ish

CODE OF CONDUCT AND ETHICS

28/12/2021

1. ABOUT THE CODE

1.1 Introduction

          This ISH TECH S.A. Code of Conduct and Ethics ("Code" and "Company", respectively) is a document designed to improve the Company's internal and external relations, thereby increasing the trust of its customers, suppliers and employees. In order to keep in line with society's expectations, the content of this Code may be revised and updated.

           The company was set up with a lot of pioneering spirit and together with employees and partners, on the basis of trust, teamwork, honesty and mutual respect. In this context, corporate ethics were established to guide relationships, sustainability and community development.

1.2 What we believe

Missão: Somos uma empresa especializada na mitigação de riscos digitais, obstinada pela satisfação dos nossos clientes, por meio de produtos e serviços de cibersegurança que geram proteção real e valor efetivo, promovemos resultados para os acionistas e valorização do colaborador.

 

Visão: Sermos líderes na mitigação de riscos provocados pela transformação digital no mercado Enterprise no Brasil, com presença internacional e nos tornamos a principal referência para a alta gestão dessas companhias.

 

Valores: Na ISH, valorizamos a Família, o Crescimento, o Reconhecimento, a Lealdade, a Resolutividade e a Motivação, guiando nossas atitudes para cuidar uns dos outros, evoluir com competência, reconhecer o mérito, agir com verdade, solucionar desafios e fazer a diferença todos os dias.

 

Família – Se você cuida, você é cuidado.

Crescimento – Se você é proativo e competente, você cresce.
Reconhecimento – Reconhecemos o mérito e o bom trabalho uns dos outros.
Lealdade – Seja correto e verdadeiro à todo tempo.
Resolutividade – Perceba os problemas, entenda e solucione.
Motivação – Trabalhe todos os dias com vontade de fazer a diferença.

 

1.3 Who must follow our Code of Conduct

       The rules contained in this Code must be complied with by Shareholders, members of the Board of Directors and its advisory committees, members of the Audit Board, executive officers, employees or not, trainees, service providers, both of the Company and its subsidiaries, and by any person acting on behalf of the Company or its subsidiaries or who has dealings with the Company, by signing the Adhesion Agreement attached to this Code as follows Annex 1.3.

1.4 How to apply our Code of Conduct and Ethics

     In all our day-to-day situations, we must understand and respect our Code, other Company policies and rules, and the laws and regulations of the locations where we operate.

      Whenever there is a conflict between the guidelines of our Code and the laws, we must use the strictest criteria so that we have the highest standard of ethical behavior.

       Whenever in doubt about any decision to be made, use the questions below to evaluate your attitude:

  1. Would my family and friends approve of my decision or would I be embarrassed if I had to tell them?
  2. Could my decision harm the Company's reputation or image?
  3. Could my decision be published on the front page of my town's newspaper and would it be accepted?
  4. Am I sure I don't need to consult other people or areas of the company?
  5. If, after this analysis, you are still in doubt, consult and ask for advice from your manager or directly from the area responsible for the matter.
  6. If you are a service provider, talk to your company representative and, if you don't get an adequate solution, seek help from your contract manager at the company.

1.5 Responsibility of employees

     It is the responsibility of all Company employees to comply with all the provisions of this Code and to ensure that all third parties and partners in their relationship are informed of its content.

       All employees, without exception, must:

  1. Act ethically;
  2. Read, understand and comply with this Code;
  3. Follow all applicable laws and regulations;
  4. Understand the policies, procedures and processes applicable to their activities;
  5. Complete all training and obtain the necessary certifications.

1.6 Leaders' responsibilities

      Leaders must lead by example, being responsible for encouraging and engaging their teams in complying with the guidelines of this Code, demonstrating with conviction the correct application of the Code and the Company's policies.

      It is the responsibility of all the Company's Leaders to disseminate the contents of this Code to their subordinates and to make them aware of the need and importance of complying with it.

    In addition to their responsibilities as Employees, Leaders are responsible for creating an environment that promotes compliance with this Code, providing space for dialogue and clarification of doubts about the Company's policies and expected ethical behavior, avoiding any form of retaliation against those who report or denounce a possible violation.

1.7 Third party liability

      Third parties who have a contract or any other type of link with the Company have a duty to respect and enforce the guidelines set out in this Code. Their agreement to the Code must be formalized when the contract is signed and any and all concerns about possible violations of this Code must be communicated to the Company, and it is also a duty to collaborate in the event of investigations, when requested.

2. HOW WE SHOULD ACT

2.1 Working with health and safety

        We understand that all employees have the right to a healthy and safe working environment, which is why a commitment to health and safety is the responsibility of all the company's employees, partners and suppliers.

    The company ensures the health, quality of life and safety of all its employees. Therefore, compliance with all safety procedures is mandatory and, as an additional precaution, any situation that could pose a threat to the physical integrity of people in the corporate environment must be reported to the responsible manager.

     The physical, emotional, intellectual and social balance of employees is encouraged, as is the adoption and maintenance of healthy habits for the well-being and safety of their teams.

2.1.1 Expected behavior:

  1. Only carry out activities if you are trained, have the appropriate authorization and tools, and are in full physical and mental condition.
  2. Use PPE (Personal Protective Equipment) whenever the activity carried out by you, your employee, partner or supplier requires it.
  3. Prioritize health and safety over production or the provision of services in situations that pose a risk to anyone.
  4. Exercise your right of refusal when faced with situations that pose a risk to your health and safety.
  5. Act immediately when identifying any situation that poses a risk to the integrity of any person (Company employees or Third Parties).
  6. Know, understand and comply with legal requirements and internal health and safety standards.
  7. Comply with the company's rules regarding periodic occupational examinations.
  8. Inform your line manager of any medical treatment or medication that could interfere with your reflexes and, consequently, your safety at work.
  9. Find out how to proceed in emergencies.
  10. Report any unsafe act or condition in the workplace, as well as work-related accidents and illnesses, using the channels and procedures provided internally.

