The case for CSR/ Sustainability Reporting Done Responsibly


IDENTIFY - MEASURE - MANAGE - CHANGE

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How Cybercom promotes ethical business behaviour

Case study: How Cybercom promotes ethical business behaviour

Cybercom is an IT consulting company enabling companies and organisations to benefit from the opportunities of the connected world and enhance their competitiveness, through innovative and sustainable solutions. Cybercom complies with the Swedish Anti-Corruption Institute’s Code of Gifts, Rewards and other Benefits in Business and works actively to combat corruption and unethical practices, making sure that every employee acts legally and appropriately in relation to Cybercom’s stakeholders.

This case study is based on the 2019 Sustainability Report by Cybercom published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

Cybercom seeks to make sure that high ethical standards characterise every aspect of its business and operations  Tweet This!, is opposed to any form of money laundering, and takes the relevant measures to prevent financial transactions that are of criminal intent. In order to promote ethical business behaviour Cybercom took action to:
  • implement a Code of Business Ethics and Conduct
  • promote information security and data protection
  • implement a Suppliers’ Code of Conduct

What are the material issues the company has identified?

In its 2019 Sustainability Report Cybercom identified a range of material issues, such as financial stability, sustainable products and services, smart use of resources, information security. Among these, promoting ethical business behaviour stands out as a key material issue for Cybercom.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups Cybercom engages with:

To identify and prioritise material topics Cybercom engaged with its stakeholders through the following channels: 

Stakeholder Group                Method of engagement
Clients

 

·      Ongoing dialogue via Cybercom’s key account managers and other sales representatives and consultants

·      Client surveys

·      Interviews

Employees

 

·      Biweekly “pulse checks”

·      Interviews

·      Ongoing engagement

Investors and owners

 

·      Annual general meeting

·      Board work

·      Interviews

Suppliers ·      Suppliers’ Code of Conduct

What actions were taken by Cybercom to promote ethical business behaviour?

In its 2019 Sustainability Report Cybercom reports that it took the following actions for promoting ethical business behaviour:

  • Implementing a Code of Business Ethics and Conduct
  • Cybercom’s Code of Business Ethics and Conduct applies to all employees and sets standards for employee professionalism and integrity. All employees complete web-based training sessions aimed at preventing corruption, based on the Code of Business Ethics and Conduct and containing various possible dilemmas on which employees must take a position. In 2019, Cybercom also used a whistle-blower channel for anonymous reporting of violations of the Code of Business Ethics and Conduct. Reports were dealt with by an external party. During the year, there were no cases of corrupt conduct or discrimination reported.
  • Promoting information security and data protection
  • Cybercom works systematically with information security, based on the company’s information security and data protection policy. The work is aimed at protecting Cybercom against intentional and unintentional threats and complying with applicable laws, regulations and the requirements and expectations of employees and clients. When GDPR (General Data Protection Regulation) went into full effect in 2018, Cybercom implemented a new security organisation and new policies and instructions to ensure compliance and raise the level of protection. Skills transfer and the exchange of experience among Cybercom’s internal security organisation and Cybercom’s IT secure business area were reinforced during the year, and are creating added value for Cybercom and its clients. In 2019, Cybercom had no cases of loss of client data.
  • Implementing a Suppliers’ Code of Conduct
  • All Cybercom suppliers must sign Cybercom’s Suppliers’ Code of Conduct, which aligns with the Cybercom Code of Business Ethics and Conduct in all material respects, including environmental guidelines. Thus, the Suppliers’ Code of Conduct covers the same areas as Cybercom’s internal Code of Business Ethics and Conduct – except for financial reporting and external communication. Both Cybercom’s internal Code of Business Ethics and Conduct and the Suppliers’ Code of Conduct are available on cybercom.com.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standards addressed in this case are:

1) Disclosure 205-2 Communication and training about anti-corruption policies and procedures

2) Disclosure 205-3 Confirmed incidents of corruption and actions taken

3) Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

 

Disclosure 205-2 Communication and training about anti-corruption policies and procedures corresponds to:

Disclosure 205-3 Confirmed incidents of corruption and actions taken corresponds to:

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

 

80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.



FBRH GRI Standards Certified, IEMA & CIM recognised Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI Standards Certified, IEMA & CIM recognised course you will be taking the first step in gaining the many benefits of sustainability reporting.

Most importantly, you will gain the knowledge to use the GRI Standards, project manage your own first-class sustainability report and:

  • Identify your most important impacts on the Environment, Economy and Society
  • Begin taking solid, focused, all-round sustainability action ASAP

 

References:

1) This case study is based on published information by Cybercom, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:

http://database.globalreporting.org/

2) https://www.globalreporting.org/standards/gri-standards-download-center/

Note to Cybercom: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.