Back

Establish, implement, and maintain an ethics program.


CONTROL ID
11496
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Human Resources management, CC ID: 00763

This Control has the following implementation support Control(s):
  • Include communication protocols for interested personnel and affected parties in the ethics program., CC ID: 12858
  • Establish, implement, and maintain ethical decision-making guidelines., CC ID: 12908
  • Establish, implement, and maintain investigation procedures addressing ethics complaints., CC ID: 12900
  • Establish, implement, and maintain an ethical culture., CC ID: 12781
  • Establish mechanisms for whistleblowers to report compliance violations., CC ID: 06806
  • Refrain from discriminating against employees who refuse or intends to refuse to do something that contravenes requirements., CC ID: 13608
  • Refrain from discriminating against employees who are whistleblowers., CC ID: 13609
  • Respond to ethics complaints of ethics violations., CC ID: 11497
  • Refrain from discriminating against employees who disclose that their employer or another person has or intends to contravene requirements., CC ID: 13607
  • Apply legal remedies to any person knowingly partaking in illegal actions., CC ID: 11515
  • Include prohibiting counterfeiting in the ethics program., CC ID: 11517
  • Refrain from assigning roles and responsibilities that breach segregation of duties., CC ID: 12055


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Establish ways for the workforce and other stakeholders to seek guidance about future conduct and ask general questions, including the option for anonymity in locations where that is required or allowed. (OCEG GRC Capability Model, v. 3.0, P4.5 Provide Helpline, OCEG GRC Capability Model, v 3.0)
  • can comply with legal and relevant ethical requirements; and (¶ 2.31(b), Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • CODE OF ETHICS DISCLOSURE.—The Commission shall issue rules to require each issuer, together with periodic reports required pursuant to section 13(a) or 15(d) of the Securities Exchange Act of 1934, to disclose whether or not, and if not, the reason therefor, such issuer has adopted a code of ethi… (§ 406(a), The Sarbanes-Oxley Act of 2002 (SOX), July 30, 2002.)
  • detect, prevent, protect against, or respond to a security incident, identity theft, fraud, harassment, malicious or deceptive activity, or any illegal activity; or (13-61-304 (1)(h)(i), Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act)
  • Prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any illegal activity; preserve the integrity or security of systems; or investigate, report, or prosecute those responsible for any such action; (§ 59.1-582.A.7., Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act)