Integrated Management System Policy for Iterants

  • Home
  • Integrated Management System Policy for Iterants

1. Objective:

We are committed to information security, to protecting the confidentiality, integrity, availability and treatment of data and resources, to the quality and efficiency of our products and services, social responsibility and environmental protection, anti-bribery practices, transparency, integrity, ethics, excellence and compliance with the law in all our operations, business relationships and in the management of our supply chain. We recognize that each iterant plays a critical role in achieving these goals. Therefore, this policy establishes the minimum expectations and requirements that must be followed by all human talent working with our organization and thus contribute to a resilient, quality, safe and secure environment for all and make a positive difference in our workplace and in the world around us.

2. Scope:

All iterants are responsible for ensuring compliance with the policy in the exercise of their functions no matter where they are located or their role. It is applicable to others acting on behalf of It Era, any project, deal, contract or negotiation with customers/business partners/businesses and suppliers whether in the public or private sector.

3. Roles and responsibilities:

RoleResponsibility (See details in the IMS (Integrated Management System) User Manual)
Governing Body
  • Understands, complies with, and applies the requirements of the integrated management system as it pertains to their role in the organization.
Director of Human Talent
  • It has the authority and independence of the anti-bribery compliance function, oversees this policy and helps iterants understand and comply with it, however, the responsibility for compliance will continue to reside with the iterants.
  • Provides advice to the iterant on what to do if they face a problem or situation related to this policy.
  • Execute disciplinary measures according to the sanctions matrix in the event of any breach of the policy.
Senior Management
  • Establish, maintain, and review this policy to ensure compliance with applicable laws appropriate to the purpose of It Era. Responsible for compliance with this and additional modifications thereof.
  • It ensures that iterants under its supervision and authority comply with this policy.
  • Understands, complies with, and applies the requirements of the integrated management system as it pertains to their role in the organization.
  • Provides advice to the iterant on what to do if they face a problem or situation
Leaders or Directors
  • Observe that the requirements of the integrated management system are applied and complied with in their area.
  • Always adhere to the highest standards of conduct in order to protect reputation in conducting fair and honest negotiations.
  • Provides advice to the iterant on what to do if they face a problem or situation related to this policy.
Iterating
  • Knows, understands, complies with and applies the requirements of this policy and the processes as they relate to their role in the organization, see Process Architecture.
  • Always adhere to the highest standards of conduct in order to protect reputation in conducting fair and honest negotiations.
  • Actively participates in the training and capacity building activities of this policy.

We require all iterants to commit to these practices related to:

4. Safety:

  • ACCESS TO SYSTEMS AND DATA NECESSARY TO PERFORM ITS FUNCTIONS: Only collect and retain personal data that is relevant and limited to what is necessary for specific, legitimate purposes and ensure that it is accurate, if it needs to be updated. To process the data in a lawful, loyal and transparent manner in relation to the interested party, to obtain their consent, if it is decided to process them for purposes other than the original ones.
  • PROTECT IT ERA’S CONFIDENTIAL INFORMATION AND RESOURCES: Maintain the confidentiality, integrity, availability, authenticity, and traceability of information, not disclose it to unauthorized persons or extract it. Use personal data and resources only for authorized business purposes, store them securely, and prevent their misuse. Do not install unauthorized software on systems, or use pirated or unlicensed software. Follow the ESTABLISHED SECURITY POLICIES to send emails, download files, use the internet and thus have data protection against cyber threats.
  • FOLLOW PASSWORD AND ACCESS POLICY: Consider established policy to use multi-factor authentication when possible, regularly create and change strong passwords, and protect passwords from unauthorized access, loss, destruction, or alteration.
  • PROTECT IT ERA’S PHYSICAL ASSETS: Protect computer equipment, mobile devices, and documents from theft, loss, and damage. Follow established physical security measures, such as locking workstations when not in use, having clean desks, and restricting access to sensitive areas and network. Ensure the rapid and efficient recovery of services, in the face of any physical disaster or contingency.
  • PARTICIPATE IN THE ANNUAL TRAINING: Commitment to participate in the information security and data protection awareness carried out by the delivery force area, to be aware of threats and good security practices. Cooperate on security drills and awareness tests to improve preparedness for potential attacks and security incidents.

