Baringa Supplier Code of Conduct
1.1 General Requirements for Prospective Suppliers
- Prospective Suppliers shall keep all pre-contract data, negotiations, and tender progress strictly confidential and, where requested by Baringa, enter into a more detailed non-disclosure agreement on agreed terms.
- Prior to entering into any contract, Baringa may carry out due diligence on each prospective Supplier in order to comply with relevant law and to assess the suitability of the prospective Supplier to meet Baringa’s business requirements. Prospective Suppliers shall cooperate fully and promptly with such due diligence enquiries.
- All activity between Baringa and prospective Suppliers will be conducted with integrity. Contracts will be awarded based on merit and at the discretion of Baringa. Hospitality or other inducements intended to encourage or reward a positive outcome for the prospective Supplier must not be offered to Baringa’s staff members. The acceptance of any such inducements (e.g. gifts or hospitality) by our staff members during a competitive tender or negotiation phase is strictly prohibited.
1.2 General Requirements for Current Suppliers
- Where Baringa enters into a contract with a Supplier, the relationship will be governed by agreed terms and conditions. In addition, the Supplier shall comply with the principles contained in this Supplier Code of Conduct and all laws applicable to the Supplier.
- As part of Supplier management, Baringa may carry out due diligence on each Supplier in order to ensure compliance with relevant law and to ensure the Supplier continues to meet Baringa’s business requirements. Suppliers shall cooperate fully and promptly with such due diligence enquiries.
- It is recommended that each Supplier’s policies and procedures are regularly reviewed to ensure that changes in regulations, technology, and industry best practice are captured, as well as changes within each Supplier’s organisation. Regular review will ensure that sound governance is instilled within each Supplier’s organisation which will, in turn, demonstrate continuous improvement.
1.3 Priority of Standards and Updates
If there is a conflict between any applicable laws or regulations, the provisions of an agreement with Baringa and the provisions of this Supplier Code of Conduct, the Supplier shall meet the most stringent standard.
- Baringa has the right to modify this Supplier Code of Conduct from time to time and the modified Code will be available to Supplier on Baringa’s website.
1.4 Supplier Employment & Supply Chain Ethics
- Suppliers shall respect the human rights of their employees, other personnel and local communities and shall comply with all relevant law pertaining to human rights.
- Suppliers shall take appropriate steps to identify and eradicate modern slavery, in all its forms, including slavery, servitude, forced and compulsory labour and human trafficking, whether of adults or children, all forms of which have in common the deprivation of a person's liberty by another in order to exploit them for personal or commercial gain.
- Baringa is committed to ensuring there is transparency in our approach to tackling modern slavery throughout our supply chains, consistent with our legal disclosure obligations worldwide. We expect the same commitment from all our Suppliers and we expect that our Suppliers will hold their own suppliers to the same high standards.
- Suppliers shall implement appropriate due diligence practices and provide training their own staff to identify the risk of and/or actual instances of modern slavery.
- Freedom of association and collective bargaining: The Supplier shall respect, and shall not interfere with, the right of workers to decide whether to lawfully associate with groups of their choice, including the right to form or join trade unions and to engage in collective bargaining.
- Wages and remuneration: The Supplier must compensate all workers with wages, including overtime premiums, and benefits that at a minimum meet the higher of:
- the minimum wage and benefits established by applicable law;
- collective agreements;
- industry standards; and
- an amount sufficient to cover basic living requirements.
- We require our Suppliers to be committed to a policy of equality opportunity under which no job applicant, staff member or other individual is discriminated against and less fairly treated because of gender, marital status, race (including colour, castes, nationality or ethnic origin), disability, religion, age, sexual orientation, union membership or political affiliation. All Suppliers shall ensure that they apply the same policy of equality of opportunity including in relation to recruitment, compensation, access to training, promotion and termination of employment.
- All terms and conditions of employment must be made clear to the Supplier workforce in a manner which is easily understood by that workforce.
- Suppliers must provide workers with clear, fair and uniformly applied disciplinary practices and grievance procedures.
- Suppliers shall provide sufficient evidence, promptly upon request by Baringa, that they have implemented appropriate procedures to manage all labour related issues within their supply chain to ensure that they comply with relevant law and this Supplier Code of Conduct.
- Suppliers shall demonstrate, through the transparency of their supply chain that people are dealt with ethically and lawfully, and that goods are traded fairly and meet the environmental aims detailed in this Supplier Code of Conduct.
