Integrated Management System Policy for Iterants

  • Home
  • Integrated Management System Policy for Iterants

1. Objective:

At Itera we develop technological solutions responsibly, acting ethically, transparently and committed to quality, legality and sustainability. We promote fair, inclusive and safe working conditions, respecting human rights. We protect information and resources through practices that ensure their confidentiality, integrity, and proper use. We reject any form of bribery and extend our responsibility to social, environmental impact and ethical supply chain management.

2. Scope:

All iterants are responsible for ensuring compliance with the policy in the exercise of their functions no matter where they are located or their role. It is applicable to others acting on behalf of It Era, any project, deal, contract or negotiation with customers/business partners/businesses and suppliers whether in the public or private sector.

3. Roles and responsibilities:

RoleResponsibilities (See details in the IMS (Integrated Management System) User Manual)
Governing Body
  • Understands, complies with, and applies the requirements of the integrated management system according to their role.
Director of Human Talent
  • It has the authority and independence of the anti-bribery compliance function. The responsibility for compliance will continue to reside with the iterants.
    It oversees this policy, advises iterants, and executes sanctions in accordance with the corresponding sanctions matrix.
Senior Management
  • Establishes, reviews and ensures legal and operational compliance with this policy. Analyze risks and advise and make decisions.
Leaders or Directors
  • Ensures compliance with the Integrated Management System (IMS) in its areas, respects standards of conduct when conducting negotiations, and provides advice.
Iterating
  • They are aware of and apply this policy and the processes related to their role. They participate in training.
    Respect standards of conduct.

Key Commitments:

4. Human Rights and Working Conditions

  • PROHIBIT CHILD LABOR, FORCED LABOR AND VIOLENCE: It is forbidden to hire minors and any form of forced labor, servitude or exploitation. All forms of violence, harassment, harassment or ill-treatment, whether physical, verbal, psychological or sexual, are also rejected. Ensure a safe, respectful, and dignified work environment.
  • ENSURING DIVERSITY, INCLUSION, EQUALITY AND NON-DISCRIMINATION: To guarantee a work environment free of discrimination based on gender, age, sexual orientation, religion, ethnic origin, disability or any other condition. Promote the inclusion of people in vulnerable situations. Respect free expression and promote coexistence with respect, tolerance and cultural diversity.
  • ENSURING WORKING CONDITIONS AND SAFETY AT WORK: To provide a safe, healthy and fair working environment, in accordance with current legislation. Promote risk prevention and work-life balance.

5. Security and National Security Scheme (ENS)

  • ACCESS ONLY NECESSARY SYSTEMS AND DATA: Recoger y conservar solo datos personales e información de la organización, pertinentes y necesarios para fines legítimos. Asegurar que sean exactos y actualizados. Tratar los datos de forma lícita, leal y transparente. Recabar consentimiento si se usan para fines distintos a los originales.
  • PROTECT ITERA AND CLIENT INFORMATION AND RESOURCES: Maintain the confidentiality of all information and personal data, even after the end of the employment relationship indefinitely, safeguarding the confidentiality, integrity, availability, authenticity and traceability of the information. You are prohibited from disclosing or extracting or using information or resources without authorization. Its exclusive use for authorized commercial purposes must be ensured, its safe storage and improper use must be avoided.
    Likewise, the installation of unauthorized, pirated or unlicensed software is prohibited, and SECURITY CONTROLS must be followed when sending emails, downloading files, using artificial intelligence tools or browsing the Internet, in order to prevent cyber threats.
  • FOLLOW THE ACCESS AND PASSWORD POLICY: Apply multi-factor authentication when possible. Create, change, and protect strong passwords to prevent unauthorized access, loss, destruction, or alteration.
  • TAKE CARE OF ITERA’S PHYSICAL ASSETS: Protect equipment, devices, and documents from theft, loss, and damage. Follow measures such as blocking unused workstations, keeping desks clean, and restricting access to sensitive areas and network. Ensure rapid recovery of services in the event of a disaster or contingency.

6. Quality

  • COMPLY WITH QUALITY, PERFORMANCE AND DEADLINES: Comply with quality and performance commitments in products and services, meeting internal requirements and customer expectations, respecting operation and service level agreements, ensuring their satisfaction and responding with agility to their needs, as well as establishing and approving specific quality objectives that are measured and evaluated periodically.
  • SYSTEMATIZE PROCESSES AND USE INDICATORS: Establish controls and key indicators to measure performance, facilitate informed decisions, and activate continuous improvements in services.

