KnowBe4 Code of Ethical Business Conduct
- Customer Terms of Service
- Product Privacy Notice
- CPRA Addendum
- Global Data Processing Addendum
- KSAT, KCM GRC, PhishER, and SecurityCoach DPIA
- Security
- System Status
- Maintenance Windows
- Documentation Page
- Federal
- Code of Ethical Business Conduct
- KnowBe4 Global Privacy Compliance
- Transparency Report
- Data Transfer Impact Assessment
- ICO UK SCC Addendum
- Free Downloadable Software Tools EULA
- KnowBe4 Mobile App License Agreement - iOS
- KnowBe4 Mobile App License Agreement - Android
Message from Stu Sjouwerman, CEO
We pride ourselves on our culture and our reputation. When it comes to our ethics, we do not allow the bottom-line to shift our decision making and consider the greater good for all parties. As both a leader and a pioneer in an industry that helps organizations secure their networks, we know that assets come in all shapes and sizes, whether it be personal information, financial information, or national security.
We develop and provide the tools that help organizations fight against cybercrime and enable their employees to make smarter security decisions, every day. Your trust is essential to our business. This Code of Ethical Business Conduct serves to encompass our commitment to ensuring compliance and ethical behavior in all that we do.
Stu Sjouwerman, CEO
Knowsters take pride in fostering a culture that encourages high ethical standards of business conduct. We are committed to carrying out our business in a legal, ethical, transparent, and socially responsible manner. As a company with global operations, ensuring compliance with all applicable laws in all countries in which we conduct business, promoting honest conduct and creating a positive environment for our employees is a top priority. Gaining the trust of our customers, vendors, employees and the community starts with a culture based on these fundamental values. This Code of Ethical Business Conduct (“Code”) applies to all employees, officers and directors as well as contractors, consultants and agents. This Code should be read in conjunction with other KnowBe4 policies.
Purpose
We are committed to deterring wrongdoing and promoting:
- Fair and accurate financial reporting;
- Compliance with applicable laws, rules and regulations including, without limitation, full, fair, accurate, timely and understandable disclosure in reports and documents KnowBe4 files with, or submits to, government agencies and in KnowBe4’s other public communications;
- The prompt internal reporting of violations of this Code as set forth in this Code;
- Honest and ethical conduct, including the ethical handling of actual or apparent conflicts of interest; and
- A culture of honesty and accountability
This Code serves as a guide, and KnowBe4 expects everyone to use good judgment and adhere to the high ethical standards to which KnowBe4 is committed.
1. We Follow the Law
We comply with the laws, regulations, rules, controls, and orders applicable to our business in all jurisdictions in which we conduct business including, but not limited to, the following:
- Bribery and corruption
- Insider Trading
- Fair competition
- Trade controls and anti-money laundering
- Charitable and political contributions
- Data privacy and information security
- Conflicts of interest
- Fair dealings
Bribery and Improper Advantages
We conduct all our business with integrity and transparency. We strictly prohibit all forms of bribery and corruption, regardless of whether they involve a public official or private person. We are truthful in our business interactions and do not tolerate the promise, acceptance, or offering of bribes, kickbacks and all other means of obtaining an undue or improper advantage, such as gifts, payments, fees, services, discounts, valued privileges or other favors where these would, or might appear to, improperly influence a business transaction.
No matter where we are located, we comply with all elements of the KnowBe4 Anti-Corruption and Gifts, Meals & Entertainment Policies.
We do not tolerate any form of extortion or embezzlement. We believe in fair business dealings and do not partake in unfair business advantages through the abuse of privileged information, misrepresentation of material facts, or any other unfair or dishonest practices.
Gifts, Meals & Entertainment
We must not accept or provide any gift, meal or entertainment if it will obligate, or appear to obligate, the recipient. Any gifts and entertainment given or received must be in compliance with our Gifts, Meals & Entertainment Policy. Everyone must exercise good judgment, discretion, and moderation when giving or accepting gifts or entertainment in business settings. In general, providing promotional items or small tokens, occasional non-excessive meals or other non-cash items of minimal value is permitted.
There are more stringent rules concerning gifts and entertainment provided to government officials. Offering anything of value to a government official is, in many cases, prohibited by law.
