Code of Ethics and Business Conduct
This Code of Ethics and Business Conduct (this “Code”) of Cato Networks Ltd, and its subsidiaries (“Cato”) describes our core values and our expectations for how you act when conducting business on Cato’s behalf. Cato is a global community, and each one of us depends on everyone else to do the right thing every single day. Sometimes, though, the right thing isn’t obvious, or you may not be aware of what the law requires you to do. This Code is your guide for upholding Cato’s values in your day-to-day activities.
What Our Code is, and What it Isn’t
This Code is designed to implement the laws to which we are all subject, but it may, in some aspects, go beyond legal obligations. In addition, this Code does not, and does not purport to, contain any legal advice. To the extent the laws applicable to you are stricter than the standards that apply to you pursuant to this Code, this Code is not purported to derogate from such laws and should not be understood as such. In the event of any inconsistency between this Code and the local laws applicable to you, the local laws will govern. Lastly, this Code is designed solely for the benefit of Cato and none of the provisions of this Code are intended to provide any rights or remedies to any person other than Cato.
This Code covers a wide range of business practices and procedures and sets out basic principles to guide you. Cato’s policies and procedures provide details pertinent to many of the provisions of this Code and certain matters may also be covered in employment and third-party agreements. To the extent there is a conflict between these procedures, policies, employment or third party agreements and this Code, please consult with Legal (see “Raising Issues or Concerns. Questions?” below). Although there can be no better course of action than to apply common sense and sound judgment, do not hesitate to use the resources available whenever it is necessary to seek clarification.
To Whom Does our Code Apply?
This Code applies to all Cato employees, officers, directors, and non-employee directors, partners, vendors, independent contractors and suppliers. We require all such individuals to read, understand, and follow this Code when performing services for or on behalf of Cato. We also expect all such individuals to personally uphold the rules and standards in this Code and to ensure that anyone doing business on behalf of Cato is aware of, understands, and adheres to the rules and standards in this Code.
It is the responsibility of all of us, regardless of tenure or title, to be responsible and recognize legal and ethical issues, and doing the right thing in conducting business activities. Cato’s managers should demonstrate not only compliance with the Code but support direct reports in learning and adhering to the Code and speaking up if they see a problem. If you are approached with a question or concern related to the Code or to any other Cato’s policy, listen carefully and give the person your complete attention. Seek guidance if you need it and report concerns if you see something that doesn’t seem in line with the Code or our values.
Raising Issues or Concerns. Questions?
You must report any suspected violation of laws, rules, regulations, or this Code immediately. Cato will not retaliate, and will not tolerate retaliation, against anyone who, in good faith, reports violations or suspected violations, or assists in an investigation of a reported violation. Immediately report any acts that appear to be retaliation. Suspected violations or suspected retaliation can be reported to Human Resources by contacting your HR Business Partner or Legal.
Cato’s Legal Department has the primary responsibility for implementing and overseeing this Code. If you have questions about any of the issues where this Code suggests you contact Legal, or if you wish to consult with our Legal Department about any aspect of this Code please contact Legal at: firstname.lastname@example.org.
We encourage you to provide as much detail as possible about the complaint or concern because Cato’s ability to investigate depends on the quality and specificity of the information. All properly reported potential violations of this Code will be promptly investigated. Violators will be subject to discipline up to and including termination. In addition, where appropriate, any violations of law will be reported to the appropriate law enforcement authorities. However, employees who file reports or provide evidence that they know to be false or without a reasonable belief in the truth and accuracy of such information will not be protected by this Code and may be subject to corrective action, including immediate termination.
Stop! If you hear the following statements (this includes hearing yourself using them!), you should consider the ethical implications thereof:
* “No one will ever know…” * “Achieving the goal is what matters…”
* “Shhh! the auditor’s team is here…” * “But our competitors do it…”
* “We can do it just this once…” * “You don’t have to tell him everything…”
Customer & Partner Relationships
Our customers are of the utmost importance to us. Cato’s employees must always treat customers and potential customers according to the highest standards of business conduct. It is Cato’s policy to sell its solutions and services on their merits and to avoid making disparaging comments on others. Employees should be careful in this regard in commenting upon the character, financial condition, or potential legal or regulatory problems of competitors.