7. Environment

  • ESTABLISH AND APPROVE ENVIRONMENTAL OBJECTIVES: Define specific environmental objectives that are measured and evaluated on a regular basis.
  • MINIMIZE ENVIRONMENTAL IMPACT AND PROMOTE SUSTAINABLE PRACTICES: Comply with applicable environmental legislation and maintain commitment to the environment, avoiding pollution, optimizing digital tools, reducing energy consumption, emissions and other sources of pollution.
  • ● IDENTIFY AND CONTROL ENVIRONMENTAL ASPECTS AND RISKS: Apply a preventive approach to recognize and mitigate environmental impacts.
  • DEVELOP ENERGY EFFICIENCY PROGRAMS, WATER MANAGEMENT AND BIODIVERSITY CONSERVATION: Plan strategies to optimize resources and reduce environmental impacts.
  • RESPONSIBLY MANAGE TECHNOLOGICAL RESOURCES: Reuse equipment, properly manage electronic waste and prefer suppliers with sustainable practices that include the recovery and use of materials, also prioritizing the use of efficient equipment, low-consumption configurations and cloud solutions that contribute to reducing the carbon footprint

8. Artificial Intelligence

  • OPTIMIZE WITH AI RESPONSIBLY: Apply AI solutions to improve internal and customer processes, increasing efficiency, reducing time and costs, and driving innovation, while respecting customer policies on their use at all times.
  • ETHICAL, TRANSPARENT AND RELIABLE USE: Develop fair, explainable, and unbiased solutions, ensuring that AI systems are used as intended. To treat data in a lawful, fair and transparent manner, facilitating its understanding and auditing by users and interested parties.
  • TRANSPARENCY IN THE USE OF AI TOOLS WITH CLIENTS: Inform and obtain authorization from the client before using AI tools in any activity related to the provision of the service, including meetings, document generation, analysis or transcriptions. Use only tools authorized by Itera and ensure that information is not shared without consent.
  • GUARANTEE QUALITY, SAFETY AND TRACEABILITY: Protect the confidentiality, integrity, access, availability, and retention of data and systems. Ensure quality, version control and traceability of processes, avoiding unauthorized uses.
  • CLEAR GOVERNANCE AND OVERSIGHT OF AI: Define roles and responsibilities in decisions about AI, prioritizing the well-being of users and stakeholders, with human, technical, legal, and organizational oversight.

9. Anti-bribery

  • ZERO TOLERANCE FOR BRIBERY: It is forbidden to offer, give, ask for, or accept bribes in any activity, relationship, or transaction. Evaluate risks related to incentives, bonuses or compensations, always with the approval of the leader and the Director of Human Talent.
  • GIFTS, HOSPITALITY AND INVITATIONS: Only reasonable care (up to $1,000 per BL per year) is allowed, unrelated to business decisions. Any exceptions require approval by mail from the Director General and notification to Administration. It is forbidden to offer/receive cash or pay personal expenses. Trips must be justified, with an itinerary and prior notice to the leader or Director of Human Talent. It does not apply to gifts or internal invitations.
  • DONATIONS AND EVENT SPONSORSHIP: Only to legal organizations for business, social, or educational purposes. It is forbidden to donate to individuals or for political purposes or to make contributions before, during or after contractual decisions. Due diligence must be carried out on the organization, documented and ensure traceability. Risk-free, contributions up to USD $2,000 per year are allowed without prior authorization. Approval from the Director General is required in case of bribery risk or special concerns. Political participation only in a personal capacity, outside working hours and without representing Itera.
  • NO FACILITATION PAYMENTS: It is forbidden to make payments to speed up procedures, even with one’s own resources. Report requests to the Director of Human Talent.
  • KEEP RELIABLE RECORDS: Accurately record all expenses, payments, and business relationships. Falsification or omitting of information is prohibited.
  • COMPLY WITH FINANCIAL AND NON-FINANCIAL CONTROLS: Apply them in commercial and legal processes, purchases and sales. View in-process financial controls in Accounting and Finance and non-financial in Vendor Management.
  • CONDUCT DUE DILIGENCE, MONITORING, AND THIRD-PARTY TRAINING: Require business/business partners, customers, or suppliers to act with similar ethical standards to Itera, communicating their obligations and providing training through contracts, emails, or the IMS Policy for Suppliers and Third Parties. Leaders, Legal and Commercial must assess bribery risks in any transaction, project, activity or relationship. Verify legitimacy (documents requested by Legal), reputation (reports or press, disqualification lists), links with officials, payment structure, experience and conditions. Document the level of risk in CRM for customers or in the Dossier List for suppliers. Keep records of supplier selection, see formal Decision Making process. Supervise suppliers with audits or evaluations. If there is a high risk, demand anti-bribery controls, without impeding the relationship if they are attended. Attend to alerts such as links with officials, lack of experience, suspicious payment conditions, rumors of criminal behavior or refusal to sign anti-corruption clauses. Do not hire without a contract or pay in cash. Payments only to the counterparty, in places associated with the service.
  • PERFORM DUE DILIGENCE, SUPERVISION AND TRAINING OF PERSONNEL AND IN MERGERS OR ACQUISITIONS: Human Talent and the corresponding Director must assess bribery risks in positions prior to hiring, promotion, or transfer under the Retention and Succession Plan. Verify values (through tests), job references, qualifications, and competencies (job descriptions). Ensure that every iterant signs the certificate of compliance with this policy in Bizneo. In procurement, integrate Itera controls and policies from the outset through training, third-party review, and audits. All iterants must cooperate.
  • DECLARE CONFLICTS OF INTEREST: Inform the leader and Director of Human Talent. Solve by avoiding affected purchases, removing those involved or looking for alternatives. Avoid paid or unpaid external activities that affect performance or generate conflict (e.g., collaborating with competitors or regulators).