1.5 Community and Supplier Diversity
- We expect Suppliers to understand how their activities impact their local area and wider community, and we encourage them to make positive contributions and investments. For example, providing appropriate local employment opportunities, workforce volunteering and charity activities. We expect our Suppliers to minimise disruption to communities. We aim to provide small and local businesses, minority ethnic, women owned and diverse business enterprises, with an equal opportunity to participate in our procurement and sourcing processes. We have developed and implemented processes to ensure these businesses have an opportunity to participate in the procurement process, which will include extending this policy through our supply chain.
1.6 Prevention of Financial Crime
‘Financial Crime’ includes bribery, corruption, money laundering, terrorist financing, tax evasion and the failure to prevent the criminal facilitation of tax evasion.
- Suppliers shall comply with all relevant laws pertaining to Financial Crime and shall not do or omit to do anything which would cause Baringa or any of the Baringa Group entities to be in breach of relevant law.
- Suppliers shall put in place an appropriate policy and procedures which prohibit workers from:
- the offering, giving, soliciting or receiving of a bribe at any time (including the making of facilitation payments or the bribery of public officials) whether for the benefit of the Supplier or for the benefit of a worker, a member of a worker's family, or a worker’s friends, associates or acquaintances;
- the use of a gift or hospitality to induce a fraud or other wrongdoing to secure a personal or business benefit;
- the use of sponsorship or advertising agreements to exercise undue influence; or
- unapproved or unauthorised charitable donations or political donations of any kind.
- Suppliers shall put in place appropriate policies and procedures which:
- verify the legitimate origin of goods and services within their supply-chain; and
- verify the identity and the legitimate nature of the businesses with which the Supplier contracts.
- Suppliers shall adopt or have adopted a tax strategy that demonstrates a willingness to pay the right amount of tax, in the right place, at the right time.
- Unfair business practices: Suppliers shall comply with all applicable competition laws (including but not limited to the Competition Act 1998), including but not limited to those relating to teaming and information sharing with competitors, price fixing and rigging bids.
- Suppliers shall implement mandatory training for staff members, appropriate oversight, regular risk assessments, appropriate due diligence and procedural audits to prevent, identify, detect and eradicate Financial Crime.
- Suppliers shall encourage staff members to report to an appropriate senior manager if they know of or suspect any business activity that is in contravention of the Supplier's own Financial Crime procedures. Suppliers shall implement disciplinary action for any staff member failing to comply with such procedures.
- Suppliers shall make sure that their staff members do not suffer any adverse consequences for making a report under the Financial Crime policies, whistle-blowing or refusing to pay a bribe, even if such refusal may result in the Supplier losing business.
- Suppliers shall keep sufficiently detailed records relating to the identification and prevention of Financial Crime and shall promptly notify Baringa upon becoming aware of any instance or suspected instance of Financial Crime connected to the business relationship between Baringa and the Supplier or which might impact upon Baringa’s reputation.
1.7 Environmental Responsibility
- Suppliers shall comply with all relevant laws pertaining to the environment and shall operate their businesses in an environmentally responsible way.
- Suppliers shall take a proactive approach when working with Baringa towards reducing Baringa’s environmental impact when providing Supplier’s services.
- Suppliers shall:
- adopt such practices and utilise such systems that minimise the use of resources, e.g. water efficiency, energy efficiency, etc.;
- ensure that they and their own suppliers use environmentally friendly working practices, tools and equipment, consumables and replacement parts, wherever possible;
- ensure, where practicable, that all consumables originate from a sustainable or recycled source;
- ensure there are facilities or arrangements in place, either directly or through their own suppliers, to ensure Baringa can return used packaging for recycling, reuse or environmentally friendly disposal; and
- ensure that any hazardous or toxic waste produced is properly identified and disposed of by licensed and competent bodies via authorised and/or licensed means.
- Suppliers shall have a written Environmental and Sustainability Policy appropriate to the size and nature of their operation which addresses preventing, mitigating and controlling serious environmental and health impacts from their operations.
- Each Supplier shall carry out annual reviews and audits of its environmental performance and that of its own suppliers, and shall keep a record of all findings and process and procedure improvements or remediation made to reduce any negative environmental impact. Such records shall be provided to Baringa on request.
- Suppliers shall have a process for measuring, recording, reporting their scope 1,2,3 emissions alongside meaningful targets to reduce them. These targets should be supported by a transition plan or equivalent to demonstrate how those targets will be achieved. This information will be made available to Baringa upon request.
- Suppliers shall either be in possession of an ISO 14001 accreditation, be demonstrably working towards ISO 14001 accreditation or operating in accordance with the standards of ISO 14001 throughout the contracting period with Baringa.