The Company’s suppliers are important to our business, and as such Cato’s employees should always treat suppliers and potential suppliers in accordance with the highest standards of business conduct. Suppliers must be selected on the basis of objective criteria, such as value (quality for price), price, technical excellence, service reputation, Cato’s past experience with working with them and production/service capacity.
Equal Opportunity and Discrimination Free
Cato is committed to a policy of equal employment opportunity and creating a discrimination and harassment free work environment. You are expected to create a respectful workplace that supports a culture of diversity and to make all employment decisions based on a principle of mutual respect and dignity consistent with applicable laws. Cato strictly prohibits discrimination or harassment of any kind on the basis of a person’s legally protected characteristics or status.
“Harassment” is generally a form of discrimination that consists of unwelcome behavior, based on a person’s legally protected characteristic or status, that has the purpose or effect of creating an intimidating, hostile, or offensive work environment. Harassment can come in many forms including physical actions, verbal or written remarks, offensive emails, cartoons, or pictures. Cato strongly disapproves of, and will not tolerate, harassment by any employees or non-employees.
Examples of characteristics or status that may be legally protected by local law or Cato policy are: age, ancestry, color, gender (including pregnancy, childbirth, or related medical conditions), gender identity or expression, genetic information, marital status, medical condition, mental of physical disability, national origin, protected family care or medical leave status, race, religion (including beliefs and practices or their absence), sexual orientation, military or veteran status, and other considerations protected by national, state or local law.
If you experience or witness any discrimination or harassment, report the incident as described above. No adverse employment action will be taken against any person for making a good-faith complaint or report of discrimination, harassment or improper conduct, assisting in an investigation, or exercising rights under applicable laws. Retaliation against any person for any such protected activity will not be tolerated.
Cato strives to provide a safe, healthy, and sanitary work environment. We view it as being everyone’s duty – to our colleagues, their families and our communities – to maintain a safe and healthy workplace for everyone by following safety and health rules and practices and promptly reporting accidents, injuries, and unsafe equipment, practices, or conditions.
Drugs & Alcohol
Cato’s position on substance abuse is simple – it is incompatible with the health and safety of our employees, and we don’t permit it. Alcohol may be available at certain corporate events, but use good judgment and never drink in a way that leads to impaired performance or inappropriate behavior, puts yourself or others in danger, or violates the law. You are strictly prohibited from driving a vehicle on Cato business (including transporting others to and from an event) while under the influence of alcohol, non-medical or illegal drugs, or other controlled substances. Illegal and non-medical legal drugs in our offices or at Cato-sponsored events are strictly prohibited.
Combating Trafficking in Persons
Cato has a zero-tolerance policy regarding trafficking in persons and slavery. As required by law and pursuant to Cato policy, there is a complete prohibition from engaging in any practice that constitutes trafficking in persons or slavery.
Follow the Rules
Because Cato is a global company, we are subject to the laws of many countries and jurisdictions. You should be aware of and comply with all applicable laws. The application of laws to particular situations can be complex. Cato’s policies and guidelines are intended to assist in navigating many of these laws. In some instances, the Code and other Cato’s policies might go beyond the requirements of applicable laws, rules and regulations, and in those instances, you must follow our Code and policies. However, if a provision of the Code or other policy conflicts with applicable law, the law supersedes.
Violations of laws, rules, and regulations may subject the violator to individual criminal or civil liability, as well as to disciplinary action by Cato. These violations may also subject Cato to civil or criminal liability or the loss of business. If you have any questions on how to interpret or comply with applicable law, please contact Legal.
