Business Code of Conduct

STEP-IN is an independent company providing consultancy and operational services in the arena of Quality & Compliance for the Life Sciences industry.

We operate across the GxP and Commercial spectrum and specialise in the accelerated production of SOPs and tools, guidance and processes for effective Supplier Oversight. 

STEP-IN core team based in UK with, supplemented by a global network of proven technicians and Subject Matter Experts. 

This Business Code of Conduct (BCoC) describes standards of business conduct to which STEP-IN operates and expects its personnel to act.


Alliance Partner 

Third Party company contractually organised to work with STEP-IN in a supportive, mutually beneficial manner and specifically to access expertise and reputation.


Colleagues, employees directly remunerated by STEP-IN (not Suppliers or Alliance Partners).


Subject Matter Expert

STEP-IN Associate

Individual operating within a supplier companies or as a freelancer who is also a members of the STEP-IN distributed network of SMEs.


A party that supplies goods or services to STEP-IN.


STEP-IN conducts risk assessment internally and on its Suppliers/ Alliance Partners at least every two years to maintain the currency of its own and its Suppliers’/ Alliance Partners’ arrangements. Assessment includes any changes to business operations, legislation or industry standards, client requirements, breach monitoring.

STEP-IN aims to include all the obligations expected of and guidance needed by its Suppliers/ Alliance Partners within four core documents:

  • Supplier Code of Conduct

  • NDA (STEP-IN or mutual)

  • Supplier/Alliance Partner contract

  • Work Order(s)


Suppliers and/ or Alliance Partners

STEP-IN applies due diligence in its selection of Suppliers and/ or Alliance Partners. This includes confirmation of conformance with the STEP-IN SCoC.


Suppliers/ Alliance Partners who sub contract are expected to have in place an SCoC equivalent to the STEP-IN SCoC or acceptable to STEP-IN.

Alliance Partners will have goals congruent with and capabilities complementary to those of STEP-IN.


STEP-IN will

  • Neither take part in nor tolerate corruption, bribery or malfeasance and, and will report any such that comes to their attention. Bribery includes both the receipt and offering of a bribe in all its forms.

  • Apply fair competition and compliance with anti-trust legislation.

  • Respect data privacy and intellectual property

  • Have a process for their personnel, suppliers and partners to raise concerns without reprisal and for concerns to be addressed [1].



STEP-IN will:

  • Deploy people appropriately qualified, trained and experienced for the work they deliver

  • provide its Associates with access to STEP-IN SOPs, policies or guidance documents, as appropriate, for any program delivery.

  • Expect Associates to undertake training in STEP-IN methodologies and tools, as appropriate, for any operational administration and program delivery.



STEP-IN will:

  • Not use involuntary or under-age labour[2]

  • Not discriminate in recruitment, deployment and development of staff 

  • Apply fair treatment in workplace e.g. address bullying

  • Provide adequate working conditions, payments and benefits 

  • Allow freedom of association for personnel

  • Provide a safe working environment, proper facilities and protection

  • Establish emergency preparations /business continuity, proportionate to the construct and size of their operation.

  • Not discriminate in selection of and assignments to Associates / Alliance Partners / suppliers

  • Apply due diligence in the selection of any Associates / Alliance Partners / suppliers.



STEP-IN will:

  • Behave in an environmentally responsible manner

  • Properly manage any waste and emissions

  • Encourage resource conservation and climate protection.

Information Security (IS)

STEP-IN will:

  • Use industry standard software where STEP-IN does not work within client systems

  • Use software and applications which are acquired from reputable vendors and appropriately authorised for the planned use

  • Maintain original licenses and proof of purchase

  • Operate systems that facilitate compliance with laws/regulations and manage any risks associated with service provision 

  • Deploy and maintain IT systems fit for purpose, secure and inspection-ready

  • Maintain assets, such as laptops or stand-alone PCs, in accordance with manufacturers’ specification.

  • Apply controls to prevent, detect, report events and recover from malware and so minimise business disruption and data loss. This includes:

    • Industry standard anti-virus software

    • Latest supplier patches for software

    • Regular back-up to STEP-IN / client repository and/ or external drives.

  • Apply passwords to all its assets holding STEP-IN or client data. Passwords will meet industry standards in terms of length, mix of characters and non-repeatability.

  • Promptly report any IS incidents, where client deliverables are involved, to STEP-IN and the client.


Records Management 

STEP-IN will:

  • Maintain records necessary for tax and other legal obligations

  • apply a records retention schedule reflecting legal, business and client requirements.

  • If a Legal Hold comes into force, suspend any deletion program that may apply to affected records until the hold is lifted. Where a STEP-IN Supplier/ Alliance Partner leaves the STEP-IN network such records will be transferred to client custody or to STEP-IN custody and the client informed.

  • protect against loss damage, destruction or falsification all records that are subject to legal or regulatory controls

  • adhere to The General Data Protection Regulation (GDPR)

  • Prior to the disposal of equipment, render unrecoverable any sensitive personal data and confidential data associated with its client programs


[1] STEP-IN process is covered in Dispute Resolution and Termination sections of its MSA

[2] in accordance with Section 54 of the UK Modern Slavery Act 2015