1. はじめに

RSA is committed to responsible business practices and to high standards of ethical behavior. This includes holding our suppliers to high standards of excellence as defined in governing laws, recognized international standards and conventions, and global best practices.

2. 適用範囲

本原則は、サプライヤー、サプライヤーの従業員、請負業者、下請業者(以下、「サプライヤー」)を含む、RSA と協働する関係者に適用されます。

3.原則の表明

RSAのサプライヤーは、以下を遵守しなければなりません。

  • 米国連邦調達規則(Federal Acquisition Regulations、以下「FAR」)および米国防省調達規則(Defense Federal Acquisition Regulation Supplement、以下「DFARS」)を含む、すべての適用される法律、規制、および購買要件。
  • RSAの行動規範
  • 国連人権宣言、国連児童の権利条約を含む、関連する国連条約。
  • 品質、環境、安全衛生、その他のマネジメントシステム

RSA implements these principles by reinforcing the general requirement that Suppliers meet or exceed all applicable laws and recognized standards.

We recognize that not all Supplier engagements or activities with RSA will apply equally to all Suppliers. Therefore, we direct supplier requirements and outreach toward those suppliers who have been prioritized based on the nature of their business and holistic risk assessment.

The Suppliers declare (on their behalf and on that of their employees, agents, and consultants) that they have received and agree with these principles, and undertakes to comply with it, as well as to any updates that may be made by RSA.

These principles must be observed as of the start of the activities covered under the contract executed between RSA and Supplier.

4. 法律及び国際基準の遵守

すべての法律と規制の遵守

It is essential to a socially and environmentally responsible supply chain that all persons, including Suppliers, behave in a legal and ethical manner. RSA and RSA’s Suppliers shall comply with all applicable laws and regulations.

腐敗防止

サプライヤーは、連邦海外腐敗行為防止法 (The Foreign Corrupt Practices Act)、2010年英国贈収賄防止法、および腐敗防止または贈収賄防止に関連するすべての適用される現地法(以下「腐敗防止法」とする)を遵守するものとします。

5. RSAのコア・ポリシーのコミットメントとサプライヤーの要件

RSAは、以下の問題領域に関して、サプライヤーに特定の要件を課しています。

米国連邦調達規則(「FAR」)

If RSA is providing Supplier’s products or services under a United States government prime contract or subcontract, Supplier shall comply with the following provisions of the Federal Acquisition Regulations, published in Title 48 of the United States Code of Federal Regulations (CFR) at 52.244-6: 52.203-13, Contractor Code of Business Ethics and Conduct; 52.219-8, Utilization of Small Business Concerns; 52.222-26, Equal Opportunity; 52.222-35, Equal Opportunity for Veterans; 52.222-36, Affirmative Action for Workers with Disabilities; 52.222-40, Notification of Employee Rights Under the National Labor Relations Act; 52.222-50, Combating Trafficking in Persons; 52.232-40, Providing Accelerated Payments to Small Business Subcontractors and 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels. Supplier shall also comply with the requirements of 41 CFR §§ 60-l.4(a), 60- 300.5(a) and 60- 741.5(a), which prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, or national origin. Supplier also shall comply with the provisions of 48 CFR 52.204-21 and 48 CFR 252.204-7012 if: (i) Supplier’s performance involves access to “Federal contract information” or “covered defense information” (as those terms as defined in 48 CFR 52.204(a) and 48 CFR 252.204-7012(a), respectively); and (ii) Suppler is providing other than Commercial Off-The-Shelf items.

労働条件、強制労働、人身売買

RSA is committed to upholding the human rights of workers at any tier of its supply chain, and to treating them with dignity and respect. Workers include direct employees, temporary workers, migrant workers, student workers, contract workers, and any other person(s) providing labor and employment services to Supplier. Forced, bonded (including debt bondage) or indentured labor, involuntary prison labor, slavery or trafficking of persons of any age shall not be used at any tier of the supply chain.

  • Employers and agents may not use misleading or fraudulent practices during the recruitment of employees.
  • サプライチェーンのどの階層においても、児童労働を利用してはなりませn。

RSA reserves the right to take any and all available actions against Suppliers for violations of its Vulnerable Worker Policy including without limitation the termination or reduction of business, frequent required onsite compliance auditing at Supplier’s expense, employee compensation at Supplier’s expense, and/or termination of RSA’s contract with the Supplier.