2.1.2 It is forbidden:

  1. Entering and/or remaining in the workplace, or any other activity related to the company, under the influence of alcoholic beverages. Its consumption internally is restricted to celebrations authorized by the Director in charge, always in moderation, and in such a way that it does not influence any type of behavior that may violate the guidelines of this Code.
  2. It is expressly forbidden to consume, possess, enter and/or remain under the influence of any type of illicit drug on Company premises or in Company-related activities. If you are under the influence of legal and/or prescription drugs, contact the Human Resources department for assessment and guidance.
  3. Carrying any type of weapon on the premises or in work-related activities. Employees who may use weapons as a work tool must be authorized to do so.
  4. Any kind of violence, whether physical or verbal.

2.1.3 Better understanding:

  1. Right of refusal: a rule that guarantees employees the right to refuse to do a task that involves a serious and imminent risk to their safety, health and/or that of other people. In addition, under this Code, employees have the right to refuse when they are asked to act and/or conduct themselves in a way that breaches ethics and compliance.
  2. Serious and imminent risk: any work condition or situation that could cause an accident or work-related illness with serious injury to the physical integrity of the worker.

2.2 Protecting our information

     We seek to protect the Company's printed, digital or intellectual information and we understand that all information produced during our activities is the property of the Company. 

      All property rights relating to intellectual property, such as copyright, innovations, improvements, projects, financial information, know-how, which may be created, directly or indirectly, by ISH employees, even if their duties are not related to the development of research or inventions, are the exclusive property of the Company, free of charge, which may use them in whole or in part, with or without modifications, and may apply to the competent official bodies for their registration both in Brazil and abroad. The contents of electronic messages sent and received through the "ish.com.br" domain are the sole property of the Company. 

2.2.1 Expected behavior

  1. Respect the "ISH" name and brand.
  2. Respect intellectual property guidelines and laws and do not copy, reproduce, transmit, distribute or use the documents, files, models, methodologies, research, projects, projections, analyses and reports produced in carrying out the Company's activities.
  3. Use professional e-mail appropriately and only for Company activities.
  4. Do not send corporate information or personal data of third parties to the external environment, whether by e-mail, flash drive, cloud or any other form.
  5. Be careful when talking about our business information in informal settings and public areas, as we never know who might be listening.
  6. Do not use Company information and content for private use or any use other than for corporate purposes without proper approval.
  7. Only share confidential, restricted and internal information with authorized people who need it.
  8. Preferably, share public information using the appropriate corporate channels in the Communications and Investor Relations areas.
  9. Report information security incidents such as the disclosure, unauthorized modification, loss or theft of business information and also the misuse or sharing of credentials such as access badges and passwords.
  10. Don't use WhatsApp groups to divulge strategic or confidential information, collect targets or post photos without the employee's knowledge.
  11. Monitor the implementation of the Data Protection Act (LGPD) and observe the privacy and control of personal data of the Company's employees and our service providers.
  12. Fully comply with the Company's Privacy Policy and all other applicable internal or external regulations relating to data protection and privacy.
  13. In restaurants, classrooms, cabs, public offices and events, you have to be extra careful about what you say. The advice is to only talk about business when necessary and always with neutrality and discretion. Since airports are places where people gather, many of them on business trips, they require special attention. The use of computers in waiting rooms and on board airplanes should only be done when necessary and with due care to prevent theft and exposure of strategic information.

2.2.2 It is forbidden:

  1. Share credentials (ID, passwords and badges) for individual and non-transferable use.
  2. Installing and using illegal copies of software or copies belonging to themselves or third parties on the Company's equipment, as well as transmitting unlicensed software through the Company's systems.
  3. Sharing information with other employees or third parties who do not need it for their work, regardless of the means of transmission (printed, electronic or oral).
  4. Allowing undue access to information through documents and materials left in desks, drawers and cupboards, as well as holding meetings and talking on the phone in public places (restaurant, airport, elevator, etc.) about Company matters.
  5. Breach any confidentiality terms signed with the Company.
  6. Disclose confidential information even after termination of employment with the Company.
  7. Using company information in lectures and academic papers without formal approval from the area manager.
  8. Transmitting or accessing inappropriate content, such as customers' personal data and financial information not yet disclosed to the market, commercial databases, sales tables, salary tables, contract databases and other standard Company documents.

2.2.3 Understand better:

  1. Strategic or confidential information: information that is not known to the market and whose disclosure could affect the company's business and activities. Examples of such information are: financial results, acquisitions or sales, trade secrets, investments and related matters.
  2. LGPD (General Personal Data Protection Law): a law that seeks to guarantee user control over their own personal data. The law defines personal data as any information relating to an identified or identifiable natural person, i.e. any data by which it is possible to identify a person or which, when combined with other data, makes such identification possible.

2.3 Respecting human rights

      The company respects all those who choose to work for it. People work for the company of their own free will, observing work safety rules and mutual respect between employees, and the company does not condone the use of child labor or forced labor. We seek to promote and respect human rights and understand that everyone is equal and deserves to be treated with dignity.

    The company offers its employees a healthy and safe working environment, based on the principles of mutual trust, respect, cordiality and awareness of treating others well, and does not tolerate any acts of harassment, embarrassment, threats, intrusions or improper insinuations of any kind, especially those that could be characterized as moral or sexual harassment.

    Employees who feel that their working environment does not respect the principles mentioned above or below are encouraged to report their concerns to the Ethics Committee.

      Expected Behavior:

  1. Respect the dignity and values of each person.
  2. Don't condone the sexual exploitation of children, adolescents or anyone of any kind and always support the fight against it.
  3. Don't condone child labor and always support the fight against it.
  4. Do not condone any employment practice that could be interpreted as degrading, forced or slave-like labor and always support the fight against this type of practice.

2.3.1 It is forbidden:

  1. Practicing any form of discrimination, whether based on religion, philosophical or political conviction, nationality, social or economic position, gender, race, disability, age, pregnancy, sexual preference, preference for a soccer team, among others.
  2. Allowing inadequate working conditions that could be considered degrading and/or unhealthy.
  3. Use of slave labor or child labor by any of our partners or suppliers;
  4. Making intimidating or abusive threats, gestures, words or behavior against the moral and physical integrity of any person.
  5. Adopting attitudes or statements that could be characterized as moral or sexual harassment.

