Code of Ethics
Entrust is committed to the highest possible standards of ethical, moral and legal business conduct. If you have concerns about potential wrongdoing, we encourage you to report those concerns to us at [email protected] or through our Ethics Hotline which is available 24/7, 365 days a year by telephone or website. The hotline is staffed by an independent third party and not by Entrust colleagues.
Website: entrust.ethicspoint.com
Toll-Free Telephone:
- USA, Canada and Puerto Rico: 855-689-1303
- All other countries: Click here for access codes and dialing instructions.
- Click to select...
Introduction
At Entrust, we lead by acting with integrity and urgency in all we do. This Code of Ethics defines what is expected of all Entrust colleagues—every colleague must confirm their understanding of and commitment to comply with the Code of Ethics.
The Code of Ethics is only a starting point. Every colleague is responsible for knowing and complying with the spirit and the letter of applicable laws and regulations. The Code serves as a guide to help you make good decisions and navigate complex situations where the answer might not always be clear.
So, how do we act with integrity in all we do to ensure we remain successful, innovative, and trusted in our industry?
We do business legally, fairly and free from undue influence.
We ensure the confidentiality, security and accuracy of information we hold.
We promote a safe, diverse and inclusive work environment.
Conflicts of Interest
We do business legally, fairly and free from undue influence.
As an Entrust colleague, you are required to report all potential conflicts. You have a responsibility to not put yourself in a position where your own personal interests are at risk of conflicting with the interests of the Company. Trust is key to Entrust’s continued success in the marketplace. Operating with integrity means avoiding activities, relationships, or situations that can create an actual or potential conflict of interest, or the appearance of one.
A conflict of interest arises when your judgment could be influenced by the possibility of a personal benefit. Even if it’s not intentional, the appearance of a conflict may be just as damaging as an actual conflict. You should always be on the lookout for situations that may create a conflict of interest and do everything you can to avoid them. It is your responsibility to disclose any situation you think creates, or could create, a conflict of interest.
While it is not possible to list every situation in which an actual or apparent conflict of interest may exist, Entrust considers the following activities to be conflicts of interest. As such, colleagues are prohibited from engaging in these activities without receiving prior written approval from the Chief Legal and Compliance Officer (CLCO) and the Chief Human Resources Officer (CHRO):
- Competing, either directly or indirectly, with Entrust.
- Holding a financial interest in or receiving compensation from an Entrust competitor other than a nonsubstantial, passive ownership of securities.
- Holding a financial interest in or receiving compensation from an Entrust third party other than a nonsubstantial, passive ownership of securities, if you are directly or indirectly involved in decisions with respect to that third party (e.g., awarding business, overseeing the day-to-day relationship).
- Awarding business to a third party due to a family relationship, a close personal relationship and/or in exchange for personal favors or business.
- Leveraging Entrust’s brand, third party relationships, or position in the marketplace to advance your outside financial interests.
- Participating in outside employment that interferes with the colleague’s responsibilities as an Entrust employee, benefits from the use of Entrust assets, competes with Entrust, or reflects negatively on Entrust.
- Serving on company boards, as well as the boards of community and non-profit organizations or trade associations if the affiliation diminishes the colleague’s ability to perform their responsibilities for Entrust.
- Accepting gifts or entertainment from a person or organization that does business with Entrust or seeks to do business with Entrust except as permitted under the section entitled “Gifts and Entertainment.”
- Using confidential or proprietary company information obtained during the course of your employment, legitimately or otherwise for personal gain.
- Personally exploiting a corporate opportunity or receiving any personal benefit from a business transaction in which Entrust engages, especially where the personal benefit appears to outweigh the benefits to Entrust.
Can I seek outside employment in addition to my job at Entrust?
Maybe. Our standard employment agreement requires you first to obtain the written consent of the Company before seeking or engaging in outside employment or business activities during the course of your employment at Entrust. You should talk to your manager and your HR Business Partner to seek the required approval. Outside employment is usually approved provided it would not interfere with your job at Entrust.
For questions or more information, refer to the Global Conflicts of Interest Policy or contact [email protected].
Gifts and Entertainment
We do business legally, fairly and free from undue influence.
Transfers of value (e.g., gifts, entertainment, meals, travel, other hospitality and political or charitable contributions) can create improper influence (or the appearance of improper influence) and must be given and/or received in accordance with the Global Anti-Corruption Policy.
Gifts and entertainment means anything of value, e.g., loans, favorable terms on a product or service, prizes, use of another company’s vehicles, tickets, gift certificates, use of vacation facilities, attendance at sporting events, stocks, other securities, or participation in stock offerings. Entertainment is considered a gift, subject to these guidelines, when the giver or representative from the giving organization will not accompany you to the event.
