Mandatory principles January Information Security Code for Nestlé Suppliers

Similar documents
AS Merko Ehitus CODE OF BUSINESS ETHICS

Corporate Code of Ethics

CODE OF CONDUCT. for Suppliers and Business Partners

Corporate Code of Conduct

OMNI TECHNICAL SOLUTIONS. Business Ethics, Compliance, Anti-Corruption and Anti-Money Laundering Policy

CODE OF ETHICS ZERO TOLERANCE - BRIBERY AND CORRUPTION ADVANTAGE

Business Ethics Policy

OUR CODE OF ETHICS. June 2013

Samsung Engineering Co., Ltd.

Standards of. Conduct. Important Phone Number for Reporting Violations

CODE OF ETHICS AND BUSINESS CONDUCT

CODE OF BUSINESS CONDUCT AND ETHICS

Business Ethics Policy

How To Comply With The Supplier Ethics And Compliance Policy Of Xilinx

TO GAS TRANSMISSION OPERATOR GAZ-SYSTEM S.A.

For personal use only

DRAFT. Anti-Bribery and Anti-Corruption Policy. Introduction. Scope. 1. Definitions

Supplier Code of Conduct. Effective May 1, Ethics. Matters

Supplier Integrity Guide

How To Be A Responsible Corporate Citizen

COMPLIANCE PROGRAM FOR XL GROUP PLC

Code of Conduct. Code of Conduct, 2009 Version 1.0

Business Conduct, Compliance and Ethics Program. important

ETHICS. Code of Conduct for Service Providers

Destiny Media Technology s Code of Conduct

15 December Crime Prevention and Anti-Fraud Policy

Anti-Bribery and Corruption Policy (including Gifts and Hospitality)

Revised 05/22/14 P a g e 1

CIS COMPLIANCE PROGRAMME

INSTITUTE OF TRANSLATION AND INTERPRETING

BUSINESS CONDUCT POLICY

EADS-NA Code of Ethics

EXTRA SPACE STORAGE INC. CODE OF BUSINESS CONDUCT AND ETHICS

BERKSHIRE HATHAWAY INC. CODE OF BUSINESS CONDUCT AND ETHICS

The supplier shall have appropriate policies and procedures in place to ensure compliance with

Business Ethics and Code of Conduct. Executives and employees. Global Connections Pcl.

Information Integrity & Data Management

Macarthur Minerals Limited CODE OF CONDUCT. February 2012

GROUP POLICY MANUAL CODE OF CONDUCT AND ETHICS POLICY

Business Ethics Policy

Johnson Electric Group Code of Ethics and Business Conduct

Data Processing Agreement for Oracle Cloud Services

MERCK BUSINESS PARTNER CODE OF CONDUCT

ELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS

PHILIPPINE LONG DISTANCE TELEPHONE COMPANY CODE OF BUSINESS CONDUCT AND ETHICS

Crime Prevention and Anti- Fraud Policy of Gamesa Corporación Tecnológica, S.A. (March 23, 2011)

Copyright 2012, General Dynamics Information Technology. All Rights Reserved.

January GROUP CODE OF CONDUCT

Platform Specialty Products Corporation Foreign Corrupt Practices Act/Anti-Corruption Policy

Amvest Code of Conduct Designed to promote honest, transparent, prudent and socially responsible conduct

CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS

MEAD JOHNSON NUTRITION COMPANY CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS

Sustainable Supplier Charter. UNIT4 Business Procedures

Fraud Risk Management Procedures

[Translation] 1. Audit Practice Standards for Internal Control Systems

Code of ethics 17/12/13

NextEra Energy Supplier Code of Conduct

Exhibit 2. Business Associate Addendum

California Mutual Insurance Company Code of Business Conduct and Ethics

CODE OF ETHICS AND CONDUCT

1. Compliance with Laws, Rules and Regulations

Office 365 Data Processing Agreement with Model Clauses

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA)

NRG ENERGY, INC. SUPPLIER CODE OF CONDUCT. Revision 1, Released June 10, 2014

BARRICK GOLD CORPORATION

Information Security Management System (ISMS) Policy

Global Code of Conduct

1. Understanding and application of Moelven's Code of Conduct

CODE OF CONDUCT AND BUSINESS ETHICS

Ethical Corporate Management Best Practice Principles for Chunghwa Telecom Co., Ltd.