Insider Trading
We strictly abide by insider trading laws. If during the course of employment at KnowBe4, Knowsters become aware of material nonpublic information about other companies, such as our partners, suppliers or customers, they are prohibited from trading the securities of such companies. Material nonpublic information is any information that is not public and a reasonable investor would consider important in a decision to buy, sell or hold company stock. It includes any information that could reasonably be expected to cause a change in the price of securities. Knowsters are also prohibited from disclosing this type of information to others who may trade in securities based on the information. It is our responsibility to comply with these laws and not share material nonpublic information.
Fair Competition
We support free and fair competition, and comply with antitrust/competition laws applicable to our business activities in all jurisdictions in which we operate. Accordingly, we do not unlawfully: (i) enter into any agreement with any of our competitors with regard to price, terms or conditions of sale, production, distribution, territories, customers or employee wages; or (ii) exchange or discuss with any of our competitors pricing, marketing plans, manufacturing costs, or other competitive information, amongst other measures required by applicable law. We deal with channel partners, customers and suppliers fairly and in a manner that best advances the competitiveness of KnowBe4’s products and services.
KnowBe4 is dedicated to complying with the numerous laws that govern competition. Any activity that undermines this commitment is unacceptable. The laws governing this area are complex, and employees should reach out to the Legal Department before taking any action that may implicate these laws whenever appropriate.
Trade Controls and Anti-Money Laundering
We comply with the various economic sanctions programs, anti-money laundering and export control requirements administered by the United States and other jurisdictions where we conduct business. Such laws prohibit KnowBe4 from participating in certain transactions involving restricted countries or parties, be it directly, or indirectly through third parties. We refrain from transactions recognized as not being permissible by KnowBe4’s Export Control and Economic Sanctions & Anti-Money Laundering policies.
We do not provide, sell or transfer any products, services, technology, software or technical data to, or otherwise engage in business without the proper government authorizations with, any of the following:
- Parties targeted for boycotts, embargoes, sanctions, or other similar measures by the United Nations Security Council;
- Parties appearing on the European Union’s Consolidated Sanctions List;
- Parties appearing on the United Kingdom’s List of Consolidated Financial Sanctions Targets;
- Parties appearing on the Denied Persons List, Entity List, and Unverified List administered by the U.S. Commerce Department;
- Parties appearing on the sanctions lists administered by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the U.S. State Department;
- Countries or regions subject to U.S. embargoes or sanctions including, but not limited to, Cuba, Iran, North Korea, Syria, and the Donetsk, Luhansk and Crimea regions; or
- Parties that are at least 50% owned or controlled by parties subject to sanctions programs administered by OFAC, whether individually or in the aggregate.
We do not tolerate or engage in activity that directly or indirectly contributes to the Arab League Boycott or other prohibited boycotts during the course of business dealings.
We will comply with all applicable trade controls and must not cause KnowBe4 to be in violation of those laws. If we become aware of any information suggesting that KnowBe4 has or may in the future engage in a transaction that could violate applicable economic sanctions, we will report this information immediately.
We comply with our obligations under Anti-Money laundering (AML) laws and regulations, specifically the risks associated with third parties. Knowsters who suspect an activity or arrangement is indicative of money laundering should report it immediately. Such suspicions may not be informed to any other party, including the third party in question, as doing so could be a violation of AML laws.
Charitable and Political Contributions
We do not solicit third parties for charitable donations as a suggestion that such charitable donations may affect their business or future with us, and we comply with U.S. federal law that prohibits us from making contributions or expenditures in connection with federal elections. As each U.S. state has additional laws, rules, and regulations governing political contributions in state and local elections, we comply with the laws in the jurisdiction(s) in which we do business. These state and local laws may or may not allow corporate contributions to candidates for state and local office. As the application of these laws may vary from one location to the next, it is our usual practice not to make political contributions or use any of our funds, assets, or other resources to benefit any political candidates, parties, or related organizations. This includes campaign committees and Political Action Committees (“PACs”) using separate, segregated funds, as well as special interest groups or other organizations engaged in political fundraising or lobbying activities, including those organized under Section 527 of the U.S. Internal Revenue Code (“527 Organizations”).
Additionally, we follow the laws, regulations, and orders applicable to the jurisdictions outside of the U.S. where we conduct business that prohibit similar activities.
We encourage Knowsters to take an active interest in the political process. However, we do not conduct political activities on company time or use company facilities, equipment or supplies in carrying out such activities.