Acceptable for self-approval
Some gifts and entertainment are sufficiently modest that they do not require prior approval. Think through the intent (e.g., Is it normal courtesy or to build a business relationship versus influencing the recipient’s objectivity in making a business decision?), materiality, frequency, and transparency (e.g., Would you be embarrassed if your manager, colleagues, or anyone else outside Entrust became aware?). The following are usually acceptable without prior approval:
- Meals: Reasonable occasional meals with someone with whom we do business
- Entertainment: Occasional attendance at sporting events, theater, and other cultural events
- Gifts: Gifts of nominal value such as pens, calendars, or small promotional items
Never acceptable
The following types of gifts and entertainment are never permissible:
- Any gift or entertainment that would be illegal;
- Anything of value to any government official, political party or party official, or any candidate for political office, official or employee of an international organization, or officer, director, or employee of a customer for the purpose of inducing the recipient to misuse their position to provide any improper or undue business advantage to Entrust;
- Anything of value given to an Entrust colleague by a vendor, supplier, or partner or an officer, director, or employee of a vendor, supplier, or partner for the purpose of inducing the colleague to misuse their position at Entrust to provide any improper or undue business advantage to the payor or to any other person or entity;
- Gifts or entertainment involving parties engaged in a tender or competitive bidding process;
- Any gift of cash or cash equivalent (with the exception of gift certificates or gift cards, which may be retained in accordance with the requirements and approvals set forth in this section);
- A gift or entertainment that you pay for personally to avoid having to seek approval; or
- Any entertainment that is inappropriate, indecent, or sexually oriented or might otherwise adversely affect Entrust’s reputation.
May be acceptable with prior approval
For anything that does not fit into the other categories, the gift or entertainment may or may not be permissible. You must get advance approval in writing from your SLT member and submit the approval using the Gifts Log Submission Form for the following:
- Entertainment that exceeds 150 USD or equivalent;
- Gifts valued at more than 50 USD or equivalent;
- Lavish meals that cost more than 150 USD or equivalent per person (or 50 USD for a government official);
- Special events such as a World Cup game or major golf tournament (these usually have a value of more than 150 USD); or
- Travel or overnight accommodation, as this normally raises the personal benefit to material levels.
Any entertainment valued at more than 500 USD, gifts over 250 USD, or political and charitable contributions must be pre-approved in writing by the CEO.
Other important things to know about gifts and entertainment
It is acceptable to receive a gift that exceeds a designated monetary limit if it would be insulting to decline, but the gift must be reported to management who will decide whether it:
- May be retained by the recipient in accordance with the requirements and approval set forth in this section;
- Will be retained for the benefit of Entrust;
- Will be sold and the money donated to charity; or
- Will be returned to the donor.
You may not accept or must immediately return any gift of cash or a cash equivalent such as bank check, money order, negotiable instrument, or loan (with the exception of gift certificates as noted above). If the hospitality or entertainment is at an inappropriate venue, includes “adult entertainment,” or would otherwise embarrass Entrust, you must decline.
In some departments or jurisdictions, more restrictive rules or regulations on both giving and receiving gifts and entertainment may apply, particularly regarding government officials. Colleagues must be careful not to give or accept gifts or entertainment that do not comply with local requirements.
Please refer to the Global Anti-Corruption Policy for further guidance.
A customer offered me tickets to a sporting event but will not be attending with me. Is it okay if I accept the tickets?
In this scenario, the tickets would be considered a gift. Only gifts of nominal value may be accepted without prior approval from your manager or SLT member.
How should I respond if I am offered a gift that I am uncomfortable accepting or that I know is not permissible under Entrust policy?
You should politely decline the offer if it will not damage the relationship with the offeror. If it could cause harm or would be insulting to decline, you may accept the gift, but you must immediately report the gift to your manager. You must always decline or immediately return a gift of cash.
May I accept a prize or award from a vendor drawing?
Colleagues may accept a prize or award from a bona fide competition held in public such as a drawing at a conference or training session that meets the requirements outlined in this section.
For questions or more information, contact [email protected].
Anti-Corruption and Coercion
We do business legally, fairly and free from undue influence.
The nature of Entrust’s business requires colleagues and third parties with whom we do business to interact regularly with government officials and private sector customers. Applicable anti-corruption laws (e.g., the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, the US Foreign Corrupt Practices Act (FCPA), the International Travel Act, the UK Bribery Act, and Canada’s Corruption of Foreign Public Officials Act (CFPOA)) establish certain rules and restrictions on those interactions in all countries where Entrust does business. Colleagues should be aware of all applicable anti-corruption laws, rules, and regulations where they are located, in the locations where services will be performed or that are relevant to a particular project or tender, as well as multilateral development bank (MDB) guidelines, where applicable.
Entrust prohibits paying, offering to pay, promising to pay, or authorizing the payment of money or anything of value, directly or indirectly, to any government official or private sector customer in order to secure an improper business advantage. Entrust also strictly prohibits any colleague from soliciting or accepting a bribe from any individual or entity as an Entrust colleague. International law prohibits all of the above—anti-bribery laws are not just restricted to offers of improper payment to government officials.
Extortion and coercive practices – impairing or harming, or threatening to impair or harm, any individual, organization, or their property or financial interests in order to influence that person or organization will not be tolerated and will result in disciplinary action, up to and including termination of employment.