2.3.2 Better understanding:

  1. Human rights: basic rights and freedoms of all human beings, considered fundamental to dignity, translated into the principles of the UN International Bill of Human Rights and the fundamental conventions of the International Labor Organization (ILO). Human rights include the right to life and liberty, freedom of opinion and expression, the right to work and education, among many others. Everyone deserves these rights, without discrimination.
  2. Work analogous to slavery: a situation that combines various degrading factors such as: inadequate premises that do not comply with occupational health and safety rules, exhausting working hours, forced labor, irregular labor documentation and debt bondage, among others.
  3. Bullying: exposing someone to humiliating and embarrassing situations, repeatedly and over a long period of time during the working day and in the course of their duties.
  4. Sexual harassment: a type of violence characterized by any sexual action or behaviour that takes place without the consent of the other person. This type of harassment encompasses a series of behaviors, ranging from physical contact to a comment with a sexual connotation.

2.4 Avoiding conflicts of interest

      When making decisions on behalf of the Company, we must consider the interests of the Company. We must not influence or make decisions that generate undue benefits for us or for people in our relationship, even if there is no harm to the Company.

       Business decisions must be based on opinions free from personal interest or gain. A conflict of interest can occur when your personal objectives interfere with your assessment and objectivity, or even your loyalty to the Company, and situations that create or appear to create conflicts should be avoided. ISH employees are not authorized to represent the Company in agreements that result in financial benefit for themselves, their relatives or friends, and any measures that result in personal benefit for themselves, their relatives or friends are prohibited.

2.4.1 Expected behavior:

  1. Do not request or receive any remuneration or benefit of any kind from suppliers, competitors, clients of the Company or their representatives as a bargaining chip to obtain undue advantages.
  2. Don't hire suppliers with the intention of helping them, whether or not you have a bargaining chip.
  3. Inform your immediate manager whenever you identify the possibility of a conflict of interest and act within your powers to resolve it.
  4. Direct family members and companions of employees may be hired as employees or consultants only if the hiring is based on personal qualifications, performance, skills and experience.
  5. Do not remain in a professional relationship in which there is direct or indirect subordination with an employee or service provider who is your financial dependent or with whom you have a family or emotional relationship.
  6. Don't make decisions or influence negotiations that could benefit you, a family member, a financial dependent or a person with whom you have an emotional relationship.
  7. Do not influence or participate in Recruitment and Selection decisions involving a financial dependent or a person with whom you have a family or emotional relationship.
  8. Do not influence, participate in decisions or obtain personal financial benefits in businesses contracted or in the process of being contracted or acquired by the Company with companies in which you or a family member is a partner and/or performs any type of administrative, supervisory, regulatory, management or advisory function, unless otherwise approved by the Company's competent body.

2.4.2 It is forbidden:

  1. Hiring, influencing the hiring of or being responsible for the management of clients, distributors, suppliers or freelance brokers with whom they have a family relationship of any degree or a shareholding, as such relationships may interfere with their actions on behalf of the Company.
  2. Have an economic or financial interest in competitors, as such interest may interfere with their actions on behalf of the Company.
  3. Carrying out any professional activity that is not related to the Company's activities in the workplace and during working hours.
  4. Obtaining direct or indirect financial advantage from organizations that maintain business relations with the Company, individually or collectively.
  5. Accepting, directly or indirectly, benefits, money or objects of value from any person or entity interested in creating business relations with the
  6. Benefit from inside information for the sale or purchase of Company shares directly or
  7. Maintaining parallel activities or being a partner, directly or indirectly, in a company that competes and/or conflicts with the business of the company.
  8. Hiring employees to carry out activities under direct subordination who have any degree of
  9. Taking advantage of a position in the Company to obtain favors or benefits
  10. Omitting the existence of family members in the Company or in partners and suppliers.

The prohibitions provided for in this item may be waived with the duly justified approval of the Company's Board of Directors. 

2.4.3 Better understanding:

  1. Conflict of interest: occurs when someone acts, influences or makes decisions in a biased way, being motivated by interests that are not those of the Company. It can be caused by relationships of any kind, by carrying out activities inside and outside the Company and by acts that result in personal benefit or that of third parties.
  2. Family members: for the purposes of this Code, relatives up to the 4th degree are considered to be: spouse, partner, father, mother, stepfather, stepmother, child, stepchild, father-in-law, son-in-law, daughter-in-law, brother, sister-in-law, grandfather, grandson, uncle, nephew, brother's father-in-law, cousin (children of your parents' siblings), among others.
  3. Career-related decisions: influencing or defining promotion, transfer, termination, benefits or remuneration.
  4. Financially dependent: a person who is totally or partially dependent on the income of a third party for their subsistence.
  5. Remuneration or benefits: any type of gift, hospitality and other items or services with a financial value, including cash, discounts, vouchers, airline tickets, accommodation, training, conferences and loans.

2.4.4 The participation of family members (whether or not nominated by the employee) in our selection and hiring processes is permitted, provided that the candidate is submitted to all stages of the selection process, without exception, and it is ensured that there will be no direct hierarchical subordination or any favoring or privilege, regardless of the degree of kinship with the Company employee.

2.5 Exchanging gifts and presents

        The company cultivates good relations with all its stakeholders, including the public administration, customers, suppliers and business partners, but believes that these are based on the technical quality of its products and solutions, and not on the exchange of gifts, presents or hospitality.

     Considering the legislation in force, the company has established specific rules for situations involving relations with the public administration and others applicable to the private sector. In general, the rules involving gifts, presents and hospitality in relations with the public administration are more restrictive than in private relations.

2.5.1 Expected behavior when the situation involves a public official or public administration:

  1. It is forbidden to offer, give or receive, directly or indirectly, favors, money, gifts, presents or hospitality to (from) public officials or to (from) persons related to them.
  2. Gifts: only the offering of gifts made available by the Company's Marketing department is authorized, as long as it is permitted by the counterparty's compliance and integrity rules.
  3. Gifts: it is forbidden to offer or receive gifts in favor of or from public officials and people related to them.
  4. Hospitality: it is forbidden to pay for or receive hospitality in favor of public officials or people related to them.
  5. It is only permissible to invite public officials to Company events that are educational, technical or scientific in nature. The invitation must be formalized by the Company and the authorization must be issued by the authorizing officer of the invited body, even if the invited public official is on vacation or on leave for any other reason. Expenses must be borne by the guest or the body, under no circumstances by the Company.

