RigER makes every effort to assure that all third-party organizations (including cloud service providers) are compliant and do not compromise the integrity, security, and privacy of RigER.
As a RigER supplier/vendor you’re expected to act ethically and demonstrate integrity in all situations. You have a duty to follow policies and procedures found in this Code of Conduct, as well as those that are specific to your contract. You must also comply with all laws that apply to our business.
Quality Work Environment
We are committed to a supportive work environment, where our personnel have the opportunity to reach their full potential. Members of RigER team, as well as all third-party suppliers/vendors are expected to do their utmost to keep the workplace culture free of harassment, intimidation, bias, and unlawful discrimination.
Equal Opportunity Employment
We strictly prohibit unlawful discrimination or harassment on the basis of race, color, religion, veteran status, national origin, ancestry, pregnancy status, sex, gender identity or expression, age, marital status, mental or physical disability, medical condition, sexual orientation, or any other characteristics protected by law.
Drugs and Alcohol
Substance abuse is incompatible with the health and safety standards that RigER adheres to, and it’s not permitted. Consumption of alcohol is allowed at our office on special occasions, but we ask everyone to use good judgment and never drink in a way that: (i) leads to impaired performance or inappropriate behavior, (ii) endangers the safety of others, or (iii) violates the law. Illegal drugs are strictly prohibited in our offices or at work-related events.
Safe Workplace
We are committed to a violence-free work environment. We will not tolerate any level of violence or the threat of violence in the workplace.
Obey the Law
RigER takes its responsibilities to comply with laws very seriously. Every third-party supplier/vendor is expected to comply with applicable legal requirements and restrictions. You should understand the laws and regulations that apply to your work during the engagement with RigER.
Confidentiality/Non-Disclosure Agreement (NDA)
RigER uses non-disclosure agreements to protect confidential information using legally enforceable terms. NDAs are applicable to both internal and external parties. NDAs will have the following elements:
- Definition of the information to be protected
- Duration of the agreement
- Responsibilities and actions to avoid unauthorized disclosure
- Ownership of information, trade secrets and intellectual property
- Permitted use of the confidential information and rights to use information
- Process of notification and reporting of unauthorized disclosure or information leakage
- Actions in case of breach of agreement
IT Vendors
- IT vendors are prohibited from accessing RigER’s “Information Assets” (any resource relating to or containing RigER and its clients’ data) until a contract containing security controls is fully signed.
- IT vendors and partners must ensure that organizational records are protected, safeguarded, and disposed of securely.
- In cases where the IT Vendor compliance with RigER’s Information Security Program cannot be enforced (for example vendors that operate a subscription-based service provision model, i.e. Microsoft), RigER must ensure that those vendors have Information Security Programs and Policies and that the principles indicated in those policies align with that of our own.
IT vendor Contracts
Formal contracts that address relevant security and privacy requirements must be in place for all third parties that process, store, or transmit confidential data or provide critical services. The following must be included in all such contracts:
- Acknowledgement that the third-party is responsible for the security of RigER’s data that it possesses, stores, processes, or transmits.
- Use of key controls to ensure the protection of organizational assets – e.g. physical controls, controls for protection against malicious code, physical protection controls, controls to protect integrity, availability and confidentiality of information, controls to ensure the return or destruction of Information Assets after their use, controls to prevent copying and distributing information.
- Define how intellectual property rights are regulated.
- Responsibilities for responding to direct and indirect security incidents including timing as defined by service-level agreements (SLAs).
- Requirements for the return or destruction of data upon contract termination.
- Geographic limits on where data can be stored or transmitted.