If I suspect, but don’t have proof or evidence that an Entrust distributor or systems integrator is going to pay a bribe in connection with a bid it has submitted, do I need to take any action?
Yes, willful ignorance and failure to investigate the possibility that a bribe will be paid results in imputed knowledge to Entrust and makes the Company liable for the act of the third party.
We have heard a rumor that other companies may be paying for lavish trips and entertainment for government officials. If we don’t do the same, our competitors will have an unfair advantage over us in the bidding process. Why do we have to abide by anti-corruption laws while our competitors do not?
Regardless of their compliance or non-compliance, most of our competitors are subject to the same anti-corruption laws as Entrust. More than 100 countries have adopted anti-corruption legislation. Our actions will never be dictated by what our competitors are doing. We achieve outstanding financial results and enjoy an excellent reputation with our customers and the public by strictly adhering to our values, our Code of Ethics, and all applicable laws. Doing the right thing is always good for business.
For questions or more information, refer to Entrust’s Global Anti-Corruption Policy or contact [email protected].
Third Party Due Diligence
We do business legally, fairly and free from undue influence.
Entrust is legally responsible for any corrupt actions by third parties contracted to represent Entrust or otherwise perform services on its behalf. As such, Entrust must understand the qualifications and associations of its thirdparty partners to ensure that it only does business with reputable third parties who act with integrity and deliver quality products and services. Prior to contracting with a third party for goods or services, appropriate due diligence must be conducted.
Entrust’s Due Diligence Questionnaire must be completed prior to contracting and vetted with the Compliance Director if any of the following apply:
- The third party will become a formal channel partner or technology alliance partner;
- The third party will serve as a system integrator, consortium member or contracting partner on a government or state-owned project or tender; or
- The third party scores 5 or higher on the Third Party Risk Matrix in Appendix 1 of the Global Anti-Corruption Policy.
Additionally, contracts to retain third parties must contain a contractual commitment to comply with all applicable laws and regulations including, but not limited to, anti-corruption laws such as the US FCPA, the International Travel Act, the UK Bribery Act, and Canada’s CFPOA as well as local anti-corruption laws where services will be performed. If the contract does not include this language, use the Anti-Corruption Commitment or contact [email protected] for standard language.
While the following risk factors do not automatically disqualify a third party from working with Entrust, you should carefully consider whether to establish a relationship with a third party that exhibits one or more of the following characteristics as these may be indicative of corrupt behavior:
- Third party does business in a high-risk country as defined in the Third Party Risk Matrix;
- Third party has a reputation for improper, illegal or unethical conduct;
- Third party refuses to provide requested information during the due diligence process;
- Third party refuses to provide assurances that it will comply with applicable anti-corruption laws;
- Third party refuses to execute a written contract;
- Third party charges a rate or fee that is unusually high compared to market rates;
- Third party makes unusual payment requests (e.g., requests for cash payments, advance payments, deposits to multiple accounts or deposits to offshore accounts);
- Third party requests approval or reimbursement of unusual expenditures, amounts significantly above budgeted or projected costs or payments in cash;
- Third party has direct family or business ties to a government official or government agency;
- Third party makes large and/or frequent political contributions;
- Third party uses unnecessary third parties, agents or intermediaries; or
- Third party suggests payments are needed to “get the business.”
Entrust values its reputation for ethical behavior and recognizes that engaging in bribery or other corrupt behavior would undermine customer and colleague trust. No Entrust colleague or third party will ever suffer adverse consequences for refusing to pay a bribe or for refusing to engage in otherwise corrupt behavior, even if Entrust loses business as the result of such refusal.
Supplier Due Diligence
We do business legally, fairly and free from undue influence.
For direct and indirect suppliers, additional due diligence requirements may exist. Depending on the type of service or product the third party will provide, due diligence may be required to ascertain whether the third party has adequate information security controls and data privacy protections or to ensure the third party complies with relevant government regulations. An assessment may also be required to determine whether the new third-party service or product is needed as Entrust works where possible to leverage existing business relationships.
I want to contract with a new third party for a cloud-based software solution to support my business function. Do I need to involve Corporate Purchasing?
Yes, if the commitment is for any of the following: (a) over $50,000 and not software-related, (b) involves any software licensing, (c) is a cloud-based solution or (d) is high risk due to the nature of the work that will be performed or the terms of the proposed contract. Colleagues should consult Corporate Purchasing early in the process and prior to engaging with the third party.
Can I begin work with a new third party without a formal contract in place?
No. Commitments may only be made via a formal contract or purchase order. Work should not begin until one of these is in place.
For questions or more information, refer to the Corporate Purchasing Policies and Guidelines or contact Corporate Purchasing.
Fraud and Financial Impropriety
We do business legally, fairly and free from undue influence.
