Textron and Ethics & Compliance
Integrity is the cornerstone of the way we do business at Textron. Our adherence to a high standard of ethical behavior is not only the right thing to do but has earned us the trust and respect of our customers, shareholders, employees and the communities where we live and work.
All Textron employees—regardless of position or title—are accountable for safeguarding and furthering the high ethical standards associated with our Company in the global marketplace. Adherence to our policies and the laws and regulations of each country within which we conduct business is expected. Our values of integrity, respect, trust and the pursuit of excellence are the foundation of our culture of responsible and ethical behavior.
For more than 40 years, Textron’s Ethics and Compliance Program has provided a road map and resources for our employees and has continued to evolve in response to changes in our business and the legal environment in which we operate. The Program requires each of our business units to assess ethics and compliance risks annually and, based upon changes in the business, the operating environment and other factors, prepare annual risk-based Ethics and Compliance Action Plans which include action steps for risk mitigation. A variety of rigorous processes, including ongoing monitoring, audits to detect violations, self-assessments by each Textron business unit, live and computer-based compliance training and other performance checks, ensure we are on the right course. Where appropriate, we incorporate lessons learned from these performance checks into our Ethics and Compliance Action Plans and use them to improve our Program.
BUSINESS CONDUCT GUIDELINES
Textron’s Business Conduct Guidelines set a strict standard for business conduct in areas including conflicts of interest, protection of assets, equal opportunity, diversity, environmental protection, health, safety, personal data protection, gifts and entertainment and anti-corruption. Our Business Conduct Guidelines apply to our Board of Directors and every Textron employee and have been translated into multiple languages and dialects for use by Textron’s global workforce. They define our values and our code of conduct and point the way for all of us.
ETHICS & COMPLIANCE OVERSIGHT
Oversight of Textron’s Ethics and Compliance Program resides at the highest levels of the organization. The Textron Steering Committee on Corporate Ethics and Compliance Program is responsible for oversight and review of the Program as well as its implementation and effectiveness. The Committee meets quarterly, and its members include Textron’s Chairman and Chief Executive Officer, Executive Vice President and Chief Financial Officer, and Executive Vice President, Human Resources. The Committee is chaired by the Executive Vice President, General Counsel and Chief Compliance Officer of Textron Inc., who also reports to the Audit Committee of the Board of Directors on legal, ethics and compliance matters at each Audit Committee meeting.
GLOBAL ANTI-CORRUPTION COMPLIANCE POLICY
Textron’s Global Anti-Corruption Compliance Policy applies to our Board of Directors and every Textron employee. It provides detailed standards and processes related to interaction with government officials and onboarding and monitoring of third-party business partners. The Policy prohibits improper payments to government officials and commercial bribery, and it strictly restricts facilitating payments to extremely limited situations where they are necessary to ensure the safety, health or well-being of Textron employees or their family members. The Policy provides detailed approval processes that govern gifts, entertainment, hospitality, and travel expenses for government officials, as well as non-U.S. charitable donations and non-U.S. political contributions. It also requires periodic training, certification, and background checks for employees in high risk positions.
With respect to third parties, the Global Anti-Corruption Compliance Policy establishes risk-based due diligence, review and approval requirements for the appointment of certain third parties acting on behalf of Textron outside the U.S., such as sales agents, representatives, dealers, distributors, consultants, customs brokers, freight forwarders, lobbyists, joint venture partners, offset providers and teaming partners. Additionally, it establishes procedures for payments to, contractual compliance provisions for agreements with, and continuing oversight of, such parties.
REINFORCING ETHICAL AND COMPLIANT BEHAVIORS
Business Conduct Guidelines and Compliance Certifications
All new employees are asked to review and acknowledge receipt of Textron’s Business Conduct Guidelines, which constitute our Code of Conduct. In addition, segments of Textron’s workforce annually certify as to the BCGs and, depending upon their role in the organization, to the Global Anti-Corruption Compliance Policy.
Compliance Training Modules
Training and awareness are an integral part of the Ethics and Compliance Program. Live and/or online compliance training are required for employees, including management. More than 113,000 online training modules on various ethics and compliance topics were completed by our employees in 2020, including trainings on the prevention of sexual harassment, prevention of corruption and on the importance of IT security. Each of these training topics was available in English and multiple other languages and dialects.
Recognizing Our Employees
Textron employees who have contributed to improving our compliance program are recognized for their achievements in ethics and compliance in one of three categories—Culture of Compliance, Standards and Procedures, and Communication and Training—through Textron’s annual Ethics and Compliance Award for Excellence. Positive reinforcement of best practices encourages our employees to make ethics and compliance a priority.