A wide range of complex laws and regulations dictate where and how Cato can provide its solution, services and technology. The U.S., Israel and various other countries limit the export and import of services, typically those that use or contain encryption. In some cases the United States or other governments may prohibit doing any business with certain countries, organizations, or individuals. If you are involved in making available Cato’s services or any form of technical data from one country to another, work with Legal to be sure that the transaction stays within the bounds of applicable laws. This is a complex and technical area, so you should always seek help if you have any questions about export (or import) control matters.
Doing business with the government is highly regulated and driven by statutory requirements. Activities that may be appropriate when dealing with commercial customers may be improper, and even illegal, when dealing with the government. The penalties for failing to follow government procurement laws are severe and include substantial civil and criminal fines, imprisonment for responsible individuals, and debarment of Cato from doing business with the government. If your work involves a government entity, you are responsible for knowing the specific requirements that apply. Always ask your manager or contact Cato Legal if you are unclear about what is required.
Anti-Corruption, Bribery, and Kickbacks
Cato has a zero-tolerance policy for kickbacks, bribery, facilitation payments (payments to a governmental official to expedite performance of routine duties) and corruption. We seek to act, and to be treated, at all times with the utmost integrity, honesty and transparency, and in compliance with anti-corruption laws in all countries in which we do business.
Regardless of local practices or actions by our competitors, you are prohibited from improperly promising, offering, providing, or authorizing the provision of money or anything else of value (such as a gift or favor) directly or indirectly to any government, government official or other individual, entity, or organization in exchange for business or any benefit for Cato or any other person associated with Cato’s business. The definition of “government official” is broad and can vary depending on the applicable law. In general, a “government official” is any government officer, employee or consultant, candidate for public office, or employee of government owned or controlled companies, publicly operated or funded international organizations, or political parties or the spouse or immediate family members of any of the persons mentioned above.
Money laundering is an act of concealing the source of money to avoid disclosing its sources or use and/or to avoid paying taxes. Cato is committed to complying fully with all anti-money laundering and anti-terrorism laws throughout the world. Cato should avoid engaging in any transaction that is structured in a way that could be viewed as concealing illegal conduct or the tainted nature of the proceeds or assets at issue in a transaction. Consult with Legal if you have any questions regarding the appropriate due diligence to be taken before conducting business with any vendor, supplier, contractor, reseller, distributor, customer or other third party.
Fair competition laws, including U.S. antitrust rules, limit what a company can do with another company and what a company can do on its own. Generally, the laws are designed to prohibit agreements or actions that reduce competition and harm consumers. You may not enter into agreements or discussions with competitors that have the effect of fixing or controlling prices, dividing and allocating markets or territories, or boycotting suppliers or customers.
Fairness and Honesty
Conflict of Interest
A conflict of interest arises when your personal interests interfere with your ability to act in the best interests of Cato’s. Employees must discharge their responsibilities on the basis of what is in the best interest of Cato, independent of personal consideration or relationships. Employees should disclose any potential conflicts of interest to Legal, who can advise the employee as to whether or not Cato believes a conflict of interest exists. An employee should also disclose potential conflicts of interest involving the employee’s spouse, siblings, parents, in-laws, children and other members of the employee’s household.
Activities outside Cato
Although Cato has no interest in preventing employees from engaging in lawful activities during nonworking hours, employees must make sure that their outside activities do not conflict or interfere with their responsibilities to Cato. For example, Cato’s employee generally may not, without approval by Cato:
- engage in self-employment or perform paid or unpaid work for others in a field of interest similar to Cato;
- use proprietary or confidential information of Cato for personal gain or to Cato’s detriment;
- use Cato’s assets or labor for personal use, except for incidental use permitted under Cato’s policies;
- acquire any interest in property or assets of any kind for the purpose of selling or leasing it to Cato;
- perform an outside activity in a way that suggests it is authorized or sponsored by Cato, unless Cato has expressly authorized the employee to represent it;
- Hiring a vendor that is affiliated with, or has any financial relationship with, a friend or relative;
- Hiring a relative;
If you have an interest in a transaction involving Cato, including an indirect interest through a relative, friend, or business—you must disclose it in writing to Legal, refrain from pursuing the transaction, and follow any instructions you receive. In exceptional circumstances, Cato may permit such a transaction to move forward. Cato may at any time rescind prior approvals to avoid a conflict of interest, or the appearance of a conflict of interest. In certain cases, the Board of Directors of Cato (or a Board committee) may be required. If a previously approved or ratified transaction has changed or expanded, you must promptly inform Legal. If a transaction is properly approved or ratified, it will not be deemed a waiver of this Code.