2.5.2 Expected behavior in private relationships (not involving public agents or public administration):

  1. Company employees should be aware that customers, suppliers and business partners usually also have internal compliance rules. Employees must therefore be familiar with them and respect them unreservedly.
  2. In eminently private relationships, it is permissible to offer and receive gifts, presents and hospitality, provided that the legal rules, the compliance and integrity rules of the Company and the other companies involved and this Code of Ethics are respected.
  3. It is the obligation of the Company's employee to declare to the Human Resources area the receipt of any and all gifts, presents and hospitality, with the exception only of items received directly from the Company and those distributed on a general basis to all participants (at events such as congresses and forums);
  4. The receipt of gifts and hospitality must be subject to the prior approval of a Statutory Director and/or Chief Executive Officer.
  5. Other gifts, presents and hospitality received by employees should be forwarded to the Human Resources department, to be raffled off among the company's entire workforce, avoiding privileges or conflicts of interest.
  6. Only offer clients, suppliers, partners or third parties the gifts made available by the Company as part of the Company's communication and institutional relationship strategy, provided that they have been approved by the Director responsible.
  7. Hold business meals as long as each party bears their own expenses, they don't take place during the negotiation and/or contracting phase and they take place during working hours. Dinners are not recommended.

2.5.3 It is forbidden:

  1. Offering or giving, directly or indirectly, favors, money, gifts, presents or hospitality to public officials or people related to them.
  2. Accepting and/or requesting any type of gift, present or hospitality in the form of a favor, money or object of value.
  3. Participating in events sponsored or promoted by partners, suppliers or representatives of our relationship group, without the formal approval of the Director responsible.
  4. Receiving or offering gifts or hospitality in exchange for favors, benefits or advantages, or with the intention of influencing the obtaining, contracting or maintenance of business.
  5. Marketing gifts, presents and hospitality internally or externally.

2.5.4 Better understanding:

  1. Gift: product or courtesy item, usually of an advertising nature, with no representative economic value, made available corporately, with an estimated value limited to R$ 100.00 (one hundred reais). Examples: Office supplies, diary, pen, calendar, cap, book, chocolate, panettone.
  2. Gift: product or item with representative economic value, such as drinks, flowers, vouchers, gift baskets, tickets, entertainment, among others, with an estimated value of more than R$ 100.00 (one hundred reais).
  3. Hospitality: includes travel expenses such as accommodation, travel (by air, land and/or sea), receptions, meals and other related costs.

In any case, if there is a divergence between the compliance and integrity rules of the company and those of the counterparty, the more restrictive rules must be applied and respected.

2.6 Relationship with suppliers

       We believe that the selection and management of our suppliers should be conducted honestly, with integrity, ethics and transparency. We work as a partner with companies of different sizes and from various locations and we seek relationships with suppliers who practice our values.

        The company formalizes its commitment to a culture of ethics and integrity for its business partners and main suppliers, in order to engage them in the fight against corruption, fraud, anti-competitive attitudes and other illicit activities. To this end, it requires a similar commitment from its supply chain and its partners, according to risk classification and/or degree of importance, as well as monitoring the record of activities carried out.

2.6.1 Expected behavior:

  1. Maintain business relationships with suppliers who act in accordance with our standards of ethical behavior.
  2. Always select suppliers based on objective, technical and economic criteria, taking into account legal compliance and the company's health, safety and environmental requirements, with guarantees of fair conditions for all participants.
  3. Take care of the information used during the relationship with suppliers and bidders, including technical, commercial, strategic, registration, financial and management information, whether it belongs to the Company or to third parties.
  4. Demand compliance with labor and social security legislation.
  5. Demand compliance with all the clauses of the Service Agreement signed with the Company, including environmental protection, use of PPE, payment of employees and confidentiality of information.

2.6.2 Expected behavior in the case of brokers, administrators and accredited professionals:

  1. Carry out hiring and accreditation with a long-term vision, establishing a relationship of mutual respect and trust.
  2. Conduct all activities with brokers and accredited professionals with clarity and professionalism, defining the rights and duties of each party by mutual agreement.
  3. Protect the Company's brand by establishing the conditions under which it may be used by brokers, administrators and accredited professionals.

2.6.3 Understand better:

  1. Supplier: a company with which the Company has a contract or relationship for the supply of goods, services or consultancy.
  2. Bidder: a natural or legal person who is bidding in a Company quotation process.

2.7 Hiring third parties

       In order to reduce the chances of the company being involved in cases of corruption or fraud in tenders and contracts, due to the actions of third parties, it is important to adopt appropriate checks for hiring and supervising suppliers, service providers, intermediary agents and associates, among others, especially in situations of high risk to integrity. In this way, the Company's contracts will be guided by the standards described below, the conduct of which must be adopted by the contractors:

  1. Commitment to integrity in public-private relations and to the guidelines and policies of the ISH, including the provision for the application of its Integrity Program, if applicable.
  2. Provision for contract termination if the contractor commits acts harmful to the public administration, whether national or foreign.
  3. Payment of compensation by the contractor in the event that the contracting company is held liable for an act of the contractor.
  4. Checking that the third party is acting in accordance with what has been agreed in the contract and is not behaving in a way that goes against your values or the law.

2.8 Investor relations

      We work to preserve the interests and protect the rights of our shareholders, investors and stakeholders, always in line with the best corporate governance practices in the market and with the rules and regulations of the CVM (Securities and Exchange Commission). We adopt transparent practices, always providing complete, reliable, clear and objective information to our shareholders, investors and stakeholders.

2.8.1. Expected behavior:

  1. Immediately forward any and all requests from shareholders and/or investors made directly to employees to the Investor Relations area via e-mail at ri@172.31.200.153, so that they can be dealt with appropriately.
  2. Ensure that transactions involving related parties are previously assessed and approved by the governance bodies, under the terms of the Related Party Transactions Policy.
  3. Maintain a good relationship with all shareholders, regardless of the number of shares they hold.
  4. Comply with CVM (Securities and Exchange Commission) regulations.

2.8.2 It is forbidden:

  1. Trading in the shares during the closed trading periods set out in our "Securities Trading Policy".
  2. Using inside information about the Company to benefit directly or indirectly from the sale or purchase of shares, or passing on inside information so that third parties can benefit from it (misuse of this information is illegal and may result in administrative, civil and criminal sanctions).

2.9 Customer relations

        We strive to offer quality products and services, taking into account new technologies and solutions that make developments more sustainable and cost-effective.