Culture of Compliance Surveys
Textron periodically surveys segments of its workforce for purposes of measuring its success in cultivating and sustaining a culture of integrity and compliance. These surveys ask employees their views on Textron’s expectations regarding ethical behavior, management’s leadership with respect to compliance, fear of retaliation, level of confidence that compliance concerns will be properly addressed and whether they feel pressured to compromise on our ethical standards. Textron intends to use these surveys to continue the process of shaping our ethics and compliance program.
ETHICS HELPLINE
Multiple avenues exist to raise issues, ask questions or report violations without fear of retaliation, including through our third-party administered confidential Ethics and Compliance Helpline. Helpline reports may be made online as well as by phone. Telephonic reports are taken by trained professionals and are relayed to Textron’s compliance professionals for appropriate resolution. Availability and use of the Helpline to report compliance concerns are promoted on Textron’s intranet and on posters displayed in the common areas of each Textron facility.
DATA PRIVACY
COMPLIANCE WITH GLOBAL PRIVACY LAWS, REGULATIONS AND STANDARDS
Textron, like all businesses, handles data that may include personal, sensitive, confidential or proprietary information about our employees, customers and others. We use this information for valid business purposes only and undertake to collect, process and transfer this information in compliance with all applicable laws and regulations in the U.S. and globally.
GOVERNANCE, ENFORCEMENT AND TRAINING
Textron has in place a governance framework and management system which guide the administration of data privacy and the monitoring of compliance throughout the enterprise.
Compliance is enforced via regular privacy risk assessments and audits and regular security audits on our technologies and practices affecting user data. Textron and each of its businesses also conduct regular employee data privacy and security training sessions.
DATA PROTECTION SAFEGUARDS
Information technology security safeguards have long been in place to protect Textron data, including personal data. Data protection safeguards include technical mechanisms to identify and protect against unauthorized access, use or disclosure, internal restrictions on access and a formal, robust, and auditable IT Risk Assessment process for vetting of new information systems or vendors that may access or process confidential or personal information.
INFORMATION SECURITY
Textron protects information assets and cost-effectively manages risk by creating a culture that designs, communicates and operates securely to reduce the likelihood and impact of security incidents. We achieve this objective by:
- Designing, implementing, and maintaining solutions with appropriate security controls
- Sustaining all solutions with required patching and vulnerability remediation
- Creating and executing controls in support of policy as well as regulatory compliance
- Ensuring that our policies, processes, practices, and technologies proactively protect, shield, defend and remediate cyber threats
- Delivering quality communications and training to all stakeholders on cyber awareness and computing hygiene
TEXTRON’S SECURITY CULTURE
Through our robust security awareness program, we keep our employees apprised of threats, risks and the part that they play in protecting both themselves and the company. One of the key components of this program is phishing simulation to increase awareness on how to spot phishing attempts, and what to do if they suspect an email to be a phishing attack. In addition, educational communications are published on our intranet regularly, employees are required to complete assigned compliance modules and our businesses collaborate each October to execute a campaign to promote National Cybersecurity Awareness Month.
CYBERSECURITY TALENT
Our robust cybersecurity professional talent development program includes a cross-functional, cross-business rotational program to ensure our team is well-rounded and experienced. We invest in regular and frequent training to ensure our team members are up to date on the latest technological advancements and threats.
SECURITY POLICY AND COMPLIANCE
Textron’s centrally defined security policies and processes are based on industry best practices and are revisited regularly to ensure their appropriateness based on risk, threats and current technology capabilities. We monitor compliance with these policies and processes through frequent internal audits and a set of robust metrics that assist in protection of our environment.
As a defense contractor, we are additionally obligated to comply with current Department of Defense regulations such as DFRS 252.204-7012 and are preparing for a Cybersecurity Maturity Model Certification (CMMC) Assessment.
SECURITY LEADERSHIP, COLLABORATION & SHARING BEST PRACTICES
Collaboration with our industry partners and government customers contributes to the protection of Textron’s computing environment as well as our military stakeholders. Textron is engaged with various industrial groups such as Aerospace Industries Association, National Defense Information Sharing & Analysis Center (NDISAC) and our Defense Industrial Base (DIB) colleagues to ensure that we are aware of and addressing the latest adversarial threats. Additionally, we share cyber best practices to make the industry more secure.
SUPPLY CHAIN SECURITY
Textron has a rigorous legal and technical process, including a formal IT Risk Assessment, to assess our suppliers and vendors prior to allowing Textron information to be processed, stored or transmitted by third parties. Additionally, we include standardized contractual requirements in each contract where appropriate.
INSIDER THREAT
Protections against insider threat is a critical component of our security strategy, particularly within our defense business units. Processes are designed to evaluate potential insider threats so that appropriate protective measures and responses can be implemented.
LIVE SECURE
Textron has adopted a “Live Secure” approach to our security programs. With this approach, we remind our employees, including those within or outside of the IT function, that they are critical to the success of our information security.