Corporate Gifts, Gratuities and Entertainment
Use of Cato funds or other Cato property for illegal, unethical or otherwise improper purposes is prohibited. The purpose of business entertainment and Gifts (as defined below) in a commercial setting is to create goodwill and a sound working relationship, not to gain personal advantage with customers or suppliers. (Note: This section deals only with gifts, gratuities and entertainment in a commercial setting; there is an absolute prohibition in the governmental setting, as noted above under “Anti-Corruption, Bribery, and Kickbacks”.)
The term “Gift” includes any payment, compensation, loan or other financial favor, such as hosting activity, which generally includes travel, meals and invitations to events and conventions. Except as set out below, without approval of Legal, employees must refrain from giving and receiving business-related Gifts.
- You may not give a Gift to or a person or organization with the intention of influencing the recipient’s business judgment or conduct, nor may you accept a Gift from any person if there is any concern that the intention of the giver is to influence your business judgment or conduct.
- You must be careful and avoid even the appearance of impropriety in giving or receiving Gifts. In general, you cannot offer, provide or accept any Gifts in connection with your service to the Company except in a manner consistent with customary business practices, such as customary and reasonable meals and entertainment.
- Gifts should be considered permitted only if all of the following conditions are met:
- Gifts may only be offered, or accepted, if they are intended to serve legitimate business goals and comply with this policy.
- The Gift is not lavish.
- Gifts must not be granted too frequently.
- The Gift is permitted under local law.
- It is recommended that:
- The Gift will be for official use rather than personal use.
- The Gift showcases Cato products or logo.
- It is never appropriate or permissible to accept or give cash or a cash equivalent from or to a vendor, supplier or customer. Cash equivalents include, among other things, checks, money orders and vouchers.
- No employee may accept a customer, vendor or supplier discount for themselves unless it is generally available to the public or is approved and available to all Cato employees.
- Company employees may entertain socially friends doing business with Cato provided that the entertainment is clearly not related to Cato business. No expenses of such entertainment are reimbursable by the Company.
Please discuss with Legal regarding any proposed Gift if you are uncertain about their appropriateness.
Employees may not accept loans from persons or entities having or seeking business with Cato, other than loans made or provided by a financial institution: (a) in its ordinary course of business, (b) of a type that is generally available by such institution to the public, and (c) made by such institution on market terms, or terms that are no more favorable than those offered by such institution to the general public. Executive officers and directors may not receive loans from Cato, nor may Cato arrange for any such loans.
Contracts and Commitments
You may not enter into any agreement binding Cato without authorization. Employees involved in proposals, bid preparations or contract negotiations should strive to ensure that all statements, communications, and representations to prospective customers are truthful and accurate.
Political Contributions & Lobbying
No political contributions are to be made using Cato’s funds or assets, or on its behalf, or appearing to be so, unless the contribution is lawful and expressly authorized in writing by Legal. A “contribution” is any direct or indirect payment, distribution, loan, advance, deposit, or gift of anything of value in connection with an election or to an organization or group formed to support or defend a referendum or ballot issue. Nothing in this Code is intended to discourage you from making contributions of your own time or funds to political parties or candidates of your choice. However, you will not be compensated or reimbursed by Cato for any personal contributions.