2.9.1 Expected behavior:

  1. Establish a relationship of mutual trust with the highest quality in the provision of our services.
  2. Adopt clear and transparent communication strategies about our products and services with a focus on what we are able to deliver, including reservations, discounts, prices and deadlines.
  3. Act promptly and transparently, informing our clients of situations that are beyond the Company's control and that could jeopardize the delivery time or the regular operation of our projects.
  4. Serve our customers quickly and efficiently.
  5. Treat our customers' information with confidentiality and caution.

2.10. Relationship with the environment

          We consider the preservation of the environment and the promotion of sustainable attitudes to be a priority. 

2.10.1 Expected behavior:

  1. Act in accordance with current environmental legislation.
  2. Minimize the amount of natural resources, mainly water and energy, used in the company's units.
  3. Take action to make our business, our production and our services increasingly sustainable.

2.11. Press relations

The company values a good relationship with the press, which is why we work with objective and transparent communication.

2.11.1 Expected behavior:

  1. Take care of the company's image and reputation.
  2. When receiving a request for information about ISH from journalists or professionals working for TV, radio, website, newspaper and/or magazine, no employee is authorized to transmit it without first contacting the Company's Corporate Marketing area.
  3. Only express opinions, grant interviews, participate in debates or discussions when formally authorized by the Board of Directors.
  4. When invited to give lectures or provide information for academic papers or write articles about the Company or its subsidiaries, it is essential that the employee requests prior authorization from their immediate manager and that, together, they define what can be disclosed without breaching confidentiality criteria or causing damage to the Company's image.
  5. Any doubts should be shared with the Corporate Marketing area, which may be able to help with information that can add to the work or lecture and is not harmful to the company.
  6. Any approval limits for granting interviews on behalf of ISH, as determined by the Executive Board, Committees or the Board of Directors, must be observed.

2.12. Relations with Public Entities

       We have a good relationship with all municipal, state and national entities, such as city halls, urban and environmental licensing bodies, notary offices, regulatory agencies and autarchies.

        If employees receive requests or offers of "facilitating payments", they must immediately report this to the Compliance and Internal Audit department. Failure to comply with anti-corruption laws can result in serious penalties for the Company and/or its employees, including criminal liability for the individual involved in fraudulent payments. In addition, disciplinary measures may be applied in the event of proven guilt on the part of employees, including dismissal for just cause.

2.12.1 It is forbidden:

  1. Offering, paying, promising to pay or authorizing the payment of any money, gifts or valuables to any public official or employee;
  2. Agreeing to undue advantages in order to obtain and/or reduce the terms of authorizations, permits, decisions, etc;
  3. Influencing any act or decision by a public authority or official;
  4. Inducing a public authority or official to perform any act in breach of their legal duties.
  5. Hiring current or former public officials and people related to them without proving the technical nature of the choice, and a minimum 6-month quarantine period must be adopted before any hiring takes place.

2.13. Bidding

          The Company and its subsidiaries participate in tenders for contracts with public authorities and, in addition to the other provisions in this Code, the Company and its employees must follow the guidelines in this item in order to mitigate the related risks.

2.13.1 Expected behavior:

  1. To analyze in detail the documents that will be presented for the participation of the Company or its subsidiaries in tenders, in order to mitigate the risks of falsification or possible fraud in the process.
  2. The definition of prices must strictly follow pre-established technical parameters, in line with the pricing policy practiced by the institution in similar situations.
  3. Processes involving high-risk activities must be approved by a higher hierarchical level or by the Ethics Committee.
  4. Rotate company employees who have contact with public officials.
  5. Avoid meetings between a single company employee and public officials.
  6. Preferably hold the meeting with more than one public official present.

2.14. Relationship with competitors

          We believe in fair competition and maintain a professional relationship of respect and cordiality with our competitors.

        Our relationship with competitors is based on (i) ensuring autonomy to define price and product policies; (ii) maintaining relationships based on fairness, ethics and honesty; and (iii) ensuring compliance with current legislation and the Brazilian Competition Defense System.

     Any information related to the Company's business strategies, because it is linked to the competitiveness of the companies, must remain confidential and may not be disclosed under any pretext or used for the employee to obtain any kind of advantage or personal favor.

2.14.1 Expected behavior:

  1. Participate in meetings of associations and events in the same sector as the Company with a clear awareness that there are types of information that cannot be shared in these environments. Some examples: business or communication strategies; performance projections; certain performance data; confidential information, among others;
  2. Take special care when attending meetings with associations and benchmarking work;
  3. avoid actions that could be interpreted as anti-competitive, monopolistic or in any way contrary to international, national or local laws that control competitive market practices.

2.15. Relations with trade unions

       We value a good relationship with trade unions and respect free association on the part of employees and the entire collective bargaining process, recognizing compliance with collective agreements.

2.16. Taxes, contracts and accounting records

      Establishing strict accounting procedures, whether for incoming or outgoing movements, is essential for identifying improprieties. Bribery, like other illicit practices, is usually disguised in the accounts as legitimate payments such as commissions, consultancies, travel expenses, scholarships, entertainment, etc. The organization establishes relevant controls to ensure compliance with current legislation and to prevent financial and accounting fraud. The relevant records are kept for the statutory period.

2.16.1. Expected behavior:

  1. All taxes involved in the purchase and sale of products and/or services must be paid in full and compulsorily.
  2. Negative federal, state and municipal tax certificates must be issued according to their expiration dates and filed in the responsible area for future reference.
  3. Obtain express authorization from the director of the area related to the need to contract services;
  4. Research prices in at least 3 locations in order to opt for the lowest price obtained in the market research;
  5. Obtain express authorization from the director of the demanding area justifying any payment of amounts above market value;
  6. Obtain information on the delivery of the product or service;
  7. When demanded by a client or internal area, record comments on the quality of the service provided in comparison to the amount paid, taking practical measures to mitigate the recurrence of the same problem.

2.17. Using the Company's resources correctly

          The Company's assets must only be used to carry out the professional activities necessary to conduct our business.