5. Quality and Environment:

  • MEET OUR CUSTOMERS’ REQUIREMENTS AND EXPECTATIONS REGARDING QUALITY AND PERFORMANCE OF PRODUCTS AND SERVICES: Commitment to compliance with established internal and customer-specific requirements.
  • SYSTEMATIZE PROCESSES: Monitoring and control of processes and activities based on indicators that contribute to implementing actions to improve services.
  • TAKE A PROACTIVE APPROACH TO PREVENT DEFECTS AND NON-CONFORMITIES IN OUR PRODUCTS AND SERVICES: In order not to correct them after they occur, this includes identifying and eliminating the root causes of quality problems to prevent their recurrence. If applicable, separate all debugging activities, these will be independent of the testing activities.
  • PROVIDE EXCEPTIONAL CUSTOMER SERVICE: Respond quickly to your needs and concerns to ensure your satisfaction and exceed your expectations.
  • ENSURE COMPLIANCE WITH DEADLINES: Consider the execution of agreed deadlines for work, creating internal relationships and relationships with clients based on trust, transparency and mutual respect.
  • MINIMIZE OUR ENVIRONMENTAL IMPACT: Have sustainable production practices and operations.
  • REDUCE THE CONSUMPTION OF NATURAL RESOURCES AND THE GENERATION OF WASTE as far as possible in activities such as recycling, reusing, efficient use of energy, water, materials and extending the commitment to suppliers and subcontractors to prevent pollution.
  • GUARANTEE HEALTH AND SAFETY CONDITIONS: Place special emphasis on the prevention of occupational risks, applying at all times the legal requirements in this area.

6. Anti-bribery:

PREVENT BRIBERY: Any form of bribery and corruption directly or indirectly in relation to performance bonuses, transaction, project, activity or corresponding relationship is prohibited. Recognize alerts with business partners/businesses or suppliers and respond appropriately following the policy. Evaluations (challenge and compensation agreements), including bonuses and incentives, may inadvertently encourage participation in bribery (e.g., threat of loss of the bonus). Violating this policy in order to improve your performance rating (e.g., achievement of sales goals) is not acceptable. Review and approve each Q by the leader, the results of evaluations, additionally, the head of anti-bribery compliance, Director of Human Talent, reviews and verifies that there are reasonable guarantees in place based on the compensation plans.