Financial Records & Communications
You are responsible for the accuracy of your records and reports. Accurate information is essential to Cato’s ability to meet its obligations and to compete effectively. Cato’s records must meet the highest standards and accurately reflect the true nature of the transactions they record. Destruction of any records, or other documents except in accordance with Cato’s document retention policy is strictly prohibited. You must not create false or misleading documents or electronic records for any purpose relating to Cato, and no one may direct an employee to do so. No undisclosed or unrecorded account or fund may be established for any purpose. No disbursement of corporate funds or other corporate property may be made without an adequate supporting documentation or for any purpose other than as described in the documents. You may not:
- unduly influence, manipulate or mislead any authorized audit of Cato’s financial statements or accounting books and records;
- intentionally misrepresent Cato’s financial performance or otherwise intentionally compromise the integrity of Cato’s reports, records, policies, or procedures;
- Report information or enter information in Cato’s books, records, or reports that fraudulently or intentionally hides, misrepresents, or disguises the true nature of any financial or non-financial transaction or result;
- Establish any undisclosed or unrecorded fund, account, asset, or liability for any improper purpose;
- Enter into any transaction or agreement that accelerates, postpones, or otherwise manipulates the accurate and timely recording of revenues or expenses;
- Intentionally misclassify transactions as to accounts, business units, or accounting periods;
- Intentionally create any false or misleading records or documentation;
- Intentionally assist others in any of the above.
It is the policy of Cato to cooperate with all government investigations, if any shall be initiated. You must promptly notify Legal of any government investigation or inquiries from government agencies concerning Cato. You must not obstruct the collection of information, data or records relating to Cato. Cato will provide information to the government during an inspection, investigation, or request for information, if the government is legally entitled to such information – only Legal is authorized to decide which information must be provided. You must not lie to government investigators or making misleading statements in any investigation relating to Cato. You must not attempt to cause any employee to fail to provide accurate information to government investigators. Employees have the right to consult their own legal counsel at their own expense.
Communications with Third Parties
Employees, officers and directors who have access to the Company’s confidential information are not permitted to use it for their personal benefit or the benefit of others, or share that information for any other purpose, except when the use is primarily for the purpose of benefiting Cato in the conduct of its business.
Communications with the Media and the Financial Community
Cato communicates with the press and with the financial community through official channels only. Cato provides accurate and timely information about its business to investors, the media and the general public. All inquiries received from financial analysts or the media concerning Cato should be rereferred to the CFO, or to other official channel authorized by Cato. Legal inquiries concerning Cato, or inquiries regarding current or former employees of Cato should be referred to Legal.
Confidentiality & Intellectual Property
You must protect all confidential information concerning Cato, as well as confidential information with which other parties have entrusted us. We must protect all information that is confidential in nature even if the information is not marked “confidential.” Examples of confidential information are: financial data and projections, such as sales bookings and pipelines; proprietary and technical information, such as trade secrets, patents, inventions, product plans, and prospect and customer lists; information about corporate developments, such as business strategies, plans for acquisitions or other business combinations, major contracts, expansion plans, financing transactions, and management changes; personal information about individuals; and confidential information of customers, partners, and others.
As a general rule, you are prohibited from sharing Cato’s confidential information with outsiders, even with your close family or friends. This duty continues even if you leave Cato. Please see the Confidential Information and Invention Assignment Agreement (and, if you are based outside of the U.S., your employment contract) you signed when you joined Cato for more details. Only share confidential information inside of Cato with people who actually need it to do their jobs. Only access or use Cato’s confidential information for Cato’s benefit. Protect it and be careful not to reveal confidential information on the Internet, including through social media.
Sometimes you may need to share confidential information outside of Cato for a deal or project. Before doing so, make sure that the information is appropriate to share and that you have put safeguards in place to protect it (for example, an NDA is in place that protects Cato’s confidential information, documents are marked “Confidential,” and you are not sharing more than necessary). When sharing any confidential information outside of Cato, strictly follow any other policies that apply to the specific type of information. If you find yourself in a situation where you think that you may need to disclose confidential information (for example, you receive a subpoena or demand letter), contact Legal first, and they will take the lead.