We Take Data Privacy Seriously
We pride ourselves on our security and data handling practices. Keeping our customer data secure is the most important thing KnowBe4 does. We go to considerable lengths to ensure that all data provided to KnowBe4 is done so securely. Keeping KnowBe4 systems and personal data secure is fundamental to our business.
Information related to an identified or identifiable person is collected and processed in compliance with applicable data privacy laws. Knowsters with access to such personal data apply the privacy principles of lawful, fair and transparent data processing, respecting any purpose limitations, as well as the principles of data minimization, accuracy, storage limitation, integrity and confidentiality.
KnowBe4 restricts access to customer and confidential data on a business need to know basis. Access is granted based on role within the organization. KnowBe4 enforces mandatory multi-factor authentication for all access to confidential data. Where applicable, access to systems is restricted by IP address.
We take significant efforts to protect data and confidential information against unauthorized use, modification, loss, compromise, destruction, or disclosure of, or access to, such data (“Security Incident”). We have implemented measures, policies and procedures intended for the detection and response to Security Incidents. Such measures take into consideration the nature, scope, context, and purposes of KnowBe4’s data handling policies, practices and procedures.
For more information about our data protection and security practices, see the links below (or other such links that we may provide from time to time on our website - www.knowbe4.com).
Conflicts of Interest
We will declare potential conflicts of interest. We avoid situations where personal interests may interfere with the business interests of KnowBe4. We act in the best interest of KnowBe4 and do not allow outside interests to interfere with our obligations to KnowBe4. Perception matters: we must not only avoid actual and potential conflicts of interest, but also situations where an outsider might assume a conflict. Examples of conflicts of interest may include: transactions with family members, interests in other businesses, gifts or gratuities and personal use of KnowBe4 assets.
Similarly, we do not use our positions or relationship with KnowBe4’s current or potential customers, partners, vendors, suppliers, consultants, or any other party that has a relationship with KnowBe4 for personal gain or to obtain benefits for family members.
Evaluating whether a conflict of interest exists can be difficult and may involve a number of considerations. Before engaging in the activity or accepting something of value, we will obtain the required approvals. Our Conflict of Interest Policy has additional details on our approach to potential conflicts of interest.
Corporate Opportunities
Except as otherwise set forth in KnowBe4’s certificate of incorporation and bylaws, we owe a duty to KnowBe4 to advance KnowBe4’s business interests when the opportunity to do so arises. We are prohibited from taking, or directing to a third party to take, a business opportunity that is discovered through the use of corporate property, information or position, unless KnowBe4 has already been offered the opportunity and turned it down. We are further prohibited from competing with KnowBe4 directly or indirectly during our employment with KnowBe4 and as otherwise provided in any written agreement with KnowBe4.
Fair Dealings
We do not seek competitive advantages through illegal or unethical business practices. We deal fairly with KnowBe4’s customers, service providers, suppliers, competitors, business partners and employees, and do not take unfair advantage of anyone through manipulation, concealment, or any unfair dealing practice.
2. We Strive to Be the Best Place to Work
We foster a culture of fun teamwork, transparency and career growth. We continuously develop the abilities of our employees, and evaluate performance objectively. We show mutual respect as we collaborate across cultures.
Teamwork requires open communication. To strengthen the collaborative nature of our workplace, we offer an open (no door) workplace and foster an environment where everyone feels encouraged to express their ideas and opinions.
Safe and Positive Work Environment
To ensure that we maintain our great work environment, discrimination, harassment, retaliation, and/or violence in any form are strictly forbidden. We treat all colleagues in a respectful manner, forging working relationships that are uniformly free of bias and prejudice.
We comply with applicable national, federal, state, and local laws forbidding discrimination in employment based on protected characteristics, such as on the basis of race, color, religion (including religious dress and grooming practices), age, national origin, ancestry, ethnicity, sex (including pregnancy, childbirth, breastfeeding or related medical conditions), gender (including gender identity, gender expression, transgender status or sexual stereotypes), sexual orientation, marital or family care status, status as a victim of domestic violence, sexual assault or stalking, military/veteran status, physical or mental disability, medical information (including genetic information or characteristics, including those of a family member), immigration status or citizenship status, political affiliation or membership in any other group protected by national, federal, state, or local law as it may vary by jurisdiction. We also comply with applicable national, federal, state, and local laws forbidding retaliation against individuals who engage in protected activity.
No individual will suffer any reprisals or retaliation for making complaints or reporting any incidents of discrimination or perceived discrimination, or for participating in any investigation of incidents of discrimination or perceived discrimination.