Statement of Procurement Conduct

a. employees Company; or

Helix Energy Solutions Group, Inc. Code of Business Conduct and Ethics

EAGLE PARENT, INC EPICOR SOFTWARE CORPORATION ACTIVANT SOLUTIONS, INC. UK ANTI-BRIBERY AND CORRUPTION POLICY. (As Adopted July 2011)

Conflicts of Interest Policy

Mission Statement. Vision. Values. Introduction

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Group Policy 1. INTRODUCTION 2. BUSINESS INTEGRITY Honesty, Integrity & Fairness

CODE OF CONDUCT ASSOCIATES

Compliance Policy ALCO recommended standard

PRADA Group. Code of Ethics

PHILIP MORRIS INTERNATIONAL INC.

We will pursue our business with honor, fairness, and respect for the individual and. the public at large ever mindful that there

AIRBUS GROUP BINDING CORPORATE RULES

UNIVERSAL INSURANCE HOLDINGS, INC. CODE OF BUSINESS CONDUCT AND ETHICS. Revised as of March 3, 2014

CODE OF BUSINESS CONDUCT AND ETHICS

Minerals Technologies Inc. Summary of Policies on Business Conduct

Third Party Code of. Business Conduct and Ethics

TCO Certified Self-assessment Questionnaire

PRINCIPLES OF CORPORATE GOVERNANCE FOR SUPERVISED INSTITUTIONS

Business Associate Agreement

Standard conditions of purchase

CORPORATE ETHICS CODE of JSC TransContainer

company policy number 0001 LEGAL AND ETHICAL CONDUCT

CUBIC ENERGY, INC. Code of Business Conduct and Ethics

BUSINESS ASSOCIATE AGREEMENT ( BAA )

HSS Specific Terms HSS SOFTWARE LICENSE AGREEMENT

Drawn up by the Board of Management on 26 October 2015 and approved by the Supervisory Board on 2 November Effective as of 1 January 2016.

BUSINESS PRINCIPLES FOR COUNTERING BRIBERY A MULTI-STAKEHOLDER INITIATIVE LED BY TRANSPARENCY INTERNATIONAL

Corporate policy statement on ethical business practices of BCD Travel

Transcription:

Mandatory principles January 2016 Information Security Code for Nestlé Suppliers

Mandatory principles January 2016 Issued by Nestlé Information Security Target group Suppliers and subcontractors of Nestlé Česko s. r. o. (hereinafter Nestlé ) Revised by Information Security Manager LGO Manager Corporate Affairs Director Legal Division Director Procurement Director Approved by General Director Nestlé Česko, s. r. o, January 2016 Version 1.0 Copyright All rights belong to Nestlé Česko, s. r. o.

Introduction to the Information Security Code for Nestlé Suppliers 1. Purpose The Nestlé Information Security Code for Suppliers defines the minimum level of information security, to be respected and adhered to by the suppliers and their subcontractors (hereinafter the Supplier ), as required by Nestlé. This document contributes to the continuous implementation of the commitment of Nestlé to maintain a secure internal and external information environment resulting from international safety standards, such as ISO/IEC 27001 (hereinafter referred to as information security management system ). 2. Scope The Information Security Code sets forth expectations for suppliers with whom Nestlé does business, including its parent, subsidiary or affiliate entities, including all employees (including permanent, temporary, contract agency and migrant workers), upstream suppliers and other third parties, as well as all others cooperating with the Supplier in Nestlé data processing. The Supplier shall take full responsibility for the subcontractors and other third parties whose services it uses to comply with the obligations of the Nestlé Supplier originating from this Code. It is the responsibility of the Supplier to expand its technological development in connection with information security, employee awareness and conscientiously verify compliance of their environment with this Code, among its employees, agents and lower tier suppliers, wherever relevant. 4. Continuous Improvement Nestlé recognizes that achieving the standards established in this Code is a dynamic process, and encourages the Supplier to continually improve their processes and operations. Should an improvement be required, Nestlé will provide support to ensure the enhancement of mutual information security. 5. Application The acknowledgement of the Information Security Code is a prerequisite, as well as in the case of the Supplier Code, for the conclusion of every Nestlé contract for supply. By accepting the Purchase Order with reference to the Information Security Code, the Supplier commits that all its processes and operations are in accordance with the provisions contained in this Code. The pillars of the Information Security Code are complementary to and do not substitute security measures contained within any legal agreement or contract between the Supplier and Nestlé. 3. Compliance Nestlé expects that the Supplier shall comply with all applicable laws and regulations, and above all those regulating the pillars described herein, and will seek to comply with international safety standards and best practices. Additionally, in line with the management of suppliers within the information security management system in accordance with the Nestlé Supplier Code, Nestlé reserves the right to verify compliance of actions and procedures of the Supplier with the Information Security Code and the conditions arising out of the specific contractual relations between Nestlé and the Supplier through internal or external evaluation and audit mechanisms and require the implementation of changes resulting from audit requirements or requirements supplementing the Nestlé information security management system. The supplier is obligated to remedy the identified deficiencies at own expense. Information Security Code for Nestlé Suppliers -4-

