OBSIDIAN SECURITY, INC.
Obsidian Security, Inc. is a global enterprise leader in security. We work with industry-leading companies and hold both ourselves and our vendors, partners, distributors and suppliers (each a "Supplier" and collectively "Suppliers") to the highest standards of integrity, compliance, safety, and security. This Code of Conduct provides important information about Obsidian’s expectations for Supplier operations and behavior. Suppliers should have policies and/or procedures that ensure that they and any subcontractors meet the following minimum requirements:
Comply with Laws: Supplier must comply with all laws and regulations applicable to its business, whether or not specifically identified in this Code of Conduct, including, but not limited to laws governing: data protection, privacy, AI, corruption, bribery, labor, employment, health and safety, sustainability, sanctions, trade, export compliance, and anti-money laundering.
Maintain a Security and Privacy Program: Supplier must maintain a security and privacy program that aligns to industry standards, including, where appropriate, SOC2, ISO 27001, and the NIST Privacy and Cybersecurity Frameworks. The program should include regular testing of Supplier’s environments and the processes and procedures used to protect the security and integrity of and prevent unauthorized access to Supplier and its customers’ data (including personal data) and information. Applicable laws include the EU and UK GDPR, India DPDPA, US CCPA, Canada PIPEDA, and Brazil LGPD.
Develop and Use Artificial Intelligence (AI) Ethically and Responsibly: When developing or using AI, Supplier must be responsible, ethical and compliant with all applicable laws and regulations including the EU AI Act.
Do Not Offer Bribes: Supplier must not offer cash, favors, gifts, or entertainment in exchange for anything of value or material advantage. Supplier may give modest gifts of appreciation (including entertainment) that are considered customary in its industry. Laws governing Supplier’s conduct include the OECD Anti-Bribery Convention, U.S. Foreign Corrupt Practices Act, UK Bribery Act and France Loi Sapin II.
Treat Everyone with Respect and Do Not Discriminate: Supplier must not allow abuse or harassment of its employees, contractors or third parties or discriminate based on any characteristic protected under applicable law including, but not limited to, race, gender, sexual orientation, religion or belief.
Pay Owed Wages and Taxes: Supplier must timely compensate all workers with wages (including overtime as required), benefits, and social contributions in accordance with law, including local minimum wage requirements. Working hours must be limited according to applicable law, including breaks. Overtime should be voluntary and not replace regular employment. Supplier is responsible for paying all taxes owed to taxing authorities under applicable law.
No Slavery, Child Labor or Human Trafficking: Supplier must not engage in slavery, child labor or human trafficking or require workers to (i) surrender original identification papers or documents; or (ii) pay fees for the right to work or to terminate their employment. Supplier must comply with the UK Modern Slavery Act.
Ensure Health and Safety of Workers and Facilities: Supplier must provide safe, healthy, and sanitary working environments. Supplier must take reasonable steps to prevent workplace hazards, and work-related accidents and injuries. Applicable laws include US OSHA, UK Health and Safety at Work Act 1974, German Occupational Safety Act (Arbeitssicherheitsgesetz), India The Occupational Safety, Health and Working Conditions Code, 2019.
Do Not Punish Whistleblowing: Supplier must not retaliate against anyone who has, in good faith, reported violations of or sought advice regarding this Code of Conduct. Supplier must make the following contact information available for reporting violations or to submit questions and comments to Obsidian: Obsidian Security, Inc., 577 College Ave, Suite 200, Attn: Legal Department, Palo Alto, CA 94306 or via email to legal@obsidiansecurity.com.