TRANSPARENT AND RESPONSIBLE BUSINESS CONDUCT
Why it is important to us
Trust is something that is difficult to establish and easy to lose. As a company we are dependent on trust from all our stakeholders to function and to thrive. And nothing builds trust as good corporate governance.
The Data Respons Code of Conduct
Stakeholders’ expectations regarding responsible business conduct are constantly changing. Although our core principles and standards remain the same, we have gathered all relevant policies into a Code of Conduct (CoC) to ensure that we stay ahead of the development. The Code of Conduct is built on Data Respons’ values and, together with our policies and procedures and applicable laws and regulations, provide a framework for what we consider responsible conduct. Our Code of Conduct supersedes any policy and any strategy. It is also mandatory for all employees to read and incorporate the CoC. The Code of Conduct is made with the intention to always do the right thing, even when nobody is watching. Data Respons is committed to respecting and promoting human rights of all individuals potentially affected by our operations. We respect the fundamental principles set forth in the Universal Declaration of Human Rights and related UN documents.
Transparency a responsibility
As a listed company and company subject to Norwegian law we of course deliver on all requirements regarding transparency, independence and standards. However, this ESG report is a concrete ambition to upping the ante on good corporate governance. In our annual reports we operate with a complete transparency when it comes to compensation, benefits and shares. In 2019 we upgraded our whistle-blower service, making it easier for every employee to report any transgression.
A responsible value chain
We acknowledge that we do not operate in a vacuum and that we have responsibilities and obligations throughout our value chain. We have therefor made a set of Supplier Conduct Principles (SCP) that ensures our corporate governance standards follows our products and services from start to finish. Ensuring a responsible supply chain is important to Data Respons as it helps prevent disruptions in supply as well as potential reputational risks. Within its sphere of influence, Data Respons strives to ensure that its suppliers follow the principles set out in the SCP.
Data Respons performs audits of both new and existing suppliers based on both desk research and onsite visits. Audit schemes and processes differ from division to division depending on risk levels and operational contexts. Data Respons divisions that manufacture hardware have adopted a systematic evaluation process for all new suppliers containing several steps of scrutiny to ensure compliance with Data Respons’ policies. Key suppliers of manufacturing entities are evaluated through internal formal visits, reviews and evaluations in order to ensure that they strictly respect the Data Respons Code of Conduct. Third party assessment is used in cases where an issue cannot be verified directly with the supplier
Data security and integrity
As we detect and prevent thousands of attempts of cyber-attacks every year, we are constantly developing our security efforts, in line with the external and internal threat picture. We realize that advanced security solutions are needed to handle a wide range of cyber threats. Our foremost task is to protect our customers’ data in compliance with relevant authorities and legal frameworks Data security and integrity are critical issues for the Data Respons Group for a number of reasons. In addition to existing country data protection regulations, the EU General Data Protection Regulation (GDPR) became effective on May 25, 2018. The GDPR regulates the protection of Personal Data (PD) that companies collect and process.
Under the GDPR, Data Respons has firm legal requirements to protect against PD breaches and specific timelines within which to report and communicate applicable breaches to affected personnel. The GDPR requirements extend to all vendors that Data Respons uses to collect, store and process PD on its behalf.
Data security and integrity is managed at Data Respons through a combination of Group wide and complementary daughter company policies and processes. Information security is managed within each subsidiary with oversight at a Group level. Data Respons will continue to implement Information Security programs aimed at improving the overall security posture of the company. The programs will focus on both preventative and reactive measures to ensure Data Respons remains resilient to the rapidly changing threat landscape.
