Skip to main content
Code of Conduct Guidance
Ethan Heller avatar
Written by Ethan Heller
Updated over a week ago

The following article contains guidance explaining portions of the Code of Conduct that we frequently see questions around, explaining what the sections mean.

Guidance statements will appear in bold and enclosed in brackets “[]” below the statements of the policy.

Code of Conduct

[COMPANY NAME]

____________________________________________________________________________

Purpose

The [COMPANY NAME] Code of Conduct (“Code”) is built around our belief that everything we do will be measured against the highest possible standards of ethical business conduct. Our commitment to high standards helps us hire great people, build great products, and attract loyal customers.

  • If you do not build products and are a professional services firm, you can update this section as the phrase “building products” may not be accurate and you may refer to “customers” as your “clients”.

Who must follow the Code?

We expect all employees to know and follow the Code. Failure to do so can result in disciplinary action, up to and including termination of employment. We also expect our contractors, consultants, and others who may be temporarily assigned to perform work or services for [COMPANY NAME] to follow the Code when they work with us. Failure of a [COMPANY NAME] contractor, consultant, or other service provider to follow the Code can result in termination of their relationship with [COMPANY NAME].

Who to ask about the Code?

If you have a question or concern about the Code, be proactive and contact your manager. You can also submit a question or raise a concern regarding a suspected violation of our Code (or any other [COMPANY NAME] policy) to your manager.

No Retaliation

[COMPANY NAME] prohibits retaliation against anyone who reports, or participates in an investigation of, a possible violation of our Code, our policies, or the law. Please contact a member of senior management if you believe that you are the subject of retaliation within [COMPANY NAME].

Code of Conduct

As a [COMPANY NAME] employee, you’re expected to be honest, act ethically, and demonstrate integrity in all situations. You have a duty to follow policies and procedures found in this Code of Conduct, as well as those that are specific to your job. You must also comply with all laws that apply to our business. Most of the time, common sense and good judgment provide excellent guideposts. If you’re unsure about the right thing to do, ask someone on the management team.

Before You Act, Ask Yourself:

  • Is this the right thing to do?

  • Is it legal?

  • Do I have the authority to act?

  • Does the action comply with the Code of Conduct and policies and procedures?

  • If this action became public, how would it look in the news media?

  • Would I be upset or embarrassed if other people found out about this action?

  • [Items can be added or removed from this list as appropriate.]

If your answer to any of these questions raises doubts, talk with your supervisor, anyone in management, or the [COMPANY NAME] Compliance Officer. If you’re a supervisor or a manager, you’re responsible for knowing the rules and reviewing the Code of Conduct with the people who report to you to make sure they’re familiar with its contents. You’re also responsible for preventing violations of the Code, as well as detecting violations that may occur and reporting them appropriately.

  • [If you do not have a Compliance Officer, you can adjust this job title as needed.]

You’re Expected to:

  • Lead with integrity.

  • Encourage employees to ask questions and expand their knowledge of the rules.

  • Demonstrate integrity by acting promptly and effectively when necessary.

  • Educate employees on compliance policies specific to their job responsibilities.

  • [Items can be added or removed from this list as appropriate.]

Quality Work Environment

We are committed to a supportive work environment, where our employees have the opportunity to reach their fullest potential. Members of our [COMPANY NAME] team are expected to do their utmost to create a workplace culture that is free of harassment, intimidation, bias, and unlawful discrimination. Please read the Employee Handbook for greater detail about how we should conduct ourselves at work.

  • [If you don’t have an Employee Handbook, you can remove that language from this policy.]

Equal Opportunity Employment

Employment at [COMPANY NAME] is based solely upon individual merit and qualifications directly related to professional competence. We strictly prohibit unlawful discrimination or harassment on the basis of race, color, religion, veteran status, national origin, ancestry, pregnancy status, sex, gender identity or expression, age, marital status, mental or physical disability, medical condition, sexual orientation, or any other characteristics protected by law. We also make reasonable accommodations to meet our obligations under laws protecting the rights of the disabled.