We are committed to maintaining a respectful workplace. This includes a working environment that is free from unlawful harassment as defined by applicable law, such as mobbing, moral harassment or based on protected characteristics, including sexual harassment. This applies to all work-related settings and activities, whether inside or outside the workplace, and includes business trips and business-related social events.
Environment
We are committed to environmentally sustainable business practices. Knowsters proactively seek to employ new, more sustainable technologies and processes to minimize our footprint on Earth.
Human Rights
We conduct our business with respect for human dignity. We support and stand behind the Universal Declaration of Human Rights and comply with all applicable laws, rules and regulations related to anti-human trafficking, anti-slavery, anti-forced labor and child labor. Equal and inalienable rights of all members of the human family is the foundation of freedom, justice and peace in the world. We believe in the promotion of universal respect for and observance of human rights and fundamental freedoms afforded to everyone. All human beings should be treated with decency, kindness and respect.
Ecological Environment
We understand the importance of implementing sustainable business practices to ensure the world that we are leaving for the next generation is a better one. Our overarching goals are to reduce our carbon footprint, reduce the amount of waste we send to landfills, and increase our use of clean energy. We seek to incorporate sustainability into all aspects of our operations and aim to reach our goals through a combination of energy conservation, waste reduction, environmental stewardship, employee engagement, community engagement, and external partnerships.
Our resolve is to not only fulfill our environmental commitments but to inspire collective action within our workforce, fostering a culture of sustainability that extends beyond our corporate objectives.
Paying it Forward
Our commitment to corporate responsibility extends to creating a meaningful and positive influence within our community. We embrace a holistic approach, acknowledging our responsibility toward our employees, the environment, and the broader community we serve.
We take pride in forging strong alliances with esteemed organizations in our community. Such partnerships reflect our unwavering dedication to social stewardship and engagement. Through these initiatives, we reinforce our pledge to serve and uplift our community, fostering a culture of generosity and purpose within KnowBe4.
Continuous Learning and Professional Development
We are dedicated to promoting an environment where continuous learning and professional development are not only supported but actively encouraged. By investing in the growth of our employees, we are investing in the future of our company.
By sustaining a workplace culture that values continuous learning and professional development (we encourage a minimum 5 hours a week), we not only enhance our employees' job satisfaction and career prospects but also bolster our company's innovative and competitive edge.
We are committed to providing our employees with ample resources and support to engage in professional development activities. This encompasses obtaining professional certifications that align with our organizational goals. In doing so, we lay a foundation of ethical behavior underscoring the principle that a well-informed and educated workforce is key to fair, transparent, and honorable business practices.
Physical Security and Safety
We are dedicated to promoting an environment where continuous learning and professional development are not only supported but actively encouraged. By investing in the growth of our employees, we are investing in the future of our company.
We are dedicated to the security and safety of all our employees and physical premises. Our physical security team thrives to create a distraction free environment where employees can dedicate their time and energy to achieving the goals set for their production.
We achieve these objectives by implementing and monitoring various security tools and protocols at our physical premises. We also conduct regular risk assessments to identify, evaluate and address potential vulnerabilities, threats and impacts to our workplace, employees, data, assets, and operations.
3. We Protect KnowBe4’s Assets
Knowsters must work together to protect and prevent misuse of our assets from loss, misuse, theft, embezzlement, damage or destruction at all times. Our assets should be used solely for the benefit of KnowBe4 and never to promote an employee’s own interests or those of another person or company.
In addition to observing our physical and protective security measures, any improper downloading copying or sharing of our assets is strictly prohibited and may result in the loss of its value and be deemed a misappropriation of our assets, which include both KnowBe4’s proprietary and confidential information.
KnowBe4’s proprietary information refers to information owned by the company that gives KnowBe4 a competitive advantage. Proprietary information includes our intellectual property (IP) and may come in the form of patents, copyrights, trademarks, specialized know-how, designs, software code, or unique processes. This information is considered an asset of the company and is often legally protected through intellectual property laws.
We must never allow unauthorized access to these assets. We must take care not to lose, misplace, or leave any assets (or technologies containing such information, including computers, laptops, cell phones, mobile devices and software) unattended. Any theft, loss or unauthorized disclosure of KnowBe4’s assets must be reported immediately in accordance with our policies.