  • PROHIBIT INAPPROPRIATE GIFTS, HOSPITALITY AND INVITATIONS: Refrain from offering, giving or receiving business hospitality (gifts, meals, gifts and hospitality) that may give the impression of unduly influencing a commercial/official decision or be perceived by a third party, as a bribe or incentive, even if the recipient did not intend it to serve this purpose. Any attention must be legitimate, reasonable and proportional. These rules do not apply to gifts or invitations offered by It Era to its own employees.
    • It is allowed to offer customers and suppliers business hospitality of a reasonable value (maximum USD $ 1,000 per BL annually), where its frequency and sum do not have to exceed the defined amount. It is not allowed to offer care to people who are in a position to award contracts or approve permits, certificates or payments.
    • It is allowed to receive business attention, but not for a higher value than what we are authorized to give.
    • Never offer, solicit, give, or accept cash. ○ Make payments only for procedures of the client or public body, by applicable laws and regulations.
    • Make trips only necessary for the proper performance of the functions of the client’s representative or public official. The payment of the same, accommodation and necessary food are directly associated with a reasonable travel itinerary. If possible, notify the supervisor or employer of the public official or anti-bribery compliance function of the travel and hospitality to be provided.
    • To approve in advance business hospitality or payments by the General Manager, when these exceed the value and/or frequency defined or different from the above. These are conducted openly and monitored (see financial controls in process Accounting and Finance). In all cases where there is an exception, notify the Human Talent area. ○ It is forbidden to pay expenses of family members, friends, vacations or recreation.
  • PARTICIPATING IN EVENT SPONSORSHIPS AND DONATIONS: Events may be sponsored or contributions made to charities for marketing, commercial, educational, social, or other legitimate business purposes. Ensure that funds are used for their intended purpose, are not diverted and reach the right recipients. These present the risk of being used for corrupt purposes to gain undue business influence. It Era does not tolerate or allow this type of behavior.
    • Do not direct sponsorships or corporate donations to an individual, only to an authentic organization.
    • Not to use It Era funds, property, or other resources to make contributions or offer things of value to candidates, members, or political parties. No personal contribution made for political purposes is refunded. There is freedom to participate in political activities in their free time and on their own account, as long as this does not interfere with the exercise of their functions in the company and does not do so on behalf of It Era.
    • Conduct due diligence on the charity or other recipient to determine if they are legitimate and not being used as a channel for bribery.
    • It is allowed to make contributions, sponsorships or holding events for well-known charities, which do not pose special problems and which are modest in amount (below USD $ 2,000 usually annually), they cannot subdivide a contribution into smaller amounts, so their frequency and their sum does not have to exceed the defined amount. They can be carried out without prior approval.
    • Payments intended to influence, or that may reasonably be perceived as influencing, to obtain a tender or other decision in favor of It Era are prohibited. Avoid making contributions immediately before, during, or after contract negotiation. Ensure that payment is permitted by applicable law and regulations.
    • To pre-approve payments that may create special concerns by the Director General.
  • REFUSING TO MAKE FACILITATION PAYMENTS: It is not allowed to make such payments in the performance of professional duties for the company, even if they are made in charge of personal finances and reimbursement is not sought. Report all requests for facilitation payments to the Anti-Bribery Compliance Officer, Director of Human Talent.
  • KEEP RELIABLE RECORDS: Describe expenses completely and accurately in all business documentation, in terms of amounts, their nature or destination.
    • Never create any false or misleading registration, or accept from any supplier or third party a registration that does not meet our requirements.
    • Disclose all information in a timely and accurate manner, including business and financial transactions. Reflect actual transactions and conform to accepted accounting principles. Everyone is prohibited from establishing undisclosed or unregistered funds or assets.
  • COMPLY WITH FINANCIAL AND NON-FINANCIAL CONTROLS: Controls are in place to manage financial transactions, commercial aspects, sales, purchases and legal activities to reduce the risk of bribery in the organization (See financial controls in process Accounting and Finance and non-financial controls in Supplier Management).
  • CONDUCT AND DOCUMENT DUE DILIGENCE, ONGOING MONITORING, AND TRAINING OF BUSINESS PARTNER/BUSINESS OR SUPPLIER: Require them to engage in the same behavior, communicate their obligations, awareness requirements, and policy training to themselves and their staff, via email, It Era footer, and/or through contractual or similar requirements where they are notified. Main roles that support due diligence are Delivery Managers, Leaders, legal and Commercial area:
    • Periodically monitor their activities through evaluations and/or audits or seek certifications of compliance (the latter when relevant or if applicable) to carry out legitimate services and adhere to standards of ethical and professional conduct.
    • Evaluate factors to determine your risk of involvement in bribery and corruption activities and determine if there are any alerts that represent more than a low risk. Ask questions to explain any adverse information.
    • For suppliers, document the level of risk in the File List (document and preserve your selection, see formal decision-making process) and for customers, in the CRM. Where it is more than a low risk of bribery, determine whether it has anti-bribery controls in place, where it does not have, or it is not possible to verify whether it does, where possible, request its reasonable implementation, prior to working with it. Where it is not possible to do so, it does not mean that we cannot move forward with the relationship or transaction, but rather that the probability that you are involved in bribery is considered as risk. It Era is not required to verify full compliance with these requirements by the uncontrolled provider, however, it verifies that it has relevant policies in place.