Harassment, Discrimination, and Bullying

[COMPANY NAME] strictly prohibits discrimination, harassment, and bullying in any form – verbal, physical, or visual. If you believe that you’ve been bullied or harassed by anyone at [COMPANY NAME], or anyone connected to [COMPANY NAME] (such as a partner or vendor), please immediately report the incident to your manager or the HR team. HR will promptly and thoroughly investigate any complaints and take appropriate action.

Drugs and Alcohol

Substance abuse is incompatible with the health and safety of our employees, and we don’t permit it. Consumption of alcohol is allowed at our office on special occasions, but we ask everyone to use good judgment and never drink in a way that: (i) leads to impaired performance or inappropriate behavior, (ii) endangers the safety of others, or (iii) violates the law. Illegal drugs in our offices or at work-related events are strictly prohibited.

  • [If you are entirely remote, you may need to adjust the language in the above paragraph related to offices.]

Safe Workplace

We are committed to a violence-free work environment. We will not tolerate any level of violence or the threat of violence in the workplace. No one should bring a weapon to work under any circumstances. If you become aware of a violation of this policy, report it to a member of senior management immediately.

  • [If you are entirely remote, you may need to adjust the language in the above paragraph related to offices.]

Avoid Conflicts of Interest

As [COMPANY NAME] employees, we should avoid conflicts of interest and circumstances that reasonably present the appearance of a conflict of interest, especially if it would create an incentive for you or present the appearance of an incentive for you, (whether directly or indirectly).

Here Is List of Areas Where Conflicts of Interest Often Arise:

  • Personal investments (e.g. with competitors)

  • Outside employment, advisory roles, and board seats

  • Business opportunities found through your work at [COMPANY NAME]

  • Inventions influenced by your work at [COMPANY NAME]

  • Business opportunities involving friends and relatives

  • Acceptance of gifts, entertainment, and other business courtesies

  • [Items can be added or removed from this list as appropriate.]

If you are unsure if there is a conflict of interest, contact the Compliance or Legal teams to discuss.

  • [If you do not have a Compliance or Legal team, you can adjust these roles as needed.]

Preserve Confidentiality

Throughout its lifecycle, all nonpublic information that is processed, transmitted, and/ or stored

by [COMPANY NAME] must be protected in a manner that is consistent with our contractual and legal requirements and reasonable and appropriate for the level of sensitivity, value, and risk associated with Nonpublic information (please see the Data Classification Policy). Information that contains data elements from multiple classifications must be protected at the highest level of information represented. For example, a document that contains Nonpublic and Public information must be treated as Nonpublic information. Nonpublic information must be secured against disclosure, modification, and access by unauthorized individuals. Therefore, the information must be:

  • Secured at rest; and

  • Secured in transit; and

  • Securely destroyed in accordance with record retention policies and procedures.

Information Security

You’re responsible for using [COMPANY NAME]’s computer resources properly – especially with regard to information security – and you need to be thoroughly familiar with [COMPANY NAME]’s Information Security policies and procedures.

These Steps Can Go a Long Way in Preventing Unauthorized Access:

  • Never share your login information.

  • Lock your workstation when you step away.

  • Log off your workstation when you leave for the day.

  • Clear your workstation, waste can, printers and fax machines of sensitive information, such as PII or company-sensitive information.

  • [These items can be adjusted as necessary, for example, you may adjust the last bullet point in this list if you do not have printers or fax machines. Items can also be added to this list as needed.]

Protect [COMPANY NAME]’s Assets

Intellectual Property

[COMPANY NAME]’s intellectual property rights (e.g. patents, trademarks, copyrights, trade secrets, and “know-how”) are valuable assets. Unauthorized use can lead to their loss or serious loss of value. You must comply with all intellectual property laws, including laws governing the fair use of copyrights and trademarks. You must never use [COMPANY NAME]’s trademarks or other protected information or property for any business or commercial venture without pre-clearance from the Marketing team. Report any suspected misuse of trademarks or other [COMPANY NAME] intellectual property to the Legal or compliance team.

Likewise, respect the intellectual property rights of others. Inappropriate use of others’

intellectual property may expose [COMPANY NAME] and you to criminal and civil fines and penalties. Seek advice from the Legal team before you solicit, accept, or use proprietary information from individuals outside the company or allow them to obtain access to [COMPANY NAME] proprietary information. You should also check with the Legal team if developing a product feature that uses content not belonging to [COMPANY NAME].