2.17.1. Expected behavior:

  1. Be committed to optimizing resources and reducing costs and expenses in all the Company's activities, understanding their importance, while always maintaining the quality of the products and services offered.
  2. Practice the Company's principles and values in all its establishments and units, and also in public places, training or events, before authorities and/or public bodies, society and the market in general.
  3. Dedicate your working hours to carrying out professional activities related to the Company. Other activities should be carried out during breaks and meal times.
  4. Take care of the Company's assets, especially those under your responsibility, such as Personal Protective Equipment (PPE), vehicles, equipment, furniture, radios, computers and telephones.

2.17.2. It is forbidden:

  1. Using or lending the Company's assets for personal use or for the use of third parties.
  2. Trading or bartering goods of particular interest, except in places and at times previously authorized.

2.17.3 Understand better:

  1. Barter: a type of contract in which one of the parties is obliged to give something in exchange for something other than currency.

2.18. Fighting corruption

         The Company is committed to the applicable rules and guidelines established by the laws to prevent and combat corruption, which is why we have zero tolerance for corruption and believe that the abuse of power to obtain personal advantages is not a fair way of doing business. Therefore, the Company does not condone corruption, cartel formation, fraud, money laundering, illicit bidding and competitive processes and any other act against the Public Administration, whether by its employees or by third parties acting on its behalf.

         Employees should be aware that offering or delivering improper benefits to influence the decision of a third party, even if that third party is not a member of the government or any sphere of public power, can lead not only to disciplinary sanctions, but also result in criminal charges.

2.18.1 Expected behavior:

  1. Do not offer, promise, give, transfer, receive or authorize any kind of bribe.
  2. Be vigilant and report any suspicion of bribery.
  3. Immediately report the receipt of requests or offers of "facilitation payments" to the Company through its Whistleblowing Channels, indicated in item 3.3.1 of this Code.

2.18.2 It is forbidden:

  1. Offering or receiving any kind of gift, favor or anything of value, directly or indirectly, to influence a decision or obtain an undue advantage, directly or through third parties.
  2. Offering, paying, promising to pay or authorizing the payment of any amount of money, gifts or valuables to any public official or employee.
  3. Agreeing to undue advantages in order to obtain and/or reduce the deadlines for permits, authorizations, permissions, decisions, etc.
  4. Inducing a public authority or official to perform any act in breach of their legal duties.
  5. Any fraudulent or dishonest conduct involving the property, assets or financial and accounting reports/statements of the Company, its subsidiaries or any third parties. This type of conduct can lead not only to disciplinary sanctions, but also result in criminal charges.

2.18.3 Understand better:

  1. Corruption: is related to bribery, the act or effect of corrupting, offering something to obtain an advantage in a negotiation where one person is favored and another is harmed.
  2. Bribery: offering, promising, giving or receiving something of value to any person in exchange for favorable treatment from a company, government authority, public official or government.
  3. Something of value: any kind of benefit, such as money or money-equivalent items, goods or property, gifts, premiums, etc. It can also be some intangible benefit, such as inside information, tips on possible changes in the Company's shares or advice on carrying out a business transaction.
  4. Facilitation payments: These are payments made to employees in both the public and private sectors, as a personal benefit, to guarantee or speed up the execution of routine acts to which the Company is entitled.

2.19. Sponsorships and Donations

        The company is committed to business integrity and is attentive to the background of those who will receive its funding, sponsorships or donations, to avoid possible associations of its image with fraud or corruption.

2.19.1 Expected behavior:

  1. Establishment of criteria both for selecting recipients and for monitoring approved projects.
  2. Adoption of mechanisms to verify that the amounts are being used for the lawful purposes for which they were originally intended.
  3. Verification of the relationship between the beneficiary institution and public officials, to avoid the use of funds to hide undue payments or advantages.

2.20. Mergers, acquisitions and corporate reorganizations

       In order to prevent liability for harmful acts committed by another company with which it is involved as a result of mergers, acquisitions or corporate restructurings, the company must establish measures to verify whether the other company has been or is involved in harmful acts against the public administration, whether national or foreign, and whether it has vulnerabilities that entail integrity risks.

2.20.1 Expected behavior:

  1. Checking documents, corporate books, financial statements, validity of licenses and permits, documented processes and procedures, searches in public databases and on the internet, among other means.
  2. If there are incidences of irregularities and the company still decides to go ahead with the acquisition/merger process, it should be checked whether the target company has remedied the problems, applied disciplinary sanctions, reported to the public administration and cooperated effectively with the investigations.
  3. Ensure that the integrity program is extended to the new company.

2.21. Diversity and inclusion

          The company is committed to creating and maintaining an inclusive and accepting workplace where everyone, without exception, feels comfortable being who they are. Our actions aim to ensure fair work opportunities, after all, we value our team because they are our best asset. This means that everyone is treated equally at all times, such as hiring, promotions, training, compensation, terminations and corrective actions.

         The company does not tolerate discriminatory attitudes on the part of any employee, supplier or third party.

2.21.1 It is forbidden:

  1. Practicing discrimination of any kind, be it: by gender, ethnicity or skin color, aesthetic choices (haircut, tattoos, piercings, etc.), sexual orientation (LGBTQI+), disability (intellectual, cognitive, physical, hearing, visual), political conviction, religion, among others;
  2. Speculating about someone's sexual orientation or gender identity in a disrespectful way, publicizing it or making prejudiced comments;
  3. Discriminating against, blocking or retaliating against any employee interested in participating in internal recruitment processes as a natural alternative for career development;
  4. Making unwanted jokes, mockery, imitation or disparagement of any person with the intention of discriminating against them.

2.22. Behavior and clothing

          ISH employees are free to dress as they prefer, as long as they wear clothes that are appropriate for the work environment and corporate events. We suggest avoiding exaggeration so that clothing does not take precedence over professionalism, and so that embarrassing situations are not created as a result of its use.

2.23. Social Responsibility

       The company is committed to and concerned about the sustainable development of the communities where it operates, with respect for people and the environment.

      Social responsibility will be reinforced through support for recognized projects of an educational, sporting, cultural or philanthropic nature.

         Social responsibility is also expressed in the way the company conducts its business, basing its processes and activities on sustainable development in its area of operation.

2.24. Coexistence in the Company

      The company ensures that its employees live well together in its environments and expects them to take care to preserve its resources and confidentiality.