    • Useful factors in due diligence to evaluate any transaction, project, activity or relationship:
      • If it is a legitimate entity: with documents requested by email from the legal area (company registration, tax identification number, proof of tax status, company CV, among others), see non-financial controls.
      • Reputation, actual location, and/or links between business associates and other third parties involved, including public officials: searching the Internet or other investigations such as market or press reports to determine whether you have engaged in fraud, gross misconduct, or have been convicted, sanctioned, or disqualified for bribery or similar criminal conduct or have a direct or indirect link to any public official that could result in to bribery. Verify publicly available debarment lists that list organizations that have their ability to contract with public or governmental entities excluded or restricted, provided by national or local governments or multilateral institutions.
      • Structure, nature and complexity: review whether they are direct or indirect sales, discount level, contract awards and bidding procedures.
      • Financing mechanism, payments, level of control and visibility: search for information using management resources.
      • Competence of stakeholders: through progress reports.
      • If you have the experience, resources needed to run the business or a management system or anti-bribery controls and their scope: through the contract where anti-bribery clauses are established or search their website to identify any related information.
    • Alerts that may represent more than a low risk (just a few examples):
      • Recommended by a public official or that he or someone close to him or her shows commercial interest in a business partner or supplier.
      • Not having experience in performing the work for which he was hired or has been hired solely under his influence before a public official.
      • Making suspicious statements (e.g., “don’t ask questions, I’ll take care of everything”), not being transparent in your actions, or insisting on keeping your dealings with It Era a secret.
      • The commission or profit margin is very high compared to industry standards or the type of work you do or there is additional compensation without a legitimate need.
      • Wanting to be paid “under the table” or in an account in a tax haven.
      • Refusing to sign a contract with anti-corruption guarantees.
      • Submitting false invoices or refusing to provide documents proving expenses or other declared expenses.
      • Rumors that he is under investigation for money laundering or other criminal activity.
  • DO NOT SOLICIT A BUSINESS PARTNER/BUSINESS OR SUPPLIER TO PROVIDE SERVICE WITHOUT A CONTRACT, OR MAKE CASH PAYMENTS: Contracts demonstrate the legitimate reasons why they are contracted and the services they provide, and contain provisions to help protect It Era, and are therefore important. Payments are not made to anyone other than the counterparty to the contract, or at a location that has no connection to where the partner is based or where contract activities are conducted.
  • CONDUCT AND DOCUMENT DUE DILIGENCE, ONGOING SUPERVISION AND TRAINING OF IT ERA STAFF BEFORE AND AFTER HIRING, TRANSFERRING, PROMOTING AND/OR IN MERGER AND ACQUISITION ACTIVITIES OF ANOTHER COMPANY: The main area that supports this due diligence is Human Talent together with the head of anti-bribery compliance, Director of Human Talent. Evaluate and specify criteria to determine, as far as possible and reasonable, whether an area, position, or role is exposed to more than a low risk of bribery, determine its necessary competence, and ensure that they sign the certificate of this policy for compliance (see Key Personnel Retention and Succession Plan, and Job Descriptions). On the other hand, It Era may become liable for the acquired company’s previous conduct or for continuing conduct that violates anti-bribery and anti-corruption laws.
    • Factors that may be useful in due diligence before hiring, transferring, or promoting:
      • Perform values tests and verify that candidates’ scores are accurate.
      • Take reasonable steps to obtain satisfactory references to past staff patterns and validate that documents are reliable (see talent attraction process).
    • Factors that may be useful in due diligence before closing an acquisition:
      • Incorporate our internal controls and policies into the acquired company as soon as possible, through the training of new employees, review of relationships with third parties, and the execution of audits, as appropriate. Iterants are obligated to cooperate in any of these actions.
  • DECLARE AND CONTROL CONFLICTS OF INTEREST: Report any issues to the immediate leader and the head of anti-bribery compliance, Director of Human Talent to be reviewed and/or authorized:
    • Communicate any conflict of interest before joining It Era or when one arises related to the supply of goods or services from an immediate third party. To resolve this situation, it is possible to:
      • Refrain from acquiring those goods/services.
      • Remove the person who presents the conflict of interest from the hiring process
      • Look for other competitive offers in the market.
      • Request independent approval from the relevant area leader.
    • Not have any commitment, paid or unpaid (including employment) to a business partner or competitor of It Era or any other person or company if it affects your performance on It Era. Unless it serves a commercial purpose for It Era, it does not influence (and cannot be perceived to influence) the iterant’s business judgment. To resolve this situation, refrain from:
      • Own any interest in any company that competes in or does business with It Era.
      • Conduct business with any other entity that has substantial involvement or affiliation.
      • Act as a paid officer or as an advisor or consultant to any government body with regulatory or oversight power over It Era.