10. Service Management and General Aspects

  • ENSURE AWARENESS AND IMPLEMENTATION OF POLICY AND PROCESSES: All iterants must read, understand and apply this policy, as well as the internal processes, employment contract, NDA, personal data processing manual and privacy notices. Delivery Force, Human Talent and the Anti-Bribery Compliance Officer, Director of Human Talent They must establish and keep updated an annual training and communication plan that ensures the understanding, implementation and continuous improvement of the policy and processes. Human Talent is responsible for documenting training, keeping records (evaluations, attendance lists, training DBs) and ensuring that each iterant — including senior management and governing body — signs the certificate of compliance with the policy (Bizneo).
  • COMPLY WITH REGULATIONS AND ETHICS: Act with integrity, loyalty, impartiality, rectitude and professional ethics, complying with all applicable laws and regulations, including information security, data protection, environment, anti-bribery, AI and other standards in the jurisdictions where we operate. Responsible, honest and consistent conduct with Itera’s values and commitments is expected.
  • ENCOURAGE PARTICIPATION AND CONTINUOUS IMPROVEMENT: Active participation in SGI activities such as drills, practical exercises, quarterly challenges and training on topics such as security, quality, service, personal data, AI, bribery and sustainability among others is expected. We promote a culture of service, collaboration, efficiency, open communication, teamwork and innovation, promoting the use of sustainable technologies and good practices. We are open to suggestions that contribute to improving our practices. Itera periodically evaluates its objectives through the Measurement and Analysis Plan, the Challenge Agreements and the review of senior management to ensure continuous improvement and effectiveness of the IMS.
  • PROVIDE EVIDENCE OF COMPLIANCE AND DUE DILIGENCE: Provide evidence of compliance when required by Itera, as well as collaborate in audits, supervisions, and monitoring. Participate in due diligence procedures by delivering the requested information.
  • MANAGE RISKS AND THREATS: IDENTIFY, ASSESS, AND MITIGATE RISKS AT ALL STAGES OF THE SERVICE OR SYSTEM, INCLUDING RESIDUAL THREATS THAT MUST BE FORMALLY ACCEPTED BY THE CUSTOMER OR STAKEHOLDER.
  • REPORTING INCIDENTS AND INAPPROPRIATE BEHAVIOR: Immediately report by mail environmental incidents, bribery, discrimination, data processing or related to the use and life cycle of Artificial Intelligence systems (internal AI tools and models) to the Director of Human Talent, who will channel them to the corresponding area. Security incidents (theft, phishing, malware) should be reported to Technical Support and the Information Security Committee. Incidents should not be ignored or covered up. Firmly but respectfully reject any attempt at bribery or inappropriate offerings, remembering that Itera has policies that prohibit these behaviors and that they could have serious consequences. Any concerns, complaints, or suspicious behavior may also be reported to your leader, legal area , or through the confidential reporting channel on this Itera website (may be anonymous). You should not try to solve these cases on your own. See Disciplinary Processes and Attention to Complaints or Concerns. All complaints are investigated confidentially; Risks are assessed, corrective measures are defined, and action plans are implemented. Retaliation, discrimination, or sanctions against anyone who reports in good faith or refuses to engage in misconduct is prohibited.
  • COOPERATE IN INVESTIGATIONS: Full cooperation is required in any investigation of violations of this policy or the IMS. Itera maintains the confidentiality of the process and its results, and investigations are conducted and reported by the Director of Human Talent, as long as he or she is not involved.

11. Consequences of non-compliance

  • Itera reserves the right to conduct audits, periodic evaluations, or due diligence processes to verify compliance with this policy, IMS requirements, and applicable regulations, both internally and with suppliers (at least once a year, depending on the Audit Program).
  • Failure to comply may result in corrective measures and, in serious cases such as bribery, corruption or unacceptable risks that cannot be mitigated, disciplinary sanctions will be applied, including dismissal, as well as legal action or complaints to the competent authorities (Matrix of Sanctions in the Disciplinary Process, Attention to Complaints or Concerns).
  • Itera strictly prohibits any form of bribery or corruption linked to their professional activities. In the case of suppliers, if serious conduct or unacceptable risks are identified in acts performed by, on behalf of, or for the benefit of your organization, Itera may immediately suspend, terminate, or postpone the business relationship, transaction, project, or activity, and take legal action as appropriate.

12. Validity

  • This policy is effective immediately and compliance with it is mandatory for all parties involved. It is available in the corresponding language for the entire organization through the process sites and in the footer of the Itera website. Itera invites its employees to share it with business partners and suppliers, promoting commitment to legal, ethical and responsible practices, as well as openness to listen to their concerns and suggestions.
  • The policy is continuously reviewed and improved to ensure its alignment with the actual way of acting at Itera, changes in legislation, the service environment, the market, best practices and current standards (see Change Process). Iterants are expected to consult and accept any updates.
    ● We appreciate your collaboration in fulfilling, maintaining and promoting these values. For questions or comments, you can contact the Director of Human Talent, the Delivery Force area or the Administration Manager.