Corporate Compliance Policy

Purpose

Ultima Business Solution Limited’s (‘Ultima’) is committed to a compliance policy to ensure that Ultima operates within the law, in a manner that meets Ultima’s own security procedures, management systems and any external standards that Ultima is required to adhere to.

Scope

The Policy defines the requirement to comply with legislation that specifically affects Ultima’s staff and the services it provides. This is a company-wide compliance policy.

Requirements

  • The Board is responsible for the policy and procedures and shall provide staff with education and training to support adherence to this Policy.
  • The Board shall be responsible for approving this Policy and the Head of Legal and Compliance shall be responsible for maintaining this Policy.
  • The Head of Legal and Compliance shall be responsible for implementing and communicating this Policy and associated processes and procedures to their staff and for supervising compliance.
  • The Head of Legal and Compliance shall maintain the Legal Register as much as is reasonably possible utilising both internal external support, where necessary.
  • The Compliance Manager shall be responsible for ensuring that regular audits of the processes and procedures that implement this Policy are performed to maintain compliance and facilitate continual improvement.
  • All staff are responsible for maintaining awareness of Ultima’s policies and procedures applicable to their role and for complying with them. All staff shall also maintain awareness of the policies set out in the frameworks of Compliance streams implemented by Ultima, where such Compliance streams include ISO9001 and ISO27001.
  • The Heads of Department in conjunction with the HR Team shall maintain the framework that illustrates the training objectives of the business, and the traning needs of staff.

Policy

Ultima will comply with all relevant applicable laws and regulations (collectively “statutory obligations”) and best practice. Ultima will maintain an awareness training programme as a means of effective communications to its staff pertaining to the statutory obligations and best practice is set out in section 11, ‘Statutory Obligations and Best Practice’. The essence of this Policy is to:

  • Ensure compliance with UK law;
  • Create safe, fair and respectful working conditions;
  • Maintain confidentiality and security of Ultima’s and third parties’ sensitive information;
  • Treat all Information Assets in accordance with the Information Classification, Labelling and Handling Policy and relevant contractual obligations;
  • Ensure that the use of assets, implemented or operated by Ultima, has been properly authorised;

Final

Key statutory obligations and best practice relevant to this policy include, but are not limited to:

  • Bribery Act 2010;
  • Computer Misuse Act 1990;
  • Copyright, Patents and Designs Act 1988;
  • Companies Act 2006;
  • Criminal Finances Act 2017;
  • Employment Act 2008;
  • Equality Act 2010;
  • Health & Safety at Work Act 1974;
  • Human Rights Act 1998;
  • Modern Slavery Act 2015;
  • Prevailing Finance Act;
  • Regulation of Investigatory Powers Act 2000;
  • Relevant Data Protection legislation;
  • Relevant Employment legislation;
  • Relevant Privacy legislation;
  • WEEE Regulations 2013;
  • Other relevant legislation set out in the Legal Register; and
  • Conformance to the policies and relevant processes and work instructions set out in Ultima’s implementation of the ISO27001 and ISO9001 Compliance Standards.