1.8 Information Security & Data Protection
- Suppliers shall comply with all relevant laws pertaining to data protection and shall not do or omit to do anything which would cause Baringa to be in breach of such relevant laws.
- To the extent that a Supplier will be processing personal data on behalf of Baringa, it will do so only in accordance with the terms set out in the relevant contract between Baringa and the Supplier.
- To the extent that a Supplier will be collecting personal data in situations where Baringa will be a controller or joint controller with the Supplier, the Supplier agrees to provide each individual to whom the personal data relates with an appropriate Processing Notice.
- To the extent that a Supplier will be processing personal data as a processor and Baringa will be a controller, the Supplier agrees to process all personal data exclusively for the purposes outlined in the applicable Contract and provide a written confirmation of deletion at the end of the above contracts. The Supplier agrees to ensure that all sub-processors used by them adhere to the same levels of protection for any data provided to them by Baringa.
- Each Supplier will comply with the information security requirements set out in Baringa’s Information Security Policy for Suppliers, to the extent relevant to the Supplier’s business and the provision of the services.
1.9 Resilience and Business Continuity
- Baringa expects all businesses in our supply chain to have appropriate business continuity arrangements in place to ensure that you can continue to provide your key contracted services to us in the event of any disruption to your operations. As a minimum, these resilience arrangements should consider people, premises, processes (information and technology) and providers.
- Baringa expects all businesses in our supply chain to have Business Continuity Management System (BCMS) in place which are defined, implemented, and executed in an appropriate and sustainable way, to ensure that you can continue to provide your services to us in the event of any disruption to your operations.
- The scope of the Supplier’s BCMS must be determined by a Business Impact Analysis (BIA) which covers the products and/or services delivered to Baringa e.g. critical employees, processes, IT applications and systems, infrastructure, and third-party suppliers.
- The Supplier’s Business Continuity Plans (BCPs) must be regularly (at least annually) tested, reviewed, and updated. They must also be comprehensively taught to the supplier’s key personnel relevant to the products and/or services supplied to Baringa.
- Baringa’s Suppliers must have a communication plan and process to inform customers in due course on business disruptions.
- Baringa may, as part of ongoing contract management, request information on a Supplier’s BCMS framework, processes, and documentation.
1.10 Cyber Security
- We are committed to ensuring effective controls are in place to protect people, property and services. Compromises of physical or cyber security can result in disruption, with potentially serious social and economic consequences. We require our supply chain partners to demonstrate a similar commitment to security and have appropriate policies and procedures in place to provide a continued safe and secure work environment. Security related controls should be proportionate to the risk, the detail of which will be contained within, and managed through individual contracts.
- Baringa is committed to delivering safe, secure, reliable and sustainable operations. This includes ensuring all reasonably practicable cyber security controls are in place to prevent unauthorised access, damage or interference to our information assets or data. Failing to protect information can also have a serious reputational impact.
- Suppliers shall implement mandatory Cyber Security and Data Protection training for staff members, appropriate oversight, regular risk assessments, appropriate due diligence, and procedural audits to protect the availability, integrity, and confidentiality of the data.
1.11 Cyber Security Incidents/Breaches
- Suppliers shall take steps to reduce the risk of a cyber security breach. Suppliers must ensure that their own cyber security arrangements and those within their supply chain are appropriate to the requirements of the information assets concerned, and any contractual obligations to us. This must include appropriate governance and risk management processes, ensuring access to data is maintained on a need to know, least privileged basis and that processes are in place to respond effectively to any incidents. Suppliers should inform us if they become aware of any cyber security incident that could or has compromised our data or services.
- Suppliers shall encourage staff members to report data breaches or security incidents immediately, making sure the ICO 72-hour deadline is considered. Appropriate investigations must be undertaken, and actions taken to mitigate future issues. Suppliers shall implement disciplinary action for any staff member failing to comply with such procedures.
- Suppliers shall keep sufficiently detailed records relating to the data breach and security incidents and shall promptly notify Baringa upon becoming aware of any instance connected to the business relationship between Baringa and the Supplier or which might impact upon Baringa’s reputation.
- Suppliers shall provide a copy of the remediation plan, if requested, on the security incident/breach and ensure that this is managed and tracked. Regular updates will be required.
1.12 Data Protection
- We require that all businesses within our supply chain must design their organisational structure in such a way that it meets our data protection standards and all relevant UK legislation. In support of this Suppliers must ensure that they are able to demonstrate compliance with:
- Our data privacy policy which is available on our website here.