Entrust is committed to conducting business honestly, fairly, and transparently. Illegal activities such as fraud, tax evasion, money laundering, or anti-competitive behavior including, but not limited to, price-fixing and bid-rigging, can occur, particularly on large projects. Violation of these laws or facilitating violations of these laws by our business partners, third parties, or clients, can have significant criminal and civil repercussions for both Entrust and any individuals involved. Entrust strictly prohibits colleagues from knowingly facilitating or assisting government officials or private sector clients in violating the law. For example:
- Any submissions related to tenders, whether they be bids, specifications, or offers of any kind must be completely accurate and transparent and cannot be misleading in any way. If there is any uncertainty as to the accuracy of any representation, for example as to whether Entrust has particular experience, should not be included until its accuracy has been verified.
- All information in the books and records of the company must be accurate and complete.
- Unusual payment arrangements, such as the use of third currencies or payments outside of where the work is performed, should be fully vetted with the Legal Department.
- Payments to individuals, rather than to organizations performing the service, is never permitted.
If you are unsure whether a proposed activity suggested by a partner or vendor might indicate fraud or other financial impropriety, contact [email protected]ust.com before moving forward with the proposed activity.
Fair Competition
We do business legally, fairly and free from undue influence.
Entrust is committed to conducting business in compliance with laws governing competition. Violation of these laws may result in civil and criminal liability not just for the Company, but also for the individuals involved. Engaging in any of the following activities is strictly prohibited::
- Any agreement, understanding, plan or arrangement with a competitor relating to pricing or any matter relating to or affecting pricing or any element of price (e.g., pricing methods or policies, bids, discounts, promotions, terms or conditions of sale (e.g., warranties), costs, and profits). Entrust independently determines the prices for its products and services. If any confidential information about a competitor’s prices is obtained, it should not be used. Additionally, Entrust customers who resell Entrust’s products and services must independently determine the prices they will charge.
- Any agreement, understanding, plan or arrangement with a competitor to allocate customers or markets or control production or availability of products or services.
- Any agreement, understanding, plan or arrangement with a competitor to limit business orrefrain from doing business with a particular company
I have heard references to prohibited “vertical” and “horizontal” restraints on trade. What is the difference?
Vertical restraints are competition restrictions in agreements between entities at different levels of the production and distribution process (e.g., between an entity and its supplier). Horizontal restraints are agreements between competitors that restrict competition.
If you are unsure whether a proposed activity with a competitor breaches the above requirements, contact [email protected] before moving forward with the proposed activity.
International Trade
We do business legally, fairly and free from undue influence.
Entrust colleagues who arrange, approve, or effect any export or import of products, services, or information must coordinate with International Trade Compliance to ensure that the transaction is compliant with all applicable legal requirements, and that all documentation and record-keeping requirements have been satisfied.
Are there countries Entrust is prohibited from doing business with?
Yes. Entrust may never sell, directly or indirectly, product or services to countries with comprehensive sanctions as defined here.All Entrust entities are also required to abide by sanctions that have been put in place to prevent or restrict trade— typically, nations, entities or individuals who have violated internationally recognized human rights, been associated with terrorist activities, and/or have directed significant acts of corruption. These lists change over time, so it is important to check with International Trade Compliance if you have doubts about whether we can do business with a potential customer based on location.
How long does it take for an export permit license to be issued?
While this varies depending on the country of export, once an export license permit application has been submitted, it takes government agencies an average of eight to twelve weeks to issue a license. As a result, it is important to engage International Trade Compliance early in the development of a new product or a significant upgrade to an existing product to allow enough lead time for any required licenses to be obtained prior to the desired release date.
For questions or more information, refer to Entrust’s Export and Import Compliance Manuals or contact International Trade Compliance (within Global Logistics).
Antiboycott Laws
We do business legally, fairly and free from undue influence.
Entrust must comply with laws that prevent US companies from being used to implement foreign policies of other nations that run counter to US policy. As a result, Entrust is prohibited from refusing or agreeing to refuse to do business with or in a boycotted country, with any business organized under the laws of a boycotted country, with any national or resident of a boycotted country, or with any person who has dealt with a boycotted person or country, when refusal is due to an unsanctioned foreign boycott.
US regulations require that the mere receipt of a boycott request be reported in a timely manner. Entrust must report a request even if the Company does not comply with the requested action or the request is withdrawn. If you receive a boycott-related request, immediately contact [email protected].
What does an antiboycott provision look like in a tender document?
Here is an example: Equipment or any of its units quoted by bidders must not be manufactured in Israel or India. Furthermore, the Bidder/Principal supplier must not have any linkage with Israel or India regarding ownership, sponsoring and financing. The Bidder must furnish undertaking on judicial paper (Rs. 100/-) to this effect.
How should Entrust respond to an antiboycott request?
Contact Legal to ensure receipt of the request is properly reported. While we cannot agree to comply with a boycott request, we can affirmatively state where we manufacture our products. Here is a sample response to a bid request that contains antiboycott language:
Although the country of origin for Entrust products is primarily Canada, Denmark, Spain, the United Kingdom, or the United States, Section X contains language that violates United States Antiboycott Laws. As such, Entrust will not agree to comply with this provision. This clause will need to be removed from any resulting contract in order for Entrust to supply product pursuant to this tender.
For questions or more information, refer to the Global Antiboycott Policy or contact [email protected].
