- Value [1] Corporate Social Responsibility
- SAS maintains its commitment to corporate social responsibility. In 2012, the SAS Executive Sustainability Council continued
its role ensuring that sustainability goals and priorities permeate every aspect of the company's operations. The Corporate
Social Responsibility (CSR) Task Force is an interdepartmental group that meets regularly to integrate these efforts across
the business. These teams work closely with various departments and ensure that policies and initiatives regarding CSR are
considered in all aspects of the business.
- Value [2] Ethics
- Ethics and Compliance -- Since 2005, SAS has offered courses to help employees better abide by the SAS Code of Ethics, internal
policies and procedures and applicable external rules and regulations.
- Value [3] Compliance
- Value [4] Training
- SAS provides this training to help all employees make the right choices when ethical and regulatory challenges arise. Government
regulations and contractual commitments also require SAS to provide certain ethics and regulatory compliance training to employees
and certain contract workers to protect the interests of SAS' business partners, the government and society... The following
training is required of all employees: Code of Business Ethics; Information Security; Export Controls Awareness; SAS Business
Ethics in Selling, Buying and Competing; Respect in the Workplace; and Foreign Corrupt Practices Act. SAS provides specialized
training for personnel as needed. For example, California employees take (as required by California law) Sexual Harassment:
Promoting Appropriate Behavior, and employees who work with military and intelligence sector government customers take Defense
Export Controls (ITAR). In 2012, SAS expanded its training to include Privacy and Data Protection for Global Companies. This
training covers how SAS complies with laws that ensure protection of our customers', employees' and partners' private information.
In-person, targeted compliance training is conducted periodically. For example, in 2012, attorneys in the Compliance group
did in-person trainings related to export controls at our United Kingdom and Washington, DC-area offices, and our privacy
attorney did specific training for SAS Solutions OnDemand employees.
- Value [5] Corporate Citizenship
- Finally, SAS gives this training to all employees so that the people of SAS can continue to make the company a good corporate
citizen. Training is provided online worldwide to all employees, and targeted training is also provided in person to particular
groups on specific issues, such as gift laws relating to government officials or export laws on encryption software exports.
- Value [6] Monitoring
- SAS monitors compliance with its governance and ethics training programs in a variety of ways. For example, online training
completions are tracked by a third party, as well as by SAS' internal Learning Management System. Automated reminders are
sent to those who have not completed the training programs as the deadline approaches, and managers are contacted as trainings
become overdue.
- Value [7] Anonymity
- SAS operates an electronic (email/Web-based) and telephonic ethics hotline that allows for anonymous employee complaints.
Employees may also contact their manager or any other manager with whom they feel comfortable to provide feedback. SAS will
not retaliate against anyone who makes a good faith report of ethical, regulatory or legal compliance issues. Additional information
on employee feedback channels is provided in the Employee section.
- Value [8] Anti-Corruption
- SAS has an anti-corruption program consisting of contractual requirements in all agreements with contractors and consultants,
an advance due diligence process for engaging with new suppliers and potential acquisition targets, ongoing due diligence
screening of suppliers, in-person and online training, expense record and expenditure reviews and audits, and global outreach
efforts through organizations such as the UN Global Compact. SAS did not report any incidents that happened to or involved
SAS with regards to public policy, corruption, ethics, bribery or privacy issues in 2012. However, the state of Washington
conducted an investigation into the actions of one of its government employees, which involved a purchase of SAS products.
SAS investigated and concluded that it did not violate any laws or regulations, and no legal action was taken against SAS
by the state of Washington. In part as a result of this investigation, however, SAS did provide additional anti-corruption
training for employees involved in government sales.
- Value [9] Privacy
- The Ethics and Compliance group in the SAS Legal Division ensures that personal data is used by SAS in compliance with applicable
laws, SAS policies, and customer expectations. SAS Global Information Security information establishes processes and deploys
technologies designed to protect the confidentiality, availability and integrity of data in the custody or control of SAS.
The Ethics and Compliance group and Global Information Security work closely to manage data privacy issues and security by,
among other things, establishing information governance policies, standards, guidelines and processes based on regulations,
business needs and/or industry best practices. They also conduct periodic privacy and security related assessments and compliance
reviews, including privacy impact assessments for newly developed or modified applications that may affect individual privacy
interests. The Ethics and Compliance group ensures that SAS' externally posted Privacy Statement accurately reflects its information
collection and use practices. SAS' Privacy Statement is global and applies not only to SAS US, but to its foreign subsidiaries
and other business units. Translated versions of the Privacy Statement with country specific requirements are linked to the
English version. SAS Legal and Government Affairs actively monitors privacy and data protection related legislation, including
reviewing proposed and existing legislation, evaluating its impact on SAS' business and strategic planning, and ensuring compliance
with applicable laws and regulations. SAS requires all its employees to complete training on privacy and information security.
It publishes a monthly information security awareness newsletter, Security Sense, to help inform its employees about information
security and privacy issues. SAS maintains a number of policies related to privacy and information security, including the
following: * Collecting and Disclosing Employee Information. * Company Computer Systems. * Data Usage Policy. * Use and Disclosure
of Company Confidential and Proprietary Information. * Global Human Resources Data Privacy Policy. In 2012, there were no
substantiated complaints regarding breaches of customer privacy and losses of customer data.
- Value [10] Supply Chain Management
- We use tools such as service level agreements, benchmarking and supplier relationship management to monitor and manage our
suppliers' results. SAS has a Supplier Diversity group within its Corporate Services Division that is responsible for SAS'
supplier diversity process. Its goal is to develop and maintain effective relationships with suppliers that create incremental
value throughout the life of each contract based upon economy, quality, environmental preservation and social values. Its
primary functions include: - Reviewing RFPs and contracts and responding to customer inquiries with diversity requirements.
- Preparing and providing diversity spending reporting to customers. - Providing information and access to SAS' procurement
opportunities by supporting and conducting various diversity activities and events (i.e. sponsorships, education and attendance).
SAS uses competitive bidding to help ensure competition and fairness in the marketplace for suppliers. Forty-five percent
of SAS' 2012 spending was with suppliers whose remit-to address is in North Carolina. In 2012, SAS did not report any instances
of anti-competitive behavior anti-trust violations or monopoly practices, nor were there any fines for noncompliance with
laws and regulations.
|