  • [The roles listed above can be adjusted as necessary. If you do have a Marketing, Compliance, or Legal team, you can change these roles as needed.]

Company Equipment

[COMPANY NAME] gives us the tools and equipment that we need to do our jobs effectively, but counts on us to be responsible and not wasteful. Uncertain whether personal use of company assets is okay? Ask your manager.

  • [You may not provide company equipment, such as in the case where all devices are BYOD. In that instance, you should note that in the above section, mentioning that all devices are BYOD and considered the responsibility of the employee.]

The Network

[COMPANY NAME]’s network, software, and computing hardware are a critical aspect of our company’s physical property and intellectual property. Follow all security policies diligently. If you have any reason to believe that our network security has been violated – for example, you lose your laptop or think that your network password may have been compromised – promptly report the incident to your manager.

  • [The above section can be adjusted if you do not have a corporate network and completely rely on a cloud provider such as AWS, Azure, or GCP. The environment those systems are executing in are still considered your network.]

Physical Security

Bad actors may steal company assets. Always secure your laptop, important equipment, and your personal belongings, even while on company premises. Promptly report any suspicious activity to your manager.

  • [If you do not have a physical facility, you can remove the language in this section related to a company premises. However, you should still keep the language around securing your laptop.]

Ensure Financial Integrity and Responsibility

Financial integrity and fiscal responsibility are core aspects of corporate professionalism. Each person at [COMPANY NAME] has a role in making sure that money is appropriately spent, our financial records are complete and accurate, and internal controls are honored. This is applicable every time that we hire a new vendor, expense something to [COMPANY NAME], or sign a new business contract.

It’s important that we also keep records for an appropriate length of time. [COMPANY NAME]’s Data Retention Policy suggests minimum record retention periods for certain types of records. These guidelines help keep in mind applicable legal requirements, accounting rules, and other external requirements. Contractual obligations may sometimes specify longer retention periods for certain types of records. In addition, if you are asked by the Legal team to retain records relevant to a litigation, audit, or investigation, do so until Legal tells you that retention is no longer necessary. If you have any questions regarding the correct length of time to retain a record, contact the Compliance or Legal teams.

  • [If you do not have a Compliance or Legal team, you can adjust these roles as needed.]

Obey the Law

[COMPANY NAME] takes its responsibilities to comply with laws very seriously. Every employee is expected to comply with applicable legal requirements and restrictions. You should understand the laws and regulations that apply to your work. Contact the Compliance or Legal teams if you have any questions.

  • [If you do not have a Compliance or Legal team, you can adjust these roles as needed.]

Policy Compliance

Compliance Measurement

The Compliance team will verify compliance with this Code through various methods (e.g.

periodic manager reviews, tool reports, internal and external audits, and employee feedback).

  • [If you do not have a Compliance team, you can adjust this role as needed.]

Exceptions

Any exception to this Code must be approved by the Compliance team in writing.

  • [If you do not have a Compliance team, you can adjust this role as needed.]

Non-Compliance

Any employee who violates this Code may be subject to disciplinary action, up to and including

termination of employment in addition to any civil and criminal liability.

Your Annual Acknowledgment of the Code of Conduct

Once each year, as a condition of your employment, you’re required to acknowledge that you have received the Code of Conduct and understand its rules. New employees will sign an acknowledgment when they start with the company. Basically, your annual acknowledgment confirms that:

  • You’ve reviewed the Code of Conduct and you are required to comply with the Code of Conduct; you will comply with the compliance policies and procedures, as well as policies and procedures related to your job responsibilities;

  • You will report any questions or concerns about suspected or actual violations of the Code to your supervisor, anyone in management or [COMPANY NAME]’s Compliance Officer,

  • To the best of your knowledge, you haven’t acted contrary to the Code of Conduct

  • You have reported any potential conflicts of interest to the Compliance Department.

  • [If you do not have a Compliance team, you can adjust this role as needed.]

Did this answer your question?