Confidential Information and Asset Protection
We ensure the confidentiality, security and accuracy of information we hold.
Entrust colleagues must commit to protecting the confidentiality of the Company’s proprietary information as well as confidential information received from third parties. Confidential information is not to be disclosed unless there is a business need to do so and the party who will receive the confidential information has signed an appropriate nondisclosure agreement. All confidential information disclosed under an appropriate nondisclosure agreement must be clearly labeled as “confidential” at the time of disclosure.
Identifying Confidential Information
Entrust confidential information is any information that Entrust does not wish to have displayed publicly or that the Company has determined has economic value to Entrust.
Examples include:
- Manufacturing processes
- Engineering drawings
- Financial documents
- Business strategies
- New product and service introduction plans
- Customer lists
- Personally identifiable information (e.g., credit card numbers, payroll information, driver’s license numbers, and passports)
- Source code
- Unpublished patent applications
- Product roadmaps and development projects
Colleagues should be careful to protect confidential information in meetings that include individuals outside of Entrust, correspondence (including email), telephone calls, and at restaurants, trade shows and in other circumstances where third parties could overhear or obtain confidential information.
How do I know if information is confidential?
A good question to ask yourself is whether the information would be beneficial to an Entrust competitor? If you are unsure, contact [email protected]. If the answer is yes, then the information likely can only be disclosed outside the Company with a nondisclosure agreement in place. Additionally, security controls will need to be in place to govern proper storage and transmission of the information. See the section on “Data Privacy” for proper handling of confidential personal data.
What should I do if I receive confidential information that I have reason to believe is not authorized by the owner?
If you believe you have received confidential information in error or that was not authorized by the source, immediately return or destroy all copies and contact [email protected]. Use of unauthorized confidential information is strictly prohibited and could have serious consequences for Entrust including civil and criminal penalties.
When do I need a nondisclosure agreement?
Customers, vendors, and other entities doing business with Entrust may disclose confidential information to Entrust. We may be obligated to protect this information and not share it with others. In addition, when providing services to Entrust customers, colleagues may encounter information that Entrust is legally obligated to protect and not disclose. This type of third-party confidential information should not be disclosed without first consulting the Legal Department.
What about storing confidential data in the Cloud?
Confidential or proprietary information should never be stored or shared on a Cloud service that has not been pre-approved by Information Security.
If you determine that confidential information must be disclosed, you must have an NDA in place. Follow Legal’s Nondisclosure Agreement Process, refer to the Global Confidential Information Policy for more information, and contact [email protected] if you have any questions.
Protecting Entrust Assets
Colleagues must use Entrust assets and property appropriately and in accordance with Company policy. The following are examples of conduct that constitutes inappropriate use:
- Unauthorized removal or use of property, tangible, or intangible, belonging to Entrust, its customers, vendors or other colleagues
- Improper use of Entrust funds (e.g., failure to follow the Global Travel & Expense Policy)
- Failure to comply with policies regarding acceptable computer usage
Security controls are in place to help protect Entrust’s assets. Attempts to intentionally damage or hinder the Company’s resources are prohibited.
Is there a policy regarding streaming videos?
Downloading large files or streaming content requires excessive bandwidth. To ensure availability of Entrust information resources for business needs, use of any high-bandwidth applications must have a business justification.
For questions or more information, refer to the Global Acceptable Use Policy or contact [email protected].
Accounting, Reporting, and Auditing Controls
We ensure the confidentiality, security and accuracy of information we hold.
Entrust maintains an adequate and uniform system of accounting, reporting, and auditing controls in order to protect Entrust’s assets and ensure the accuracy and reliability of its financial records. Entrust’s financial reports must reflect a full, fair, accurate, timely and comprehensible disclosure of our financial position and results.
As a result, all colleagues are responsible for keeping accurate accounts, books, ledgers, journals and records. In addition, colleagues must:
- Not allow the establishment of any undisclosed or unrecorded funds or assets
- Ensure that all documentation under which funds are disbursed accurately state the purpose for which the funds are paid and that such documentation is not misleading
- Decline to authorize the payment of corporate funds with the intent or belief that any part of such payment will be used for any purpose other than that described by the documents supporting such payment
- Follow all generally accepted accounting principles and all applicable laws and accounting procedures
- Ensure that all accounting information is both truthful and accurate
- Report any accounting or bookkeeping violations immediately upon discovery
Where can I access Entrust’s current fiscal year Internal Audit Plan?
The Internal Audit Plan is approved each March by the Audit Committee of the Board of Directors and can be accessed via the Internal Audit site.
Where can I find Entrust’s Annual Report?
The Annual Report is a confidential, non-public document. A Financial Summary is available on the Internal Audit site for colleagues to review and/or share outside the company (e.g., upon request from regulators, customers, and vendors). If you receive a request for other Entrust information that is not fully public and may be controlled, please direct the request to the Compliance team through the Customer Due Diligence Response Request Form.
For questions or more information, contact Finance or Internal Audit. For more information on the Internal Audit function, refer to the Internal Audit Charter.
