Committing to Ethical Business Practice
Introduction and Commitment
IOActive maintains a zero-tolerance policy toward all forms of bribery and corruption. We are committed to conducting all our business fairly, ethically, and with integrity, and we enforce effective controls to counter bribery wherever we operate.
This Statement outlines the steps taken by IOActive to ensure compliance with the UK Bribery Act 2010 and other applicable anti-corruption laws globally. IOActive views adherence to these principles not merely as a legal obligation but as a fundamental requirement for maintaining our reputation and the trust of our customers and partners.
1. Top-Level Commitment and Policies
Our commitment to preventing bribery and corruption begins at the highest level of the organization and is formalized in our core documentation.
- Zero-Tolerance Policy: Our Anti-Bribery and Corruption (ABC) Policy sets out our clear stance against giving, offering, or receiving any bribe – whether cash, gift, or undue advantage – to improperly influence a business outcome.
- Scope: The ABC Policy applies to all personnel acting for or on behalf of IOActive, including employees, directors, agents, contractors, and other business partners.
- Gifts and Hospitality: We maintain clear procedures regarding the provision and acceptance of gifts, hospitality, and expenses. These procedures ensure that such practices are reasonable, proportionate, and made in good faith without any intention to influence a business decision improperly.
2. Risk Management and Controls
We maintain procedures that are proportionate to the size, nature, and low-risk complexity of our global operations.
- Risk Profile Assessment: IOActive assesses its primary bribery risk to be low, chiefly relating to the sales and business development function where improper conduct could be used to secure or retain business. We acknowledge other statutory risks, such as those related to foreign public officials and the engagement of third-party partners, but these are considered low as interactions in these areas do not form a significant element of our day-to-day business operations. We remain committed to keeping all risks under review to avoid complacency.
- Proportionate Controls: Our mitigation strategy is integrated into management oversight and includes:
- Financial Integrity: Ensuring all transactions are accurately recorded in line with strict accounting procedures to prevent concealed payments (e.g., mislabeled expenses).
- Partner Vetting: Employing careful selection and reputation assessment before engaging third parties. Our use of third parties and our supply chain is relatively limited, focusing on a small number of professional service providers.
- Oversight: Senior management maintains oversight of all third-party partners and high-risk activities, requiring compliance with our ABC Policy.
- Financial Integrity: Ensuring all transactions are accurately recorded in line with strict accounting procedures to prevent concealed payments (e.g., mislabeled expenses).
3. Communication and Reporting
We ensure our commitment is understood across the organization and that staff have a safe mechanism for raising concerns.
- Internal Communication: Our commitment to ABC is included within the Employee Handbook, clearly outlining expected behavior.
- Whistleblowing: Our Whistleblowing Policy provides a confidential mechanism for employees and contractors to report any suspected ethical or policy breaches, including bribery or corruption, without fear of retaliation.
4. Monitoring and Review
IOActive is committed to the continuous improvement of its anti-bribery framework.
- Oversight: Our management team is responsible for reviewing the effectiveness of our ABC procedures regularly.
- Continuous Improvement: We remain committed to adjusting and evolving our controls and documentation to respond effectively to changes in our business environment and regulatory landscape.
Statement Approval
This Statement was approved by the CEO of IOActive, Inc. on behalf of itself and its subsidiaries on September 29, 2025.
Signed:
Name: Jennifer Steffens
Title: CEO