7. Service Management and General Aspects:

  • ENSURE READING AND KNOWLEDGE OF THE POLICY AND PROCESSES: Commitment to verify, apply and respect the policy, privacy notices, manual for the use and processing of personal data for employees (applies only to ES), individual employment contract, NDA and processes in It Era (see Process Architecture).
    • Delivery Force, together with Human Talent and the head of anti-bribery compliance, Director of Human Talent, are responsible for conducting, documenting and keeping updated an annual training and communication plan in relation to the principles of the policy to facilitate its awareness, understanding, implementation and continuous improvement.
    • TH is responsible for obtaining a certification in which the iterant (including senior management and governing body) declares knowledge of the policy and identifies when and who received the training (Training DB / Attendance Lists / Evaluations).
    • We encourage communication and collaboration, we are open to suggestions and comments that contribute to improving our practices and meeting our objectives. In the Measurement and Analysis Plan, we monitor, measure, analyze and evaluate these quantifiable objectives and they are reviewed through the Challenge Agreements. Senior management reviews the comprehensive management system to ensure its convenience, adequacy, continued effectiveness, and performance of indicators.
  • COMPLY WITH ALL LAWS AND REGULATIONS: Commitment to compliance with applicable rules and legislation related to information security, personal data protection, environmental requirements, bribery and corruption in the jurisdictions in which they operate.
  • IDENTIFY AND ASSESS RISKS AND THREATS: Perform this at all stages of the service and apply appropriate controls to mitigate them. Identify the residuals and accept them, the customer gives his approval through the mail.
  • ENCOURAGE TEAMWORK AND AWARENESS: Promote participation at all levels of the organization, in the planning, development of activities, sustainability initiatives, facilitate continuous learning to become aware of responsibility and commitment to this policy.
  • RESPECT PROFESSIONAL ETHICS: Work at all times within the strictest professional ethics, safeguarding the information coming from clients and staff.
  • PARTICIPATE IN CONTINUOUS IMPROVEMENT AND INNOVATION ACTIVITIES: Promote a culture of continuous continuous improvement at all levels of the organization, seek innovative solutions and encourage improvement in our processes, technology (cleaner and more sustainable), techniques, methodologies, integrated management system, services and the adoption of best practices.
  • PROVIDE EVIDENCE OF COMPLIANCE AND DUE DILIGENCE INFORMATION: Provide evidence of compliance with contract-related and policy-related requirements when requested by IT Era either for auditing, training, supervision or monitoring of activities. Cooperate with due diligence procedures and provide requested information and documentation.
  • IMMEDIATELY REPORT TO IT WAS ANY INCIDENT, COMPLAINT, COMPLAINT, RETALIATION, ATTEMPTED BRIBERY, BLACKMAIL, EXTORTION OR ALERT: Any environmental, security incident (such as theft of devices, phishing attempts or malware) or data breach/processing that may occur, report it to the Information Security or Technical Support officer or administration manager via mail to preserve and protect information assets and correct it in a timely manner. Do not try to hide or ignore incidents, as it can put the security of the company and its data at risk.
    • We do not assist business partners or suppliers with inappropriate or dishonest conduct to deny such requests or requests. To reject bribery attempts with courtesy, but forcefully. Avoid giving the impression that you agree. Communicate to the applicant that It Era has policies and that we may lose our job or be subject to penalties if we engage in conduct that violates them.
    • Any attempt, concern, concern, complaint or alert in relation to a situation of violation of this policy or about the correction of any conduct that you may witness within It Era or in any other entity, immediately report it to your leader, area director, legal and anti-bribery compliance officer, Director of Human Talent or through our secure and confidential whistleblowing channel on the IT Era website. It Era, which allows anonymous reporting. Try not to solve this type of problem on your own (see steps to make a complaint in the Disciplinary process).
    • All complaints are properly investigated, risks are examined, it is determined whether adequate safeguards can be put in place to reduce them to an acceptable level, and action plans are generated.
    • You will maintain confidentiality to the extent possible, for the protection of It Era’s interests or as required by applicable law, without taking any form of retaliation, discrimination or disciplinary action for refusing to participate in, or for refusing, any activity in respect of which you have judged to be more than an unmitigated low risk.
  • COOPERATE IN ANY INVESTIGATION: Fully contribute to any investigation related to any breach of this policy or the integrated management system, which has been reported, detected or under reasonable suspicion so that it can take appropriate action. It Era keeps the investigation and its results confidential and is reported by the anti-bribery compliance function, Director of Human Talent (role or function that is not being investigated), as appropriate.

8. Consequences of not complying with the established policy:

  • We reserve the right to carry out audits, periodic evaluations or due diligence on the comprehensive management system to verify the implementation of It Era’s own requirements, applicable regulations (at least once a year, see Audit Program) and our suppliers to verify their compliance with this policy.
  • Failure to comply with the policy may result in corrective action or, in serious cases such as bribery, corruption, or if the risks involved are unacceptably high and cannot be reduced by other means, disciplinary action is taken such as dismissal, or facing a complaint to the competent authorities, sanctions or legal action as appropriate, see Matrix of sanctions in the Disciplinary Process. Remember that It Era strictly prohibits bribery and corruption of any kind related to their professional activity. Based on due diligence, if there are serious cases on the part of, on behalf of, or for the benefit of the supplier, or if the risks involved are unacceptably high and cannot be reduced by other means, then the transaction, project, activity or business relationship is terminated, suspended or postponed as soon as possible with your organization, as well as in legal actions as appropriate.

9. Validity:

  • The policy is effective immediately and its compliance is mandatory for all parties involved, it is available and communicated in the appropriate language to the entire organization on the process site. It Era encourages its employees to share it through the It Era footer with their business partners/businesses or suppliers so that they are aware of their commitment to business, legal/ethical practices and to listen to their concerns and suggestions to respond appropriately.
  • We are committed to continuously reviewing and improving the policy to verify its adequacy with the actual way IT Era acts and alignment with changes in legislation, around service delivery or market, best practices and standards (under the process of changes). Iterants are expected to review and accept any updates.
  • We appreciate your partnership in realizing, maintaining, and promoting these shared goals and values. Any questions or concerns should be directed to the director of human talent, delivery force area or administration manager.