Supplier Code Of Conduct

Introduction

 

TelXL is committed to partnering with suppliers who uphold the highest standards of ethical, legal, and professional conduct. This Supplier Code of Conduct outlines our expectations for all suppliers and subcontractors working with TelXL. It addresses the areas of ethical behaviour, data protection, sustainability, and human rights, ensuring the delivery of value and innovation across all supply chains.

Ethical Standards

and Business Integrity

 

Respectful Treatment and Professional Behaviour

 

TelXL expects all suppliers to treat their employees, subcontractors, and customers with respect, ensuring a work environment free from discrimination, harassment, or victimisation. Suppliers must promote professional behaviour, fostering collaboration and open communication with TelXL, addressing any project risks or governance concerns proactively.

 

Compliance with Laws and Regulations

 

Suppliers must comply with all applicable local, national, and international laws, including the UK Bribery Act 2010, the Modern Slavery Act 2015, and anti-corruption laws. Suppliers must ensure that their operations are lawful, ethical, and transparent.

 

Risk Management

 

Risk should be allocated to the party best able to manage it. Suppliers should ensure that risks are appropriately managed without being unfairly passed down to subcontractors. Open communication on supply chain risks and transparency in risk management is essential.

 

Continuous Improvement and Innovation

 

Suppliers must continuously improve the goods and services they provide, incorporating innovative solutions to address TelXL’s challenges. This is particularly important for long-term contracts, where suppliers should proactively introduce new ideas to support growth and value.

Data Protection and Cybersecurity

 

Compliance with GDPR and Data Protection Act

 

Suppliers must ensure compliance with GDPR and the UK Data Protection Act 2018. Data processing should be lawful and secure, using appropriate technical measures like encryption, access control, and audit trails.

 

Data Quality and Cybersecurity

 

Suppliers must ensure data accuracy and integrity. Any cyber incidents or breaches that could impact TelXL’s data or operations must be reported immediately. Suppliers must adhere to UK cybersecurity standards and cooperate with the National Cyber Security Centre if required.

 

Breach Notification and Data Subject Rights

 

Suppliers must notify TelXL within 24 hours of a data breach. They must also assist TelXL in responding to data subject requests, ensuring individuals can exercise their rights under GDPR, such as accessing, rectifying, or deleting their personal data.

Information Security Governance 

 

Information Security Governance

 

Suppliers must implement and maintain an effective information security management system (ISMS) in alignment with recognised standards such as ISO 27001. Suppliers must define and enforce policies and procedures to safeguard TelXL’s information assets against risks such as unauthorised access, loss, or damage.

 

Access Control and Confidentiality

 

Suppliers must enforce access control policies to ensure that only authorised personnel have access to TelXL's data and systems. Access must be granted based on business needs and role requirements. Confidentiality agreements must be in place for all individuals with access to sensitive information.

 

Incident Management and Reporting

 

Suppliers must have a formalised process for identifying, managing, and reporting information security incidents. Actual or suspected breaches of information security must be reported to TelXL within 24 hours.

 

Data Retention and Disposal

 

Suppliers must ensure data retention aligns with legal, regulatory, and contractual obligations. Data must be securely disposed of when no longer required. Secure disposal methods must be documented and adhered to.

 

Vulnerability Management

 

Suppliers are expected to identify, address, and report security vulnerabilities promptly. Suppliers must implement patches and updates to address vulnerabilities in a timely manner, based on the severity and risk of exploitation.

 

Secure Development Practices

 

For suppliers providing software or IT services, secure development practices must be followed. Suppliers must ensure that all software developed for or provided to TelXL is free from known vulnerabilities and that security testing is conducted prior to delivery.

Physical and Environmental Security

 

Suppliers must ensure that physical and environmental security measures are in place to protect TelXL’s data and systems from unauthorised access or damage. Secure facilities and network segmentation must be implemented where applicable.

 

Compliance with Industry Standards

 

Suppliers must comply with relevant industry standards, including PCI DSS where applicable, to protect sensitive data such as payment cardholder information.

 

Regular Audits and Assessments

 

Suppliers must conduct regular audits and risk assessments of their information security measures.

Sustainability and

Environmental Responsibility

 

Sustainable Procurement and Carbon Reduction

 

Suppliers are expected to support TelXL in its efforts to reduce its carbon footprint. This includes reducing energy consumption, minimising environmental impacts, and reporting on sustainability targets. Transparency on supply chain environmental impacts is essential.

 

Waste Management and Circular Economy

 

Suppliers must promote the circular economy by reducing waste, recycling materials, and minimising hazardous materials. Responsible waste management and sustainability must be embedded in all operations.

 

Human Rights and Labour Standards

 

Human Rights and Modern Slavery

 

Suppliers must comply with the UK Modern Slavery Act 2015 and ensure that their supply chain respects human rights. This includes eradicating forced labour, human trafficking, and exploitation. Robust due diligence must be in place to ensure compliance.

 

Diversity and Inclusion

 

Suppliers must demonstrate a commitment to diversity and inclusion, ensuring that their workplaces are free from discrimination and that all employees are treated equally, regardless of age, gender, race, disability, or other protected characteristics.

Social Responsibility

 

TelXL expects suppliers to support corporate social responsibility initiatives, including the promotion of diversity, sustainability, and community engagement, such as supporting apprenticeships and addressing the gender pay gap.

 

Monitoring, Audits, and Reporting

 

Compliance Monitoring and Audits

 

Suppliers must conduct regular self-assessments to ensure compliance with this Code.

 

Reporting and Transparency

 

Suppliers must provide transparency in all dealings with TelXL. Issues related to compliance, breaches, or ethical concerns must be reported immediately.