© 2018 by STEP-IN Management Ltd.

Business Code of Conduct

STEP-IN is an independent company providing consultancy and operational services in the arena of Quality & Compliance for the Life Sciences industry. Our focus is practical solutions proportionate to the client’s size, resources and operational scope and to the development stages of a client’s portfolio.

We operate across the GxP and Commercial spectrum and specialise in:

  • Accelerated Production of SOPs. STEP-IN has a strong track record of establishing compliant but pragmatic operational procedures, geared to the user and based on business risk assessment to replace SOP heavy, ‘safety net’, cultures.

  • Tools, guidance and processes for effective Supplier Oversight. 

We have a tight core team based in UK with, between us, over fifty years of Life Sciences experience, supplemented by a global network of proven technicians and Subject Matter Experts. 

Aligned areas of expertise include Audits / inspection readiness, Data Privacy/ Protection and Records Management..

 

This Business Code of Conduct (BCoC) describes standards of business conduct to which STEP-IN operates and expects its personnel to act.

Definitions

Alliance Partner 

Third Party company contractually organised to work with STEP-IN in a supportive, mutually beneficial manner and specifically to access expertise and reputation.

Personnel

Colleagues, employees directly remunerated by STEP-IN (not Suppliers or Alliance Partners).

SME

Subject Matter Expert

STEP-IN Associate

Individual operating within a supplier companies or as a freelancer who is also a members of the STEP-IN distributed network of SMEs.

Supplier 

A party that supplies goods or services to STEP-IN.

Risk

STEP-IN conducts risk assessment internally and on its Suppliers/ Alliance Partners at least every two years to maintain the currency of its own and its Suppliers’/ Alliance Partners’ arrangements. Assessment includes any changes to business operations, legislation or industry standards, client requirements, breach monitoring.

STEP-IN aims to include all the obligations expected of and guidance needed by its Suppliers/ Alliance Partners within four core documents:

  • a Supplier Code of Conduct

  • NDA (STEP-IN or mutual )

  • Supplier/Alliance Partner contract

  • Work Order(s)

 

Suppliers and/ or Alliance Partners

STEP-IN applies due diligence in its selection of Suppliers and/ or Alliance Partners. This includes confirmation of conformance with the STEP-IN SCoC.

 

Suppliers/ Alliance Partners who sub contract are expected to have in place an SCoC equivalent to the STEP-IN SCoC or acceptable to STEP-IN.

Alliance Partners will have goals congruent with and capabilities complementary to those of STEP-IN.

Ethics 

STEP-IN will

  • Neither take part in nor tolerate corruption, bribery or malfeasance and, and will report any such that comes to their attention. Bribery includes both the receipt and offering of a bribe in all its forms.

  • Apply fair competition and compliance with anti-trust legislation.

  • Respect Data privacy and intellectual property

  • Have a process for their personnel, suppliers and partners to raise concerns without reprisal and for concerns to be addressed.

 

Competencies

STEP-IN will:

  • Deploy people appropriately qualified, trained and experienced for the work they deliver

  • provide its Suppliers with access to STEP-IN SOPs, policies or guidance documents, as appropriate, for any program delivery.

  • Expect Suppliers to undertake training in STEP-IN methodologies and tools, as appropriate, for any operational administration and program delivery

 

Labour 

STEP-IN will:

  • Not use involuntary or under-age labour[1]

  • Not discriminate in recruitment, deployment and development of staff 

  • Apply fair treatment in workplace e.g. address bullying

  • Provide adequate working conditions, payments and benefits 

  • Allow freedom of association for personnel

  • Provide a safe working environment, proper facilities and protection

  • Establish emergency preparations /business continuity, proportionate to the construct and size of their operation.

  • Not discriminate in selection of and assignments to Associates / partners / sub suppliers

  • Apply due diligence in the selection of any Associates / partners / sub suppliers.

 

Environment

 

STEP-IN will:

  • Behave in an environmentally responsible manner

  • Properly manage any waste and emissions

  • Encourage resource conservation and climate protection.

Information Security (IS)

STEP-IN will:

  • Use industry standard software where it does not work within client systems

  • Acquire software and applications from reputable vendors which appropriately authorised for the planned use

  • Maintain original licenses and proof of purchase.

  • Operate systems that facilitate compliance with laws/regulations and manage any risks associated with service provision 

  • Deploy and maintain IT systems fit for purpose, secure and inspection-ready

  • Maintain assets, such as laptops or stand-alone PCs, in accordance with manufacturers’ specification.

  • Apply controls to prevent, detect, report events and recover from malware and so minimise business disruption and data loss. This includes:

    • Industry standard anti-virus software

    • Latest supplier patches for software

    • Regular back-up to STEP-IN / client repository and/ or external drives.

  • Apply passwords to all its assets holding STEP-IN or client data. Passwords will meet industry standards in terms of length, mix of characters and non-repeatability.

  • Promptly report any IS incidents, where client deliverables are involved, to STEP-IN client.

 

Records Management 

 

STEP-IN will:

  • Maintain records necessary for tax and other legal obligations

  • apply a records retention schedule reflecting legal, business and client requirements.

  • If a Legal Hold comes into force, suspend any deletion program that may apply to affected records until the hold is lifted. Where a STEP-IN Supplier/ Alliance Partner leaves the STEP-IN network such records will be transferred to client custody or to STEP-IN custody and the client informed.

  • protect against loss damage, destruction or falsification all records that are subject to legal or regulatory controls

  • adhere to The General Data Protection Regulation (GDPR)

  • Prior to the disposal of equipment, render unrecoverable any sensitive personal data and confidential data associated with its client programs

 

[1]in accordance with Section 54 of the Modern Slavery Act 2015