Pillars of Nestlé Information Security Code for Suppliers 1. Transparent information relations Openness and transparency are key to creating a sense of confidence and credibility in the transfer of data between business entities. Nestlé expects the Supplier to comply with basic concepts to avoid conflicts of interest and abstain from corruption activities in connection with Nestlé. The Supplier under no circumstances shall tolerate corruption behaviour and strives to ensure that the employees, subcontractors or representatives do not accept, offer or give out bribes, unauthorized gifts or other improper payments or other benefits to customers, public officials or third parties. The Supplier shall keep in mind the applicable laws, especially the Act on Protection of Competition. The Supplier shall not conclude agreements contrary to the rules of competition with competitors, suppliers or customers and shall not abuse any potential dominant position in the market. In connection with this Code, the Supplier shall particularly care about ethical handling of data in their electronic exchange amongst the commercial entities. 2. Data Protection By observing this Code, the Supplier undertakes to set up an adequate level of managed data protection corresponding to the nature and purpose of the data for which these data are used. The Supplier shall be able to protect all data that may, if made public or disclosed, cause significant damage to the reputation of or financial loss to Nestlé. The Supplier shall respect the confidential information, know-how, operational and business secrets of Nestlé. Such information shall not be provided to third parties without the prior express written consent of Nestlé and shall not be disseminated in any other unauthorized manner. Data protection shall be ensured during transmission over public networks as well as private network of the Supplier. Data protection also applies to the Supplier s data storage. Data must be protected against damage, unauthorized use, and must not be disturbed in terms of availability, confidentiality and integrity. The Supplier shall ensure that the data is properly stored, and if requested by Nestlé, returned back to Nestlé 3. Protection of personal and sensitive data Nestlé expects that the Supplier shall comply with all applicable laws and regulations regarding the protection of personal data and sensitive data. These are all personal and sensitive data that are processed by the supplier in connection with services provided to Nestlé. The Supplier shall ensure that access to Nestlé personal and sensitive data and other confidential data is provided only to authorized users and is required to verify the identity of the authorized persons. The Supplier shall ensure that Nestlé s personal data and sensitive information are not kept for a longer period than is necessary for the provision of services, unless the continued storage of Nestlé s personal data is required by law. Upon request, the Supplier shall be able to provide a confirmation of the destruction of Nestlé s personal or sensitive data. 4. Ability to respond The Supplier has established mechanisms to detect information security events and incidents involving Nestlé data. The Supplier shall be able to report these events and incidents as soon as possible to Nestlé to reduce the potential overall impact. The Supplier undertakes not to issue any press release or public announcement related to a completed or incomplete incident or event involving any Nestlé data, or information related to Nestlé, without obtaining consent from Nestlé, unless explicitly required by law or any other legislation. Reporting violations The supplier shall report any suspected violations of regulations, laws and the Information Security Code for Suppliers. Violations should be reported to the contact person in Nestlé or may be reported confidentially by using one of the available channels: e-mail address in case of suspicion of an event or incident: information.security@cz.nestle.com. Hotline for very serious incidents: +41 21 924 22 22. -5- Information Security Code for Nestlé Suppliers

Acknowledgement Supplier s Acknowledgement (If required by the Nestlé s Purchasing division) We, the undersigned, hereby confirm that: We have received and taken due notice of the contents of the Nestlé Information Security Code for Suppliers, dated 2016, published by Nestlé Česko s. r. o. We are aware of all the relevant laws and regulations of the countries in which our company operates and Nestlé Česko s. r. o. We shall report to Nestlé S.A any case of suspected violation of the Information Security Code for Suppliers. We shall comply with the requirements of the Information Security Code for Suppliers. We shall inform all our employees / subcontractors of the contents of the Nestlé Information Security Code for Suppliers and ensure that they observe the measures contained therein. We hereby authorise the company Nestlé Česko s. r. o. or any organizations acting on behalf of Nestlé Česko s.r.o. to carry out audits with or without notice at our premises and the business premises of our subcontractors at any time to verify compliance with the Nestlé Information Security Code for Suppliers. We are aware that if we do not adhere to basic principles of this Nestlé Information Security Code for Suppliers, Nestlé reserves the right to take appropriate legal action and to reconsider further cooperation with us. Name of Company Signature/Stamp Name and function Entry in the Commercial Register/Corporate identity/code/number Date and place This document must be signed by an authorized representative of the Supplier and returned to the Nestlé Purchasing division. Information Security Code for Nestlé Suppliers -6-

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information