Data Privacy
We ensure the confidentiality, security and accuracy of information we hold.
As a business and an employer, it is necessary for Entrust to process personal data about colleagues, contingent workers, customers, suppliers, and other third parties with whom we engage to provide products or services on our behalf. Entrust is subject to enhanced requirements for processing personal data under the European General Data Protection Regulation (GDPR) and other applicable laws governing data protection. Entrust takes this obligation very seriously and has achieved ISO 27701 certification. ISO 27701 is an extension to ISO 27001 and it specifies the requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS). Achieving certification to both ISO 27701 and ISO 27001 helps us to demonstrate how Entrust meets applicable privacy and data security requirements and have taken the necessary measures to protect the data we process and uphold data subjects’ rights.
Personal data is data relating to a living individual who can be identified (directly or indirectly) from that data (or from that data combined with other information in Entrust’s possession or available to Entrust). Personal data can be factual (e.g., name, address, date of birth) or it can be an opinion about the individual and their actions or behavior (e.g., colleague performance assessment). Personal data can also include identification numbers, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social status of an individual.
Processing describes activities performed with respect to personal data such as collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting use, erasing or destroying data. Processing also includes transferring or disclosing personal data to third parties.
If you are responsible for developing new Entrust products and service offerings, contact [email protected] and Information Security to consider what personal data the product or service will process at the outset of development and to build in appropriate technical and organizational safeguards. Not only does Entrust comply with its own obligations under existing data privacy laws, but the Company strives to assist its customers in meeting their obligations by designing products and services that make compliance simple.
In addition to Entrust’s obligations to lawfully process personal data, the Company also has an obligation to ensure that any third parties used to process data on our behalf do so in accordance with our instructions and in compliance with relevant data privacy legislation. Contact [email protected] if you engage a third party that will process personal data on behalf of Entrust. We must ensure (typically through a mutually agreed upon data processing agreement) that the third party has adequate measures in place to safeguard the personal data we provide to them for processing.
Where can I learn more about how Entrust processes my personal data?
Entrust’s Employee Privacy Notice (as well as other Company privacy notices) are available on the data privacy page of the Compliance site.
I’ve been asked by a third party how Entrust complies with data privacy legislation. What can I provide?
Entrust’s Personal Data Protection Policy is a publicfacing document. Work directly with the Compliance Director if you need additional detail about the Company’s data privacy program.
Does Entrust have a process to comply with data subject access requests?
Yes, and it is available on the data privacy page of the Compliance site. Data subject access requests can be submitted using this form.
For questions or more information, refer to the Global Personal Data Protection Policy or contact [email protected].
Public Relations and Social Media
We ensure the confidentiality, security and accuracy of information we hold.
Entrust benefits from thoughtful engagement with the public through news media, social networks, industry analysts and other influencers. For that reason, Entrust closely manages how we engage with these channels and who formally represents the Company in the media, with analysts or in social media. Engagement with news media, social media, or industry analysts while representing the Company should only occur with the knowledge and involvement of the Entrust Public Relations & Communications team.
Colleagues are encouraged to share content posted on Entrust managed social media channels with their personal and professional social media networks. Colleagues who engage in personal social media or other online activities are responsible for acting professionally and ethically when referring to Entrust or information related to employment with the Company. Colleagues are prohibited from posting discriminatory, harassing, or threatening content or divulging non-public, sensitive information about the Company that is financial, legal or operational in nature or that contains customer or other information governed by Entrust’s data protection policies. Colleagues are expected to act responsibly, respectfully and with due care.
I saw a post about Entrust that I feel requires a response. Can I respond?
Do not respond to negative posts about the Company on social media. Instead, alert Entrust Public Relations. Public Relations will manage the response to the person who posted the comment—both online and offline. You are welcome to like or share positive comments about our company, products, or services.
May I post on my personal social media about Entrust?
Yes, you can share content that has been posted on the official Entrust LinkedIn, Twitter, Facebook accounts or other official social media channels. Share or copy hashtags and links from our original posts whenever possible to help us relate social sharing to customer response.
As an expert in my area, can I participate in online conversations about my profession?
Subject matter experts may participate in online conversations that reflect their areas of professional expertise. Colleagues may not post content that violates Entrust policies, confidentiality or other agreements with the Company, customers and partners. Where appropriate, colleagues should be clear that their opinions are their own and do not represent the Company. (This guidance should not be interpreted to limit a colleague’s legal rights.)
I’m attending a professional event. Can I ‘live tweet’ or talk about this on social media?
Generally, yes. This kind of social sharing enhances your professional reputation as well as that of Entrust. As always, any post should adhere to Entrust’s policies and avoid prohibited disclosures. As a representative of the Company, use your professional discretion to ensure that your work-related content is professional and in line with our values.
I’m attending a social gathering with Entrust employees. Can I post about this on social media?
If the event is not an Entrust sanctioned event, avoid references to the Company and be careful about what you post in photos or comments from the social gathering. Some photos from a party, for example, may not reflect well on you personally—or on our brand and values. If you do post online, avoid references to Entrust or our social media accounts.
