1. About This Policy
1.1 The Sophos Modern Slavery Policy (“Policy”) is the anti-slavery Policy as it applies to the Sophos Group Limited and Sophos Holdings, LLC and their respective subsidiaries (collectively, the “Company” or “Sophos”) and its supply chain. It is derived from the U.K. Modern Slavery Act, 2015, and from the California Transparency in Supply Chain Act, 2012, and other similar requirements (the “Act”). Further, Sophos adheres to the Code of Conduct of the Responsible Business Alliance, specifically Section A. 1., Freely Chosen Employment, in its administration of this Policy. Generally, modern slavery is a crime and a violation of fundamental human rights. It takes various forms, such as slavery, servitude, forced and compulsory labor and human trafficking all of which have in common the deprivation of a person's liberty by another to exploit them for personal or commercial gain.
1.2 The Company has a zero-tolerance approach to modern slavery, and we are committed to acting ethically, transparently and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains.
1.3 This Policy applies to our third party supply chain, including hardware manufacturers and suppliers, the logistic fulfilment centers responsible for the distribution of our products, procurement vendors and recruitment and employment agencies from whom Sophos employees may be sourced (each a Supplier and together the Sophos Supply Chain), and to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners.
1.4 Sophos acknowledges the fact that child labour occurs in many countries. However, Sophos does not accept child labour, and works actively against it. The complexity of the child labour issue requires a consistent, long-term effort to create sustainable and broad-based solutions in order to reach our goal; that no products delivered to Sophos are produced by child labour.
Sophos respects different cultures and values in countries where Sophos operates and sources its products, but does not compromise on the basic requirements regarding the Rights of the Child.
1.5 This Policy does not form part of any employee's contract of employment and we may amend it at any time.
2. Responsibility for the Policy
2.1 The Board of Directors has overall responsibility for this Policy and it is enacted within the Company. Legal and Compliance are accountable for the implementation of the Policy and its cross-functional compliance across the Company.
2.2 Further, the Company’s risk management framework supports the Policy through independent audit, assessment, and objective oversight. This includes monitoring its use and effectiveness, ensuring that managers and employees receive adequate notification and training, and auditing internal control systems and procedures to ensure these procedures are effective in countering modern slavery.
2.3 Management at all levels are responsible for ensuring those reporting to them understand and comply with this Policy. Managers will remain alert to indicators of modern slavery and will respond appropriately if they find or are informed of any indication of modern slavery.
3.1 The principal areas in which the Company faces risks related to modern slavery include:
- The Sophos Supply Chain. Materials used to manufacture Sophos Hardware may be sourced in areas of high risk of modern slavery and child labour.
- Effective Due Diligence monitoring of Suppliers
- Recruitment in our own business, and recruitment through agencies.
- Appropriate training to employees.
- Processes to monitor actions undertaken to ensure Sophos compliance with own requirements.
Under section 54 (9) of the UK Modern Slavery Act 2015 and Required Disclosures within the California Transparency in Supply Chains Act the following points address the procedures carried out by the Company to meet designated requirements.
4.1 Annual Anti-Slavery and Trafficking Statement (the “Annual Statement”): under Section 54 of the Modern Slavery Act 2015, commercial organisations that carry on a business in the UK, supply goods and services and have a total annual turnover of £36 million or more, are required to publish within six months of the end of each financial year, an annual statement. Under the Transparency in Supply Chains Act, the Legislature declared the intent of the State of California to ensure that large retailers and manufacturers provide consumers with information (disclosure) regarding their efforts to eradicate slavery and human trafficking from their supply chains. This statement/ disclosure must set out the steps (if any) that the organisation has taken during the fiscal year to ensure that modern slavery is not taking place in any of its supply chains and in any part of its own business. The statement must be signed by a Director and published on its website with a clear link on the homepage. This applies to Sophos. The Company’s Annual Modern Slavery Statement will set out the actions that it has taken to prevent slavery in its operations.