2.24.1 Expected behavior:

  1. You need to be vigilant when circulating emails and confidential documents, not leaving them exposed on your desk or computer screen and making sure that they reach the recipient without deviation.
  2. Passwords and other access codes to internal systems are individual and non-transferable. ISH does not allow them to be shared and holds the owner fully responsible for their use.
  3. Taking care of media resources and other devices provided for the performance of their activities (cell phones, USB sticks, CDs, notebooks and printers).
  4. Avoid installing media resources and using proprietary and/or unauthorized devices for transporting or transmitting work-related information.
  5. Any and all events that jeopardize information security, as well as any related incidents, must be reported to the Information Security Committee, which is responsible for evaluating the company's Information Security Policies.

2.25. Environmental preservation and sustainability

         The company is committed to building a better world from a social, environmental and financial point of view. Through sustainable working relationships, we guarantee solid results, develop people and society as a whole. Respect for the environment is fundamental in carrying out the company's activities.

       The company acts preventively and correctively to solve problems that could cause environmental damage and, if environmental risks materialize, it promptly informs its stakeholders and the public authorities.

2.25.1 Expected behavior:

  1. All employees must act responsibly, identifying and preventing environmental risks in the course of their activities, immediately informing the appropriate bodies and/or public authorities of any incident that could cause damage to the environment;
  2. All employees must ensure the responsible use of natural resources and encourage other employees and partners to seek sustainable solutions for their activities, with the least possible impact on the environment.

2.26. Using social networks

        The Company encourages the ethical, safe and legal use of new communication and interaction technologies, including so-called social networks such as Instagram, Facebook, LinkedIn and Twitter.

        However, the company repudiates the use of social networks to commit offenses, unlawful, unethical acts or acts contrary to the good conduct suggested here. The publication and dissemination of images, comments and any privileged or restricted information relating to the Company, its employees, suppliers and clients is not permitted. The Company does not allow employees to associate their personal activities with its brands or use them as a reference for public demonstrations or on social networks.

2.26.1 Expected behavior:

  1. Proper posture when using electronic environments and when participating in virtual communities, chat rooms or discussion forums that involve the ISH commercial name or brand, with prior authorization.
  2. Direct any customer complaints posted on social networks to the sales/marketing area, so that the appropriate treatment can be given to each case.
  3. Do not share information and comments about the Company and its clients on social networks, either on your own profile or that of a third party.
  4. Understand that the information disclosed on your own profile is the responsibility of the employee and not the company. Use your personal social media profile only to make public situations involving your relationship with the Company, without unduly exposing the brand or linking it to inappropriate conduct.
  5. Only use the internet, whether through personal mobile devices or in the company environment, during breaks and in a moderate way.

3. WE ARE GUARDIANS OF THE CODE OF CONDUCT AND ETHICS

3.1 Keep up to date

      The company's reputation is built by all of us, our attitudes and the decisions we make on a daily basis. That is why it is essential that our actions are always in line with our values and this Code.

3.1.1 For this alignment to occur:

  1. Take part in the mandatory periodic training sessions we provide on the provisions of this Code.
  2. Keep up to date with policies and other regulations related to your duties.

3.2 Communication and Training

      The Company has a communication and periodic training plan for its employees, which must take place at least annually, in order to disseminate and raise awareness of the importance of faithful compliance with this Code of Conduct. The training sessions will be organized and coordinated by the Ethics Board, which must notify all of the Company's employees at least one week before the actual date of the training session.

3.3 Reporting violations

      Whenever you witness or suspect any violation of this Code, it is your responsibility to report it to your manager, to the Compliance and Internal Audit area or to the Company's Whistleblowing Channel at https://grupoish.eticca.com.br.

      Complaints may be made by any employee, business partner or external public in general (including, but not limited to, the company's clients, suppliers and service providers), whether identified or not, provided that there is conduct contrary to the provisions of this Code of Conduct and Ethics. Complaints must be based on facts and evidence that prove the need to open an investigation, and should not be made in situations of personal disaffection or unfounded situations.

3.3.1 Reports to the Whistleblowing Channel can be made with identification or anonymously. It is operated by a specialized third-party company, guaranteeing independence, confidentiality and security, avoiding any kind of disclosure of the whistleblower and supervised and controlled by the Company's Ethics Board, in conjunction with the Compliance and Legal Affairs Area, which is responsible for maintaining the anonymity of the reports received. However, it is important to emphasize that the whistleblower must act responsibly when making reports, which must be consistent, detailed and truthful. In addition, the Whistleblowing Channel can be accessed in the following ways:

  1. E-mail: grupoish@eticca.com.br
  2. Web form: https://grupoish.eticca.com.br/denuncia
  3. Telephone: 0800 717 7725. Service from Monday to Friday, from 8am to 6pm.

3.3.2. The above channels can also be used to clarify doubts related to the integrity program.

3.3.3 The investigative process will follow the deadlines described below, the maximum period being 45 days, which may be extended for an equal period, depending on the seriousness of the case.

  • Receipt and analysis of the complaint - 7 days
  • Fact-finding investigation - 15 days
  • Right of defense and instruction - 10 days
  • Issuing a final opinion - 7 days

3.3.4 If interested, those involved in whistleblowing processes can follow up on the progress of the investigation at any time, on direct request to the Ethics Committee, which is the body responsible for investigating complaints. Complaints made via the web form can be followed up by consulting the single protocol disclosed to the complainant when the complaint is registered. This can be done directly on the web form, under the "Search complaint progress" tab. Once these steps have been completed, the results of the investigations will be reported to the CEO. If irregularities are found, the Company will promptly stop them and apply the appropriate solution.

3.3.5. The Company will not tolerate retaliation or any undue attitude, at any level of the company, against anyone who is doing their duty, such as a good faith employee who reports their concerns, regardless of the hierarchical level of the violator and the victim. In addition, the whistleblower in good faith will be protected by the company and must report any compliance concerns to the Ethics Committee, so that the appropriate measures can be taken.

3.3.6. The following are protection mechanisms that prevent retaliation against Employees, business partners or any person outside the Company who makes complaints about this Code: (i) guaranteeing the anonymity of the whistleblower; (ii) the operation of the whistleblowing channel by a specialized company, hired for this purpose; (iii) the supervision of the whistleblowing channel by the Ethics Board and the Compliance and Legal Affairs Area, which, among their competencies, will maintain the anonymity of the whistleblower; and (iv) the due investigation of all reports received in order to prove their veracity, based on the facts and evidence presented.