4. Financial Reports and Other Records – Disclosure
We are responsible for the accurate and complete reporting of financial and operating information and for the timely notification to management of financial and non-financial information that may be material to KnowBe4 to ensure full, fair, accurate, timely and understandable disclosure in reports and documents that KnowBe4 files with government agencies or releases to the general public.
We have familiarized ourselves with the disclosure requirements applicable to KnowBe4 and the business and financial operations of KnowBe4, and will not knowingly misrepresent, or cause others to misrepresent, facts about KnowBe4 to others, whether within or outside KnowBe4, including to KnowBe4’s independent auditors, governmental regulators and self-regulatory organizations.
We maintain all of KnowBe4’s books, records, accounts and financial statements in reasonable detail, and reflect the matters to which they relate accurately, fairly and completely. Furthermore, we will ensure that all books, records, accounts and financial statements conform both to applicable legal requirements and to KnowBe4’s system of internal controls. We carefully and properly account for all assets of KnowBe4. We will not establish any undisclosed or unrecorded account or fund for any purpose. We will not make any false or misleading entries in KnowBe4’s books or records for any reason, or disburse any corporate funds or other corporate property without adequate supporting documentation and authorization. We will not misclassify transactions related to accounts, business units or accounting periods. We bear responsibility for ensuring that we are not party to a false or misleading accounting entry. We cooperate with all requests made to preserve or produce any documents, records, information, devices, computers, hardware, cell phones or other media. If a legal hold is placed on certain records, we must preserve and protect those records in accordance with instructions from the Legal Department. Records or supporting documents that are subject to a legal hold must not be destroyed, altered or modified under any circumstance. A legal hold remains effective until it is officially released in writing by the Legal Department.
5. Speak Up
We will speak up if things must be corrected or improved. We provide mechanisms for reporting, in good faith, suspected violations of the law. Such reports are treated as confidential to the extent reasonably possible for conducting an investigation, and we do not tolerate retaliation for reports made in good faith. Concerns are raised with management. Should this not be possible or no satisfactory response is received, Knowsters may escalate a concern to the Legal Department. Reports may also be made using the Whistleblower Hotline. As Whistleblower laws vary by country, we encourage those reporting to follow the reporting procedures as lawful and customary in the jurisdiction in which they are reporting from.
Incident reports may be submitted directly to Navex by telephone or online: knowbe4whistleblower.ethicspoint.com (mobile version: https://knowbe4.navexone.com/)
Investigations
Reported violations will be promptly and thoroughly investigated. As a general matter, the Board will oversee investigations of potential violations by directors and the Legal Department will oversee investigations of potential violations by employees. Making false statements to or otherwise misleading internal or external auditors, investigators, legal counsel, KnowBe4 representatives, regulators or other governmental entities may be grounds for immediate termination of employment or other relationship with KnowBe4 and also be a criminal act that can result in severe penalties.
Disciplinary Actions
Violations of this Code, or a refusal or failure to acknowledge it, may be subject to disciplinary action, up to and including termination of employment. Moreover, those who direct or approve of any conduct in violation of this Code, or who have knowledge of such conduct but do not immediately report it may also be subject to disciplinary action, up to and including termination of employment. A director who violates this Code or directs or approves conduct in violation of this Code shall be subject to action as determined by the Board.
Furthermore, violations of some provisions of this Code are illegal and may subject individuals to civil and criminal liability.
Disclosure
Nothing in this Code limits or prohibits employees from engaging for a lawful purpose in any “Protected Activity.” “Protected Activity” means filing a charge or complaint, or otherwise communicating, cooperating or participating, with any state, federal or other governmental agency, including the Equal Employment Opportunity Commission and the National Labor Relations Board. Notwithstanding any other policies in this Code (or elsewhere), no authorization from KnowBe4 is required prior to disclosing information to, or communicating with, such agencies. “Protected Activity” does not include the disclosure of any KnowBe4 attorney-client privileged communications. Any such disclosure without KnowBe4’s written consent, violates KnowBe4 policy.
6. Waivers and Amendments
Any amendment or waiver of any provision of this Code must be approved in writing by the Board or, if appropriate, its delegate(s), and promptly disclosed pursuant to applicable laws and regulations. Any waiver or modification of this Code for
the principal executive officer, principal financial officer, principal accounting officer, controller, or any other persons performing similar functions in KnowBe4 will be promptly disclosed to stockholders if and as required by applicable law.
KnowBe4 reserves the right to amend this Code at any time, for any reason, subject to applicable laws, rules and regulations.