4.2 Sophos does not support Child Labour
In this policy, Sophos embraces the United Nations (U.N.) Convention on the Rights of the Child (1989), which stipulates:
“All actions concerning the child shall take full account of his or her best interests.” Article 3.
“The right of the child to be protected from economic exploitation and from performing any work that is likely to be hazardous or to interfere with the child’s education, or to be harmful to the child’s health or physical, mental, spiritual, moral or social development”. Article 32.1.
In addition, this policy is based on the International Labour Organisation (ILO) Minimum Age Convention no. 138 (1973). According to this convention, the word “Child” is defined as any person below fifteen (15) years of age, unless local minimum age law stipulates a higher age for work or mandatory schooling, in which case the higher age would apply. If, however, the local minimum working age is set at fourteen (14) years of age in accordance with exceptions for developing countries, the lower age will apply.
4.3 Supply Chains: we take one or more of the following actions in respect to each Supplier:
- We ensure that we can account for each step of our hardware manufacturing processes and that we know who is providing the hardware to us that we resell.
- Annual completion of a risk assessments to validate actions undertaken by the Supplier to ensure compliance with the code of conduct.
- We inform our Suppliers that we are not prepared to accept any form of exploitation in their business or any part of their supply chain by publishing our Policy and statement on our website;
- We ensure all Direct Suppliers sign the annual Sophos Modern Slavery Code of Conduct, listing all third parties who provide parts contained in Sophos products supplied.
- We complete Live Monitoring on all companies in the Sophos Supply Chain, and any anti-bribery or modern slavery changes for a specific Supplier will trigger an immediate review and business assessment / investigation;
- Our standard supply chain contract templates and contracts that we negotiate with high-risk Suppliers contain anti-slavery provisions which prohibit suppliers and their employees and sub-suppliers from engaging in modern slavery;
- We conduct regular risk assessments of our Sophos Supply Chain. In cases of high-risk, we audit the Supplier and, as appropriate, we require them to take specific measures to ensure that the risk of modern slavery is significantly reduced; and
- In cases where modern slavery is identified, or alleged, in our business or in the Sophos Supply Chain, immediate action is taken to address it; this takes the form of a comprehensive investigation. Should abuse be identified immediate action will be taken. In the event of failure to resolve the situation with a Supplier rapidly and satisfactorily, we will terminate the contract.
- Monitoring of suppliers through the Human Trafficking Risk Index (HTRI). The HTRI uses external corporate databases – the world’s largest with more than 250 million records and incorporates data from the International Labor Affairs Bureau and the U.S. Department of State. The HTRI creates an automated, repeatable, closed-loop process to proactively monitor the Sophos Supply Chain for potential human trafficking violations.
- Sophos requires that all suppliers shall abide by the requirements of the U.N. Convention on the Rights of the Child (Resolution 44/25, 02 Sept 1990) and that the suppliers comply with all relevant national and international laws, regulations and provisions applicable in the country of production.
- If child labour is found in any place of production, Sophos will require the supplier to implement a corrective action plan, remediation. If corrective action is not implemented within the agreed time-frame, or if repeated violations occur, Sophos will terminate all business with the supplier concerned.
- Through the General Purchasing Conditions for the supply of products to Sophos has reserved the right to make unannounced visits at any time to all places of production (including their sub-contractors) for goods intended for supply. Sophos furthermore reserves the right to assign, at its sole discretion, an independent third party to conduct inspections in order to ensure compliance.
4.4 Recruitment: we take the following actions:
- We always ensure all staff have a written contract of employment and that they have not had to pay any direct or indirect fees to obtain work;
- We always ensure staff are legally able to work in the country in which they are recruited;
- We check the names and addresses of our staff (e.g., many people listing the same address may indicate high shared occupancy, often a factor for those being exploited);
- We provide information to all new recruits on their statutory rights including sick pay, holiday pay and any other benefits they may be entitled to;
- If, through our recruitment process, we suspect someone is being exploited, the HR department will follow our reporting procedures; and
- We conduct due diligence checks on any recruitment agency that we use to ensure that it is reputable and conducts appropriate checks on all staff that they supply to us.