For questions or more information, refer to the Global Public Relations and Social Media Policy. If you are unsure whether something is appropriate to post or want to coordinate your posts with the Company on social media, email [email protected].
Respectful and Diverse Workplace
We promote a safe, diverse and inclusive work environment.
Entrust is committed to creating and maintaining an environment in which all individuals are treated with respect and dignity. Entrust values and celebrates the diversity of our workforce and the uniqueness of every colleague representing all backgrounds and characteristics, including those represented by our many Alliances (employee resource groups). Everyone has the right to work in a professional atmosphere that promotes equal employment opportunities. Entrust prohibits discrimination and harassment and strictly adheres to all applicable labor and employment laws in the countries in which we operate.
All colleagues are expected to demonstrate respect, professionalism, and good judgment in both their work and workplace interactions. This includes, but is not limited to, avoiding behaviors such as:
- Dishonesty, willful omission, or falsification of information;
- Insubordination;
- Carelessness, neglect, or behavior that limits or hinders productive work, including unexcused absences or tardiness;
- Violation of any applicable company policy; and
- Other unprofessional or disrespectful behaviors that could endanger good working relationships or interfere with productivity.
Entrust also strives to provide an inclusive environment where colleagues feel appreciated for their unique characteristics and are comfortable sharing their ideas and authentic selves. We best serve our customers and one another through the diverse skills, experiences, and backgrounds that each of us brings to the company. Our diversity, equity, and inclusion program aims to celebrate, educate, and empower all individuals. Every member of the Entrust team is expected to contribute to a collaborative, positive, and healthy work environment by exhibiting:
- Respect to all colleagues including in how feedback is given and received;
- Inclusive behavior and language; and
- Kindness, politeness, and friendliness towards all colleagues.
Non-inclusive language and behavior, even if unintentional, can have a negative effect on workplace culture. Examples of this include, but are not limited to, misgendering, microaggressions, ableist language, racist or sexist jokes, and disrespectful comments related to any characteristic protected by law. Be mindful of behavior that may demonstrate disrespect, cause others to feel excluded or devalue their contributions.
For questions or more information, refer to the Global Fair Employment Practices Policy and the Global Anti-Harassment Policy or contact your HR Business Partner. For information about Entrust’s diversity and inclusion efforts, visit the Diversity and Inclusion site.
Workplace Violence
We promote a safe, diverse and inclusive work environment.
It is Entrust’s policy and the responsibility of every colleague to maintain a safe workplace free from threats and acts of violence. Colleagues, contractors, and vendors associated with Entrust are prohibited from making threats or engaging in aggressive or violent activities. This includes, but is not limited to, bullying behavior that undermines, patronizes, humiliates, intimidates, or demeans the recipient; stalking in person, in writing, by telephone or in electronic format; making threats; or engaging in physical attacks or property damage. The possession of weapons in the workplace, while conducting company business or at any company-sponsored function is also strictly prohibited.
For questions or more information, refer to the Global Workplace Violence Policy or contact your HR Business Partner.
Impairment-Free Workplace
We promote a safe, diverse and inclusive work environment.
Entrust is committed to providing a safe and drug-free work environment for our customers and colleagues. With this goal in mind, the Company explicitly prohibits colleagues from:
- The use, possession, solicitation of, or sale of narcotics or other illegal drugs, alcohol, or prescription medication without a prescription on company or customer premises or while performing an Entrust assignment.
- The presence of any detectable amount of prohibited substances in the employee's system while at work, while on the premises of the company or its customers, or while on company business. "Prohibited substances" include illegal drugs, alcohol, or prescription drugs not taken in accordance with a prescription given to the employee.
- Possession, use, solicitation of, or sale of legal or illegal drugs or alcohol, or being impaired or under the influence of legal or illegal drugs or alcohol while away from company or customer premises, if such activity or involvement adversely affects the colleague's work performance, the safety of the colleague or of others, or puts at risk the company's reputation.
Colleagues are expected to report unsafe working conditions, including any suspicions that a colleague may be impaired in the workplace. Be aware that what looks like impairment may also be due to medical conditions (e.g., diabetes, epilepsy, or a stroke), the use of medications taken as prescribed, psychological factors, and/or fatigue which is why it is important to report your concern and allow the Company to conduct an independent investigation.
For questions, more information or local policy requirements, contact your HR Business Partner.
Quality
We promote a safe, diverse and inclusive work environment.
Entrust is committed to maintaining high quality standards for our products and services. This is achieved through a culture of continuous improvement and identifying and implementing effective practices and processes to provide products and services that support customer and shareholder objectives.
In support of that effort, Entrust’s Shakopee location is audited annually to International Standard ISO 9001. In addition, cross-functional teams work continuously through the D5 development process, assessment and control of the supplier base, manufacturing control processes, and customer feedback loops to ensure Entrust can monitor relevant components of Quality and continue to improve the way we do business.
How does Entrust ensure the quality of its products?
