RSA is committed to responsible business practices and to high standards of ethical behavior. This includes holding our suppliers to high standards of excellence as defined in governing laws, recognized international standards and conventions, and global best practices.
These principles are applicable to parties working with RSA, including suppliers, supplier employees, contractors and subcontractors (“Suppliers”).
RSA’s Suppliers must abide by:
RSA implements these principles by reinforcing the general requirement that Suppliers meet or exceed all applicable laws and recognized standards.
We recognize that not all Supplier engagements or activities with RSA will apply equally to all Suppliers. Therefore, we direct supplier requirements and outreach toward those suppliers who have been prioritized based on the nature of their business and holistic risk assessment.
The Suppliers declare (on their behalf and on that of their employees, agents, and consultants) that they have received and agree with these principles, and undertakes to comply with it, as well as to any updates that may be made by RSA.
These principles must be observed as of the start of the activities covered under the contract executed between RSA and Supplier.
It is essential to a socially and environmentally responsible supply chain that all persons, including Suppliers, behave in a legal and ethical manner. RSA and RSA’s Suppliers shall comply with all applicable laws and regulations.
Suppliers shall adhere to the Foreign Corrupt Practices Act, the United Kingdom Bribery Act of 2010, and all applicable local laws relating to anti-corruption or anti-bribery (“Anti-Corruption Laws”).
RSA imposes specific requirements on its Suppliers with respect to the following issue areas:
If RSA is providing Supplier’s products or services under a United States government prime contract or subcontract, Supplier shall comply with the following provisions of the Federal Acquisition Regulations, published in Title 48 of the United States Code of Federal Regulations (CFR) at 52.244-6: 52.203-13, Contractor Code of Business Ethics and Conduct; 52.219-8, Utilization of Small Business Concerns; 52.222-26, Equal Opportunity; 52.222-35, Equal Opportunity for Veterans; 52.222-36, Affirmative Action for Workers with Disabilities; 52.222-40, Notification of Employee Rights Under the National Labor Relations Act; 52.222-50, Combating Trafficking in Persons; 52.232-40, Providing Accelerated Payments to Small Business Subcontractors and 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels. Supplier shall also comply with the requirements of 41 CFR §§ 60-l.4(a), 60- 300.5(a) and 60- 741.5(a), which prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, or national origin. Supplier also shall comply with the provisions of 48 CFR 52.204-21 and 48 CFR 252.204-7012 if: (i) Supplier’s performance involves access to “Federal contract information” or “covered defense information” (as those terms as defined in 48 CFR 52.204(a) and 48 CFR 252.204-7012(a), respectively); and (ii) Suppler is providing other than Commercial Off-The-Shelf items.
RSA is committed to upholding the human rights of workers at any tier of its supply chain, and to treating them with dignity and respect. Workers include direct employees, temporary workers, migrant workers, student workers, contract workers, and any other person(s) providing labor and employment services to Supplier. Forced, bonded (including debt bondage) or indentured labor, involuntary prison labor, slavery or trafficking of persons of any age shall not be used at any tier of the supply chain.
RSA reserves the right to take any and all available actions against Suppliers for violations of its Vulnerable Worker Policy including without limitation the termination or reduction of business, frequent required onsite compliance auditing at Supplier’s expense, employee compensation at Supplier’s expense, and/or termination of RSA’s contract with the Supplier.
RSA is committed to the responsible sourcing of materials used in products, and expects our Suppliers to adhere to the same high standards.
RSA believes an ethical, diverse supply chain is a vital part of our business. Each Supplier must meet the following diversity requirements: (1) comply with any applicable law and regulation targeted towards suppliers to governmental entities; (2) use reasonable efforts to engage minority-owned businesses, women-owned businesses, and LGBT-owned businesses if Supplier engages subcontractors to provide any deliverables or to support the Supplier’s overall business operations; (3) use commercially reasonable efforts to engage small businesses as defined by the United States Small Business Administration (including small business subcategories such as small disadvantaged businesses, small women-owned businesses, veteran-owned businesses, service disabled veteran-owned businesses and HUB zone businesses) if Supplier engages subcontractors in the United States to provide any deliverables or to support the Supplier’s general business operations; (4) maintain accurate records of Supplier’s efforts under this provision; and (5) report to RSA, on RSA’s request, Supplier’s spend with minority-owned businesses, women-owned businesses, small businesses, and LGBT-owned businesses.
Any circumstance in which a Supplier’s ability to act with objectivity is compromised is considered a conflict of interest. Since RSA wishes to maintain a partnership free of conflicts, we ask that should a conflicting situation arise between RSA and a Supplier or any of its employees, that Supplier report all pertinent details to RSA. This includes, but is not limited to, close personal or family relationships with those at RSA or the giving or receiving of lavish business courtesies.
RSA is committed to responsible sourcing. Suppliers must meet the standards specified in this section, but we encourage Suppliers to view sustainability as a journey of continuous improvement. With a focus on self- assessment, internal ownership and self-accountability, RSA Suppliers can make changes that will bring long- lasting, sustainable impact not only to their own facilities and operations, but also to those of their own providers.
To establish the concepts and guidelines for information security of RSA’s information and that of RSA’s clients, Suppliers who have physical or logical access to RSA’s or RSA’s client’s information, systems or locations, must abide by the following:
Questions about specific issues that may arise in a business relationship with RSA may be referred to the following contacts:
Suppliers are expected, consistent with applicable laws and contractual obligations, to provide reasonable assistance to any investigation by RSA of a violation of this Code or applicable laws and to allow RSA reasonable access to all facilities, records and documentation concerning their compliance with this Code and laws applicable to them or their provision of products and services to RSA.
Effective Date: July 28, 2022
©2022 RSA Security LLC or its affiliates. All rights reserved. RSA Conference logo, RSA and other trademarks are trademarks of RSA Security LLC or its affiliates. Other trademarks may be trademarks of their respective owners.