鉱物および抽出物

RSAは、製品に使用される材料に関して、責任ある調達方法の確保に取り組んでおり、サプライヤーも同様に高い基準を遵守することを期待しています。

サプライヤーの多様性

RSA believes an ethical, diverse supply chain is a vital part of our business. Each Supplier must meet the following diversity requirements: (1) comply with any applicable law and regulation targeted towards suppliers to governmental entities; (2) use reasonable efforts to engage minority-owned businesses, women-owned businesses, and LGBT-owned businesses if Supplier engages subcontractors to provide any deliverables or to support the Supplier’s overall business operations; (3) use commercially reasonable efforts to engage small businesses as defined by the United States Small Business Administration (including small business subcategories such as small disadvantaged businesses, small women-owned businesses, veteran-owned businesses, service disabled veteran-owned businesses and HUB zone businesses) if Supplier engages subcontractors in the United States to provide any deliverables or to support the Supplier’s general business operations; (4) maintain accurate records of Supplier’s efforts under this provision; and (5) report to RSA, on RSA’s request, Supplier’s spend with minority-owned businesses, women-owned businesses, small businesses, and LGBT-owned businesses.

利益相反の回避

Any circumstance in which a Supplier’s ability to act with objectivity is compromised is considered a conflict of interest. Since RSA wishes to maintain a partnership free of conflicts, we ask that should a conflicting situation arise between RSA and a Supplier or any of its employees, that Supplier report all pertinent details to RSA. This includes, but is not limited to, close personal or family relationships with those at RSA or the giving or receiving of lavish business courtesies.

継続的な改善

RSA is committed to responsible sourcing. Suppliers must meet the standards specified in this section, but we encourage Suppliers to view sustainability as a journey of continuous improvement. With a focus on self- assessment, internal ownership and self-accountability, RSA Suppliers can make changes that will bring long- lasting, sustainable impact not only to their own facilities and operations, but also to those of their own providers.

6. 情報セキュリティ

To establish the concepts and guidelines for information security of RSA’s information and that of RSA’s clients, Suppliers who have physical or logical access to RSA’s or RSA’s client’s information, systems or locations, must abide by the following:

  • Information, whether in hard-copy or soft-copy format, and the technological environments used by Suppliers are the exclusive property of RSA and are not for personal use.
  • Suppliers must have a unique identification (both physical and digital), which is personal and non-transferable, and which can be used to identify the party by the services they are providing.
  • Access rights must always observe the principle of least privilege, wherein users must only have the permissions necessary for the execution of their tasks.
  • Confidential information, such as passwords and any other information possessed by Suppliers over the course of their work, must always be held as top secret; sharing of this information is strictly prohibited.
  • The Suppliers undertake, and are responsible for their employees, agents, consultants, and/or representatives who have a need to access confidential information, to hold the same under confidentiality, and not to copy, sell, assign, license, commercialize, transfer, or in any other way convey, divulge, or provide such information to any third party that is not involved in the contract, nor to use the information for any purpose, except upon prior written express authorization.
  • RSA’s and its customer’s information must be treated ethically and confidentially. It must only be used for the purpose for which it was authorized.
  • All Suppliers should be aware that the use of information and information systems may be monitored without notice, and that records obtained through this means may serve as evidence for legal purposes.
  • Information must be used in a transparent manner and only for the purpose for which it was gathered and/or for statistical purposes, without identifying RSA’s customers or revealing customer-specific system characteristics.

7. 違反の疑いのある行為の報告

Questions about specific issues that may arise in a business relationship with RSA may be referred to the following contacts:

  • RSA倫理担当: ethics@rsa.com
  • 窓口へのご報告: www.lighthouse-services.com/rsa
    (報告に関する法律や手続きは国によって異なるため、先に進む前に提供されるガイダンスを確認してください)。

Suppliers are expected, consistent with applicable laws and contractual obligations, to provide reasonable assistance to any investigation by RSA of a violation of this Code or applicable laws and to allow RSA reasonable access to all facilities, records and documentation concerning their compliance with this Code and laws applicable to them or their provision of products and services to RSA.

 

発効日 2022 年 7 月 28 日

©2022 RSA Security LLC あるいはその関連会社無断複写・転載禁止。RSA Conferenceロゴ、RSAおよびその他の商標は、RSA Security LLCあるいはその関連会社の商標です。その他の商標は、その商標の各所有者のものです。