Entrust has many systems in place to ensure product quality. These include:
- Working with the D5 Product Development Team
- Conducting supplier assessments and continuous Quality monitoring of existing suppliers
- Validating purchased components
- Performing tests, quality checks and audits of manufacturing builds
- Using data feedback loops to ensure Service performance at customer sites
What Quality system does Entrust use?
Entrust’s global headquarters is ISO 9001 certified through an approved certification body. This certification requires a series of internal and external audits conducted annually to ensure compliance with ISO 9001 standards and adherence to existing Entrust processes.
For questions or more information, visit the Quality section of Entrust’s external homepage or contact the Global Quality Manager.
Environmental, Social & Governance Program
We promote a safe, diverse and inclusive work environment.
Entrust’s ESG program drives initiatives to support the environment; promote diversity, equity, and inclusion; ensure ethical business conduct; and positively impact the communities where we live and work. Our ESG focus areas include the following:
- Enhancing access and affordability for our products and services
- Ensuring ethical business conduct by our colleagues and business partners
- Contributing to the communities where our colleagues live and work
- Protecting and securing the data we hold
- Promoting diversity, equity and inclusion amongst our colleagues and suppliers
- Reducing our carbon footprint and driving enhanced sustainability of our products
- Combating child and labor trafficking
- Increasing product quality and safety
Environmental
Entrust is committed to being an outstanding corporate citizen and to minimizing the impact of our business, products, and services on the environment. Entrust accomplishes this through operation of an Environmental Management System (EMS) that is audited annually to International Standard ISO 14001. This ISO standard sets forth the elements of an organizational structure that ensures adherence to applicable environmental standards and regulations as well as monitors and sets goals for continuous improvement.
What are Entrust’s most significant environmental wastes?
Entrust’s three most significant environmental wastes are hazardous waste, electronics waste, and packaging waste.
Has Entrust made improvements to reduce our impact on the environment?
Yes, Entrust has made significant improvements such as retrofitting facilities with LED lighting to reduce energy usage and eliminating disposable Styrofoam cups from facility service centers to reduce solid waste. Additionally, Entrust has developed its Greenhouse Gas (GHG) inventory and baseline carbon emissions for Scopes 1 and 2 in furtherance of its commitment to be carbon neutral (“Net Zero”) by 2050.
What environmental management system does Entrust use?
Entrust’s global headquarters is ISO 14001 certified through an approved certification body. This certification requires a series of internal and external audits conducted annually to ensure compliance with ISO 14001 standards and adherence to existing Entrust processes.
For more information, visit the Environmental site
Workplace Health and Safety
At Entrust, safety is a high priority. For the wellbeing of each individual and the Company, all colleagues must be conscious of safety risks and take reasonable steps to mitigate those risks where possible. Maintaining a culture of safety requires a team effort to identify and correct unsafe conditions. Colleagues are encouraged to report hazards and safety concerns to their managers so that Entrust can continue to build and maintain a safe and efficient workplace.
For questions or more information about the Shakopee, MN headquarters location, visit the Safety site. For other Entrust locations, contact local management for applicable policies.
Reporting a Concern
We promote a safe, diverse and inclusive work environment.
Entrust is committed to the highest possible standards of ethical, moral, and legal business conduct. In conjunction with this commitment, you must report serious concerns of wrongdoing or danger in relation to business activities that could have a large impact on the Company, such as actions that:
- Are unlawful;
- Are not in line with company policy, including the Code of Ethics;
- May lead to incorrect financial reporting;
- Otherwise amount to serious improper conduct.
All good faith reports can be made without fear of retaliation. You can contact:
- Your supervisor or manager
- Human Resources
- Legal
- A trusted member of management
- [email protected]
Regardless of the nature of your concern, you may also report anonymously through the Ethics Hotline. The Ethics Hotline is available 24/7, 365 days a year by telephone or website. The hotline is staffed by an independent third party and not by Entrust colleagues.
Website:entrust.ethicspoint.com
Toll-Free Telephone:
- USA, Canada, and Puerto Rico: 855-689-1303
- All other countries: Click here for access codes and dialing instructions.
The earlier a concern is expressed, the easier it is for the Company to investigate and/or take appropriate action. We take all reports of alleged violations seriously. Although you are not expected to prove the truth of an allegation, you must demonstrate through the information you provide that there are sufficient grounds for concern. Reporting malicious or knowingly false allegations may result in disciplinary action, up to and including termination. You have a duty to bring all compliance and ethics concerns forward and to cooperate, in both internal and external investigations pertaining to Entrust.
Anti-Retaliation Policy
Entrust will not tolerate any retaliation of an individual based on knowledge or suspicion that the individual has reported a concern either through the Ethics Hotline or directly to management, Legal department, Human Resources or [email protected]. If you feel that you have been retaliated against for raising a concern in good faith, you should immediately notify your manager or Human Resources.
Conclusion
We promote a safe, diverse and inclusive work environment.
Compliance with the Code is a condition of your employment. If you have questions about the Code of Ethics, please email us at [email protected].
Thank you for everything you do to ensure we remain a trusted partner to our customers and to one another.