Boards of Directors and committees
Data Respons’ organisation is structured and managed in accordance with the Norwegian Code of Practice for Corporate Governance. The Board of Directors states that Data Respons has complied with the code throughout 2019. The Board of Directors’ report on corporate governance is available at the group’s website: www.datarespons.com/investors. Nomination committee Data Respons has incorporated in the articles of association that the group should have a Nomination Committee for the Board of Directors. The Annual General Meeting elects the Nomination Committee. The Committee makes proposals to the General Meeting regarding the election of shareholder-elected members to the Board and proposes remuneration of the Board of Directors. The Annual General Meeting decides the remuneration of the Nomination Committee. The members of the Nomination Committee should be selected to take into account the interests of shareholders in general and the majority of the Committee should be independent of the Board of Directors and senior management. The Committee comprises of three members, none of which are Board members or employees at Data Respons. The Committee involves shareholders, Board members and the CEO in proposing candidates to the Board of Directors. Shareholders can propose candidates through the group website. The Nomination Committee proposes the remuneration of the directors for the coming year to the General Meeting. Proposals from the Nomination Committee are justified, and the proposals are made available on the group’s website along with the invitation to the AGM. The current members of the Nomination Committee are Bård Brath Ingerø, Fredrik Thoresen and Christian Dahl. In addition, Data Respons has an Election Board for the election of employee representatives to the Board of Directors. The Election Board comprises three members, which are employed at Data Respons. Board of Directors The Board of Directors is composed in a way that enables it to maintain the interest of the majority of the group’s shareholders. Each Board member is presented on our website (www.datarespons.com/investors), including information about age, skills and experience, and share ownership in Data Respons. The composition of the Board of Directors complies with the requirement that the Board be independent from the group management, and independent from major business associates of the group. Management is not represented on the Board of Directors. At least two of the members of the Board elected by shareholders are independent of Data Respons’ main shareholders. The Chairman of the Board of Directors and other Board members are elected by Data Respons’ shareholders in the General Meeting. Board members are elected for a term of one year until the next Annual General Meeting. Board members are encouraged to own shares in Data Respons. Page 13 of the annual report provides a detailed description of the individual members’ backgrounds, qualifications and shareholdings. The work of the Board is governed by detailed rules of procedure. The Board has an annual program of work including specific topics and fixed items, such as the approval of the annual financial statements, interim financial statements and budgets. The Board is also responsible for overall strategy and for setting long-term goals, as well as important decisions about acquisitions, establishment of new operations and major investments. The Board of Directors evaluates its performance and competence annually. A Board member shall not participate in the discussions or decisions of any matters that are of particular personal or financial interest to them or to any related party. In 2019, there were seven directors on the Board, five of whom were elected by the General Meeting and two of whom were elected by the employees. In 2019, the Board held a total of ten meetings. In 2019, there were four men and three women on the Board.
Audit Committee The Board has appointed an Audit Committee that provides assistance to the Board in fulfilling their responsibility to the shareholders, potential shareholders and investment community relating to corporate accounting, reporting practices of the group, and the quality and integrity of the financial reports of the group. As part of this process, the external auditors participate in several meetings of the Audit Committee. In carrying out its responsibilities, the Audit Committee should ensure that the corporate accounting and reporting practices of the group are in accordance with all legal requirements and are of the highest quality. The Audit Committee comprises of two Board members. Compensation Committee The Board also appoints a Compensation Committee comprising two Board members. The Board’s Compensation Committee is a subcommittee of the Board of Directors of Data Respons ASA and is independent of management. Its role is to prepare for the Board’s discussions of questions involving compensation. The Compensation Committee is responsible only to the full corporate Board and its authority is limited to making recommendations to the Board. Risk management and Internal control The Board of Directors oversees the quality of Data Respons’ risk management and ensures that the internal control functions are aligned with our business objectives and sufficiently take into consideration the scope and nature of the group’s operations. The Board of Directors evaluates, at least annually, the group’s most significant risks and the related internal control measures in place. The Board of Directors oversees and evaluates the group’s internal control and risk management functions related to financial reporting. The management is responsible for establishing and maintaining adequate internal control of financial reporting. The objective of the internal control of financial reporting is to provide reasonable assurance regarding the reliability of financial reporting and the preparation of Data Respons’ financial statements for external reporting purposes in accordance with International Financial Reporting Standards. The Board of Directors evaluates the effectiveness of internal control of financial reporting annually. As part of the audit of the financial statements, the external auditor reports on the effectiveness of internal controls related to financial reporting to the Audit Committee and the Board of Directors at least once every year.
A key ambition is to onboard all 1400 employees on our new Code of Conduct, and integrate it the culture of our subsidiaries. We want to make certain that our supply chain is following the same principles we have in the company .
We will make sure the Code of Conduct is part of all onboarding programs in the company. We will also conduct supplier audits in 2020 to ensure that our value chain is in accordance with our principles and requirements.