistent with this provision E.2. or violate applicable local law, the U.S. Foreign Corrupt Practices Act, or the U.K. Bribery Act.
Moreover, Suppliers shall not provide, offer, request, or receive a kickback, directly or indirectly, to obtain or reward favorable treatment in any transaction.
Suppliers shall ensure that all expenditures related to NortonLifeLock transactions are reasonable, customary, and done in the ordinary and proper course of business. No expenditures should be made which could be construed as bribes or inducements to act improperly. Suppliers should not offer any business courtesies, including meals, entertainment, or gifts, which could be construed as intended to influence the judgment of the recipient in an effort to secure preferential treatment or gain an improper advantage. Suppliers should not offer any business courtesies which they are aware are violative of the recipient's employer's code of conduct. Moreover, Suppliers should not accept or request any business courtesies with the intention of influencing their conduct in favor of the person or entity providing the business courtesy.
Facilitation payments are nominal amounts paid to entry level employees or non-decision makers to facilitate the performance of their lawful job responsibilities, i.e. the processing of a visa application or custom request. Facilitation payments are not intended to influence an individual to behave improperly or inconsistent with job responsibilities. Many countries prohibit facilitation payments. Any facilitation payments made by Suppliers in connection with NortonLifeLock-related business must be disclosed promptly to NortonLifeLock, must meet the standards set forth above, and must be recorded accurately and transparently in the Suppliers’ books and records.
Suppliers shall document accurately, timely, and fully all transactions related to all business involving NortonLifeLock. Supporting documentation for each transaction shall be maintained by Suppliers and made available for inspection by NortonLifeLock. Business records shall be retained in accordance with applicable laws and regulations. The disbursement of funds related to NortonLifeLock business dealings must be done pursuant to a duly authorized written contract with clearly defined procedures. Documents shall be signed by individuals with proper authority and shall not be altered, unless in accordance with the terms of the contract. No unauthorized fund or asset related to NortonLifeLock business may be created or maintained.
3. Disclosure of Information
Suppliers should not disclose information regarding business activities, structure, financial situation and performance, relating to NortonLifeLock, to any other party. Suppliers shall act in accordance with applicable regulations and prevailing industry practices in this area.
4. Intellectual Property, Confidentiality, and Data Privacy
Suppliers are required to protect and responsibly use the intellectual assets and confidential information of NortonLifeLock, consistent with NortonLifeLock's authority for such use. Suppliers' use of such data is restricted to NortonLifeLock business-related purposes or as otherwise set forth in any applicable agreement(s) between NortonLifeLock and such Suppliers. Suppliers shall comply with NortonLifeLock's requirements relating to confidentiality, security, data privacy, and intellectual property protection. Suppliers must adhere to the intellectual property ownership rights of NortonLifeLock and others, including without limitation copyrights, patents, trademarks, licenses, and trade secrets. Suppliers are prohibited from using any NortonLifeLock or third party patented technology, copyrighted materials, or other intellectual property or confidential information without written permission. Suppliers are further prohibited from transferring, publishing, disclosing, or using NortonLifeLock's confidential information other than as necessary in the ordinary course of business or as authorized by NortonLifeLock.
5. Data Privacy Laws and Regulations
Suppliers are required to abide by applicable data privacy laws and regulations.
6. Fair Business, Advertising and Competition
Suppliers shall maintain all standards of fair business, advertising and competition using appropriate means to safeguard customer information at all times.
7. Protection of Identity
Programs that ensure the confidentiality and protection of Suppliers and employee whistleblowers are to be maintained. NortonLifeLock prohibits any retaliation or retribution by Suppliers against any individual who, in good faith, reports questionable behavior or non-compliance with this Code.
8. Community Engagement
Suppliers should realize the impacts which its business has on its local community and should strive to have a positive impact on its community. Suppliers are encouraged to make charitable donations and investments within its social community including provisions for employee volunteering activities.
F. ADDITIONAL PROVISIONS
1. Conflicts of Interest
Suppliers must be free to act with total objectivity in their business dealings with NortonLifeLock, and thus, must avoid conflicts of interest. If a potential or actual conflict of interest arises that impedes a Supplier's ability to act objectively on behalf of NortonLifeLock, the Suppliers must report all relevant details to NortonLifeLock.
2. Lobbying Government Officials
Unless specifically retained for lobbying services, Suppliers are prohibited from lobbying government officials on behalf of NortonLifeLock. Lobbying generally includes activities designed to influence laws, regulations, and policies.
3. Quality Assurance
Suppliers shall ensure that they provide products and services related to NortonLifeLock business pursuant to the highest quality standards.
4. Insider Trading
Avoid insider trading by not buying or selling NortonLifeLock's or another company's stock when in possession of information about NortonLifeLock or another company that is not available to the investing public and that could influence an investor's decision to buy or sell stock and, in the case of information about another company, that was obtained in the course of doing business with NortonLifeLock.
5. Regulatory Officials
Be honest in discussions with regulatory agency representatives and government officials and cooperate with NortonLifeLock representatives in any internal or external investigations or audits of Suppliers' business dealings involving or related to NortonLifeLock.
Suppliers shall inform their NortonLifeLock contact person if any situation develops that causes the Supplier or its Representatives to act in violation of this Code. NortonLifeLock has a variety of resources available to facilitate a Supplier's reporting of a violation. Suppliers are encouraged to promptly contact their NortonLifeLock contact person and to work together in resolving the compliance concern.
If such reporting is not appropriate, reports of concern also may be raised through NortonLifeLock's EthicsLine: US/Canada1-877-231-0837; internationally: NortonLifeLockEthicsLine.ethicspoint.com; Email: email@example.com. NortonLifeLock's EthicsLine is 24 hours a day, seven days a week, confidential and toll free. Interpreters are available if needed.
1NortonLifeLock Suppliers are direct suppliers providing goods and services for use by NortonLifeLock internally or externally in the distribution of our products or services. For purposes of this document, "Supplier" includes, but is not limited to, any third party supplier, vendor, consultant, sub-contractor, the Supplier's employees, agents, subcontractors or other representatives or any individual (including relationship and non-employee workers) who is/are engaged or proposed to be engaged by NortonLifeLock for the provision or performance of work or services concerning direct goods and services.
Additional information is available at: