Our Official Code of Professional Ethics

Mission

We protect organizations and the public by delivering rigorous security, privacy, and risk-management services that earn trust and improve resilience.

Scope

This Code applies to all directors, employees, contractors, and subsidiaries of Informatica Corporation and the Informatica Group of Cybersecurity Companies, including all d.b.a., namely Datarisk Canada, Managed Privacy Canada, OT Security Canada, and WorkLife Learning.

Our Commitments

  • Act honorably, honestly, and lawfully in every engagement.
  • Provide diligent, competent, and evidence-based services within our expertise.
  • Advance and protect the profession and our clients’ interests through transparency, accuracy, and education.

Bright-Line Prohibitions

Informatica Corporation and the Informatica Group of Cybersecurity Companies will not engage in, support, or enable any engagement that:
  1. Involves criminal activity
    • Knowingly assisting money laundering, fraud, computer misuse, data theft, unauthorized interception, or sanctions evasion.
    • Designing or deploying tools intended to conceal criminal conduct or unlawfully defeat security controls.
  2. Facilitates human-rights abuses
    • Work for entities credibly linked to forced labor, child exploitation, human trafficking, mass surveillance of protected groups, or suppression of fundamental freedoms.
    • Building, operating, or enhancing systems used for persecution, unlawful mass surveillance, targeted discrimination, or extrajudicial harm.
  3. Benefits organizations associated with crimes against humanity
    • Clients, partners, or funders that support, materially aid, or publicly justify governments or entities credibly alleged to commit war crimes, ethnic cleansing, genocide, or systematic torture.
    • Engagements that would circumvent sanctions or legitimize such activities.
  4. Compromises integrity or public safety
    • “Security theater,” FUD tactics, dark patterns, fabricated test results, or misrepresentation of risk posture.
    • Connecting known-weak systems to public networks without compensating controls; deploying intentionally backdoored or unsafe technology.

ESG Standards We Uphold

Environmental

  • Minimize e-waste and prefer energy-efficient solutions; recommend sustainable configurations and secure decommissioning.

Social

  • Zero tolerance for discrimination, retaliation, harassment, or intimidation.
  • Safeguard personal information; avoid products or practices that create disproportionate surveillance harm to vulnerable communities.

Governance

  • Reject bribery, kickbacks, or facilitation payments.
  • Disclose and manage conflicts of interest; document decisions; support whistleblowing and non-retaliation.
  • Publish meaningful metrics in our Transparency Report and update them regularly.

Client & Partner Acceptance (Due-Diligence Standard)

Before accepting or renewing any engagement, we will complete and retain a due-diligence record that includes:

  1. Identity & Ownership Checks – legal name, beneficial owners, jurisdictions, PEP/sanctions screens, and adverse-media review.
  2. Human-Rights Risk Screen – country, sector, and product/service risk; supplier chain red flags; independent reporting where available.
  3. Use-Case Safety Review – how our work will be used; potential for misuse; safety constraints and monitoring plan.
  4. ESG Alignment Review – environmental impact, labor rights posture, and governance maturity.
  5. Escalation & Decision – material risks go to an Ethics & Risk Committee (multidisciplinary); outcomes documented with clear conditions or a decline.
  6. Right to Disengage – we may suspend or terminate work if new information creates a breach of this Code or applicable law.
  7. Transparency Linkage – aggregate data about accepted/declined engagements and rationales will feed the Transparency Report.

Professional Conduct (Trust Principles)

  • Tell the truth, avoid exaggeration or unwarranted reassurance, and present risk clearly with actionable remediation.
  • Provide prudent advice within competence; seek peer review for high-impact work; accept and correct errors promptly.
  • Protect client systems, information, and reputation; respect confidentiality and contracts.
  • Avoid conflicts (or the appearance thereof); disclose and obtain informed consent when unavoidable.
  • Mentor responsibly; elevate the profession through education and community outreach.

AI & Advanced Technology Safeguards

  • Do not deploy or recommend AI systems that erode safety, privacy, or fairness without effective safeguards, red-team testing, and governance.
  • Prohibit dark-pattern analytics, covert monitoring, or re-identification of anonymized data.
  • Require model/data lineage documentation for material AI-enabled services.

Reporting & Non-Retaliation

  • Everyone has a duty to report suspected violations to Ethics & Compliance or via anonymous channels. Good-faith reports are protected from retaliation.
  • Verified violations may result in discipline up to termination and referral to authorities.

Transparency & Public Accountability

We maintain a living Transparency Report that summarizes our ethics program, due-diligence outcomes (in aggregate), and continuous-improvement actions. Stakeholders can review current disclosures here.

Six Foundational Principles (Retained & Clarified)

  1. Do No Harm: Plan and test to avoid operational impact; prefer fail-safe designs.
  2. Be Thorough: Evidence-based assessments that support risk-based decisions.
  3. Be Clear & Concise: Actionable findings with prioritized remediation (i.e. R4R™).
  4. Do Not Exaggerate: No fear-based selling or FUD.
  5. Focus on the Data: Protect identities, personal information, trade secrets, and other intangible assets.
  6. Transfer Knowledge: Build client capability through training and documentation.

Governance, Review & Exceptions

  • Ownership: Ethics & Compliance, with Legal and Executive oversight.
  • Review cadence: At least annually or upon material regulatory or geopolitical change; updates reflected in the Annual Transparency Report (ATR).
  • Exceptions: Only the Ethics & Risk Committee may grant limited, documented exceptions when they reduce harm (e.g., life-safety for NGOs) and never breach the Bright-Line Prohibitions.

Definitions

  • Credible linkage/allegation: Supported by reputable investigations, sanctions lists, court filings, or consistent reports from recognized human-rights bodies or media.
  • Mass surveillance: Persistent, indiscriminate monitoring that infringes fundamental rights without due process or necessity/proportionality.
  • Crimes against humanity: As defined under international law (e.g., widespread or systematic attacks against civilian populations).