Protecting Cato’s Intellectual Property is of utmost importance and everyone in Cato works extremely hard to create, market, and safeguard it. If we don’t protect it, Cato risks losing its intellectual property rights and the critical competitive advantages we provide. Intellectual property covers many things, but common and valuable examples are our products and services, code, business strategy, customer and prospect lists, and trade names. Protect our intellectual property by avoiding inappropriate disclosures (see “Confidentiality” section above). When disclosure is authorized, mark the information with a trademark, or confidentiality mark (check with Legal if you’re unsure about what to write). When you create new intellectual property on Cato’s time or using Cato’s resources, share it with your managers so that Cato can decide whether to seek formal protection.
Security, Data Protection & Privacy
Information Security and data protection are core to our business. All of us must do our best to protect and maintain our and our customers’ data every day. It only takes one breach to cause extensive damage to our business, reputation and prospects.
With that in mind: Always secure your laptop, important equipment, files, and your personal belongings, even when you are at the office. Do not leave sensitive documents on your desk or on your computer screen when you walk away, even just for a minute. Only use company-issued USB drives. Do not plug any personal external drive into your Cato devices. Don’t work on a confidential presentation on a plane or train, or have a sensitive conversation while you’re in an elevator or waiting in line at your local coffee shop. Don’t modify or disable passwords or other security and safety features. Immediately report any security incidents (including lost, stolen, or accidentally distributed passwords, sensitive information, or confidential information) to: email@example.com.
We provide you with tools and technology you need to do your job. Please remember that these tools and technology (plus the work-related files on them) are Cato’s or our licensors’ property. To the extent permitted by applicable law, Cato may monitor, access, and disclose email and other communications and information on Cato equipment, including laptops, our corporate electronic facilities or on our premises, with or without your knowledge or approval, always subject to applicable laws and regulations. Cato equipment should be used primarily for business purposes, although incidental personal use is allowed. You may not use Cato’s assets or technology to violate corporate policy or the law.
All third-party software used for Cato’s business or installed on Cato’s equipment must be pre-approved by Security and IT and be appropriately licensed. You should never make or use illegal or unauthorized copies of any software, since doing so may constitute copyright infringement and may expose yourself and Cato to civil and criminal liability. You should never download or use any software or code that has not been approved by Security and IT.
Cato provides various technology resources to you to assist in performing your duties on behalf of Cato. You have the responsibility to use Cato’s technology resources in a manner that complies with applicable laws and Cato’s policies. Cato reserves the right to limit such resources by any means available to it, including revoking resources altogether. You may not use Cato technology resources to violate any copyrights of Cato, of other individuals or entities. You may not use any of Cato’s technology resources for any illegal purpose, in violation of any company policy, in a manner contrary to the best interests of Cato, in any way that discloses confidential or proprietary information of Cato or third parties on an unauthorized basis, or for personal gain.
Laws in many countries protect the privacy of individuals. There are very substantial penalties for unauthorized disclosure of personally identifiable information – broadly speaking, personal or financial information relating to an individual – or even for the transfer of personal information from one country to another without appropriate safeguards. The rules governing privacy are complex. If you are dealing with personal information, please be sure to familiarize yourself with these rules. Legal will be happy to provide training that is tailored to your situation.
Cato acknowledge our planet’s finite resources and strives to be a sustainable business. We support sound environmental management principles, and we consider Cato’s and our suppliers’ impact on the environment.
Cato seeks to prevent, mitigate and control serious environmental and health impacts from our operations, including water, waste, air quality and biodiversity. Environmental impact should be taken into account in all aspects of our business, from the use of disposables in our cafeterias to avoiding unnecessary air travel. Our suppliers must validate that all input materials and components were obtained from permissible sources consistent with international treaties and protocols in addition to local laws and regulations.