CCTX WHISTLEBLOWER POLICY

Purpose

This corporate Whistleblower Policy has been established to support the Canadian Cyber Threat Exchange’s (CCTX) corporate values and ethical environment. CCTX requires directors, officers, employees as well as persons and organizations working at or on behalf of CCTX to observe high standards of business and personal ethics in the conduct of their duties and responsibilities. As employees and representatives of CCTX, we must practice honesty and integrity in fulfilling our responsibilities and comply with all applicable laws and regulations. This Whistleblower Policy is intended to encourage and enable employees and others to raise serious concerns internally so that CCTX can address and correct inappropriate conduct.

Scope

This policy applies to any suspected improprieties in matters relating to accounting or auditing matters, breach of law; including but not limited to fraud, a breach of the CCTX Services Agreement, a misuse of the data that the CCTX holds or other ethical concerns, a breach of employee agreement, involving employees, contractors, vendors, or any other parties with a business relationship with CCTX (“Violations”).

Policy Reporting Procedure

CCTX has an open-door policy and suggests that employees and members share their questions, concerns, suggestions or complaints with their immediate supervisor. If they are not comfortable speaking with their supervisor or are not satisfied with the supervisor’s response, they are encouraged to submit a report through CCTX’s confidential email, which goes directly to our legal counsel.  Counsel will then forward complaints to both the Chair of the CCTX Board of Directors and the Chair of the Finance & Audit Committee, unless a complaint involves either of them, in which case it will only be forwarded to the other officer, and the subject of the complaint will have no involvement in the conduct of any review, investigation, or resolution.

Reports can be submitted in French or English by email at cctxwhistleblower@gowlingwlg.com.  

Confidentiality

Suspected or known violations may be submitted on a confidential basis by the reporter. Reports of violations or suspected violations will be kept confidential to the extent possible, consistent with the need to conduct an adequate follow up or investigation.

No Retaliation

It is contrary to the values of CCTX for anyone to retaliate against any director, officer, employee, member, member of the public, contractor or vendor who in good faith submits a report alleging a violation. Anyone who retaliates against someone who has reported a violation in good faith is subject to discipline up to and including termination of employment or cancellation of membership.

Acting in Good Faith

Anyone reporting a complaint concerning a violation or suspected violation must be acting in good faith and have reasonable grounds for believing the information disclosed is accurate. Any allegations that prove not to be substantiated and prove to have been made maliciously or intentionally false will be viewed as a serious matter.

Investigation Procedure

The Finance & Audit Committee of the of CCTX is responsible for ensuring that all reports of known or suspected violations are reviewed, investigated, and resolved. The Finance & Audit Committee will notify the person who submitted a complaint and acknowledge receipt of the report, through the third-party functionality, maintaining confidentiality and anonymity as required by the reporter. All reports will be promptly followed up on and where appropriate, investigated, and appropriate corrective action will be taken if warranted by the investigation. The Finance & Audit Committee will engage other senior executives, any employee or third party as required depending on the nature of the investigation and to the extent that such an executive, employee or third party is not implicated in the report.  The Finance & Audit Committee will liaise with the Executive Director and/or Chair of the Board to keep him/her advised of the ongoing investigations.  Should a report involve the Chair of the Finance and Audit Committee, it will be managed by the Chair of the CCTX Board of Directors.

Any investigative activity required in relation to reports received will be conducted without regard to the suspected wrongdoer’s position/title, length of service, or relationship to CCTX.

Board Reporting

At regular intervals, The Finance & Audit Committee Chair will provide a standing report to the Finance and Audit Committee of the Board on the number and nature of reports received, particulars of any concerns or complaints received regarding corporate accounting practices, internal controls, or the audit function. Matters falling within the mandates of other Board Committees will be referred to those committees. The Chair of the Finance & Audit Committee may, in his/her discretion and in collaboration with the Executive Director, choose to bring a matter to the immediate attention of a Chair of a Board Committee, so that input can be obtained as to the nature of the investigation to be conducted.