5. Compliance with The Policy
5.1 Employees must ensure that they read, understand and comply with this Policy.
5.2 The prevention, detection and reporting of modern slavery in any part of our business or supply chains is the responsibility of all those working for us or under our control. Employees are required to avoid any activity that might lead to, or suggest, a breach of this Policy.
5.3 Employees and third parties are encouraged to raise concerns about any issue or suspicion of modern slavery in any parts of the business or supply chains of any supplier tier at the earliest possible stage. (Via www.sophos.ethicspoint.com) There is no typical victim and some victims do not understand they have been exploited and are entitled to help and support.
The following key signs could indicate that someone may be a slavery or trafficking victim.
This list is not exhaustive:
- The person is not in possession of their own passport, identification, travel documents or bank account;
- The person is acting as though they are being instructed or coached by someone else;
- They allow others to speak for them when spoken to directly;
- They are dropped off and collected from work;
- The person is withdrawn, or they appear frightened;
- The person does not seem to be able to contact friends or family freely; and
- The person has limited social interaction or contact with people outside their immediate environment.
5.4 If you believe or suspect a breach of this Policy has occurred or that it may occur, you can raise an alert using the “Speak Out” web page, alternatively you can notify firstname.lastname@example.org as soon as possible.
5.5 If you are unsure about whether a particular act, the treatment of workers more generally, or their working conditions within any part of our business or tier of the Sophos Supply Chain constitutes any of the various forms of modern slavery, you can raise an alert using the “Speak Out” Hotline, alternatively you can notify email@example.com as soon as possible.
5.6 We aim to encourage openness and will support anyone who raises genuine concerns in good faith under this Policy, even if they turn out to be mistaken. We are committed to ensuring no one suffers any detrimental treatment as a result of reporting in good faith their suspicion that modern slavery of whatever form is or may be taking place in any part of our own business or in the Sophos Supply Chain. All notifications received, together with the identity of the notifier, will be treated as confidential.
6. Communication And Awareness Of This Policy
6.1 Training regarding the risk our business faces from modern slavery within the Sophos Supply Chain, will be provided to new and existing employees through Sophos Learning prioritising those in relevant departments, regular training updates or refreshers will be provided as necessary.
6.2 Our zero-tolerance approach to modern slavery will be communicated to Suppliers at the outset of our business relationship with them and reinforced as appropriate thereafter.
7. Breaches of this Policy
7.1 Any employee who breaches this Policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct.
7.2 We may terminate our relationship with Suppliers and other third parties if they breach this Policy, details of actions undertaken with regard to remediation and outcomes will be published in the Company’s Annual Modern Slavery Statement, and take any action required by the UK Modern Slavery Act 2015.
8. Reviewing This Policy
This Policy is reviewed periodically by Compliance, as required.
- "Speak Out" Web Page
- California Transparency in Supply Chains Act
- UK Modern Slavery Act 2015
- D&B Third Party Risk Tools
- Responsible Business Alliance Code of Conduct
 The definitions of these terms are as follows. Slavery: Slavery, in accordance with the 1926 Slavery Convention, is the status or condition of a person over whom all or any of the powers attaching to the right of ownership are exercised. Forced or compulsory labor: Forced or compulsory labour is defined in international law by the ILO’s Forced Labour Convention 29 and Protocol. It involves coercion, either direct threats of violence or more subtle forms of compulsion. The key elements are that work or service is exacted from any person under the menace of any penalty and for which the person has not offered him/her self voluntarily. Human trafficking: An offence of human trafficking requires that a person arranges or facilitates the travel of another person with a view to that person being exploited. “Transparency in Supply Chains etc. A practical guide” Guidance issued under section 54(9) of the Modern Slavery Act 2015 Annex A page 17.