- Any data incidents or suspected breaches should be reported to Baringa within 24 hours. These notifications should be sent to Privacy@Baringa.com and should be prior to any notification to any government regulator to enable Baringa to undertake any remedial work or prepare notifications as may be required by the law.
- Any additional requirements contained within individual contracts, master service agreements or statement of work including where data protection obligations may be subject to review as part of the ongoing management of the contract.
- Suppliers must ensure they follow the following data privacy principles:
- Purpose Limitation - you only process personal data for the sole purposes of the performance, management, and monitoring of the contract
- Lawfulness, fairness, and transparency – you ensure any personal data is processed transparently, fairly, and clearly as stated in the contract
- Data Minimisation – you ensure the use of personal data is necessary for the performance of the contract
- Accuracy – you ensure that personal data is recorded accurately and rectify or erase personal data if required
- Integrity and Confidentiality – you ensure personal data is kept secure by (a) using secure methods of transfer/ delivery/ access to data; (b) using encryption methods to ensure that data cannot be lost, read, copied or erased without authorisation; and (c) ensuring personal data is not transferred outside the country of source without prior authorisation of Baringa
- Storage Limitation - you must delete personal data when it is no longer required for the contractual purposes and ensure the transfer/return any personal data to the data controller if required
- Accountability - you must report any data breach, potential data breach, or concerns regarding personal data related to us to Privacy@baringa.com
- Suppliers should inform Baringa within 24 hours upon receipt of any data subject requests or other requests pertaining to any data which has originated from Baringa. Suppliers will provide necessary responses to such data subject requests or other authorities post written confirmation from Baringa.
- Suppliers needs to provide 30 days advance warning for any new sub-processors who may have access to our data, where Baringa can object to these sub-processors should it believe there is material data protection risk with these sub-processors.
- Suppliers needs to ensure that all the current sub-processor and future sub-processor agreements provide adequate protection to all Baringa's data as equivalent to this Supplier Code of Conduct.
- Baringa has the right to Audit the Supplier for compliance with data protection legislations. The Supplier will make the necessary arrangements for these audits and assist Baringa with such audits in a timely manner
- Supplier should undertake necessary Data Protection Impact Assessments (DPIA) and assist with the same for Baringa to ensure ongoing compliance with various Data Protection Legislations.
- Suppliers are required to seek written approvals prior to transfer of any Baringa data outside UK or EEA.
1.13 Health & Safety
- Baringa requires that a safe and healthy workplace is provided for all Supplier personnel in accordance with relevant health and safety at work laws and such laws are complied with at all times.
- Clear documented procedures must be in place to ensure regulated occupational health, safety and wellbeing standards are adhered to.
- Health and safety in the workplace shall be the responsibility of a senior member of the Supplier's management where the Supplier is contracted to carry out delivery of goods or services within the Baringa workplace.
1.14 Training
- The Supplier shall implement a system of training for its workers to ensure that they are aware of the requirements of this Supplier Code of Conduct.
- The Supplier shall keep a record of all training offered and completed by its workers and shall make a copy of such record available to Baringa on request.
1.15 Certifying compliance and audit
- The Supplier shall provide written confirmation to Baringa at least once per year that:
- In addition to the written confirmation required above, Baringa may conduct audits to verify the Supplier's compliance with this Supplier Code of Conduct and Supplier will provide all reasonable access and assistance to Baringa to conduct such audits. Baringa has no obligation to conduct such audits.
1.16 Self-monitoring and reporting breaches
- The Supplier shall monitor its compliance with this Supplier Code of Conduct and shall report any breaches (actual or suspected) of this this Supplier Code of Conduct as soon as possible to LegalDept@Baringa.com.
- The Supplier shall not retaliate or take disciplinary action against any worker that has, in good faith, reported breaches of this this Supplier Code of Conduct or questionable behaviour, or who has sought advice regarding this this Supplier Code of Conduct.
1.17 Breach, remediation, and termination
- Where Baringa becomes aware of a breach of this this Supplier Code of Conduct by a Supplier or its workers, Baringa may either:
- immediately terminate its business relationship with the Supplier (including any contracts); or
- require the Supplier to produce a remediation plan specifying the actions that the Supplier will take that will lead to compliance with this Supplier Code of Conduct, and present it to Baringa within 5 working days of being requested to do so. If the Supplier fails to produce the remediation plan within this timeframe or fails to implement it within a reasonable time, Baringa may immediately terminate its business relationship with the Supplier (including any contracts).
May 2024
Are digital and AI delivering what your business needs?
Digital and AI can solve your toughest challenges and elevate your business performance. But success isn’t always straightforward. Where can you unlock opportunity? And what does it take to set the foundation for lasting success?