3.4 Roles and responsibilities

       The content and publication of this Code was approved by the Compliance and Legal Affairs area, Internal Audit, the Management and Advisory Committee and the Company's Board of Directors.

      In the event of situations arising which could be considered unethical or illegal, or which are not in line with this Code, everyone must act to protect the Company's image by escalating the situation to those responsible for acting to resolve the problem. Employees can therefore count on the support of the following areas/people:

  1. Your immediate boss;
  2. The Company's People Management, Compliance and Legal Affairs and Internal Audit departments.

3.4.1 Management and Advisory Committee

    The Management and Advisory Committee is responsible for deciding on ethical challenges that are not resolved by the supervisory chain and involve the company, its managers and employees. Its meetings take place periodically and are described in detail in its Internal Regulations.

3.4.2 Compliance and Legal Affairs Area

      In order to promote greater transparency in the Company's activities, comply with applicable legislation and the legal business practices to which it is subject, the Company has a Compliance and Legal Affairs Area, which is directly linked to the Board of Directors.

      The area is responsible for coordinating the drafting and revision of this Code together with the Management and Advisory Committee, in order to adapt or include new items or concepts not provided for when necessary.

    One of its other responsibilities is to widely disseminate the Code and its guidelines, coordinating and operating training sessions or through internal communication campaigns whenever necessary.

    The area and the Ethics Board are jointly responsible for investigating communications received through the Company's whistleblowing channels and other whistleblowing tools, and must ensure that questions are resolved reliably, confidentially and free from any kind of retaliation or discrimination. In addition, they are responsible for responding promptly to any failure to comply with this Code, requesting that the appropriate disciplinary measures be applied.

3.5 Resolve your doubts

        Seek guidance when ethical dilemmas, conflicts of interest, doubts of interpretation and situations not provided for in our Code of Ethical Conduct arise.

3.6 Consequences of violations

     Violations of this Code, other Company policies, standards, procedures and guidelines are applied taking into account the type of violation and its seriousness, the guidelines of the Company's Management and Advisory Committee and applicable legislation, and subject violators to consequences, which include:

  1. Written warning;
  2. Suspension;
  3. Unjustified dismissal;
  4. Dismissal for cause;
  5. Removal of senior management members involved in acts of corruption and fraud against the public administration;
  6. Filing appropriate legal actions; and
  7. Others provided for by law.

      In cases where sanctions need to be applied, the Ethics Committee will be responsible for analyzing and deciding on the process and the CEO will validate it. Employees should be aware that sanctions are not limited to the disciplinary measures set out in this Code, and may be taken to the competent judicial and/or administrative spheres.

3.7. Approval levels

        Levels of approval are established for matters that depend on higher levels of authority for the final decision.

3.7.1 Purchase of goods and services

Responsible Limit
Innovation Director R$ 10.000
Service Director R$ 10.000
Regional Director R$ 10.000
Sales VP R$ 10.000
Administrative/Financial Director R$ 10.000
CEO Above R$ 10,000

3.7.2 Acquisition of goods to be marketed, in accordance with specific policy and data from the Project's Approved Financial Engineering:

Order of responsibility Responsible
1 Account Executive
2 Regional Director
3 Sales VP
4 CEO
5 Administrative and Financial Director

3.7.3 Swaps

Responsible Limit
Regional Director up to R$ 100.000
Statutory Director up to R$ 500.000
CEO over R$ 500,000

3.7.4 Hiring and/or changing staff

For situations involving the addition of amounts to the available budget.
Responsible Situation
Board of Directors Linked to the financial engineering of the commercialized project
CEO Increasing staff without hiring, or promotions without reductions in return

3.7.5 Use of the company's physical resources to receive guests involving public officials

Responsible Limit
Regional Director up to R$ 100.00/guest
Statutory Director From R$ 101.00/guest to R$ 200.00/guest
CEO Above R$ 201.00/guest

3.7.6 Use of company vehicle to favor clients and/or third parties

E.g. Transportation of client equipment assuming imminent risks (without invoice, insurance, etc.)
Responsible
Administrative and Financial Director

3.7.7 Invitations to travel and take part in events

Events Clients Employees Partners
National Regional Board Regional Director Statutory Board
International Sales VP CEO CEO

3.7.8 Granting interviews on behalf of the ISH Group

ResponsibleSubjects
Innovation DirectorateInnovation/Partners
Services BoardProjects/technologies
Sales VPCases/trends
CEOCorporate Affairs and Crises

3.7.9 Granting gifts

Order of responsibilityResponsible
1Regional Board
2Sales VP
3CEO

3.7.10. This Code of Ethics comes into force when it is approved by the Board of Directors, and will remain in force for an indefinite period, until there is a resolution to the contrary.
3.7.11. This Code of Ethics may only be altered by resolution of the Company's Board of Directors, and the respective alterations must be promptly communicated by the IR Director to those to whom they are addressed, to the CVM, and to the market entities in which the securities issued by the Company are admitted to trading, and shall apply to all on the date of notification.
3.7.12. Any questions or clarifications regarding the application of this Code of Ethics should be sent to the Investor Relations Department at ri@172.31.200.153.
3.7.13 . This Code of Ethics will be published on the Company's website for general dissemination.

3.8 Reference documents

       U.S. ForeignCorrupt Practices Act of 1977 ( FCPA) and Brazilian Anti-Corruption Laws, namely Law No. 12,846 of August 1, 2013, as amended, Law No. 9,613 of March 3, 1998, as amended, and Decree No. 8,420 of March 18, 2015.

AGREEMENT TO ADHERE TO THE CODE OF CONDUCT AND ETHICS OF ISH TECH S.A.

     I hereby declare that I have read the ISH TECH S.A. Code of Conduct and Ethics and, having read and understood its contents, I am aware of the guidelines and rules contained in this document.

     I undertake to follow these guidelines in my professional activities, whether as an employee or business partner, under penalty of disciplinary measures, termination of contract, and even civil and criminal liability, as provided by law.

      Membership should preferably be done by means of an electronic confirmation.

Full Name/Business Name 
CPF/ME or CNPJ/ME 
Area 
Signature 
Date 

Code of Conduct and Ethics

Copyright © 2024 ISH Tecnologia, All Rights Reserved.