Supplier Code of Conduct

Last Updated: August 1, 2023

Introduction

At Zscaler, Inc. (collectively with its subsidiaries, “Zscaler”), we believe that how we conduct ourselves is just as important as what we do. We are committed to conducting our business in an ethical, legal, and an environmentally and socially responsible manner. We promote and uphold the highest standards of business ethics and integrity; and expect our vendors, suppliers, and other third-party partners along with their employees, personnel, agents, and subcontractors (collectively “Suppliers”) to do the same. This Supplier Code of Conduct (“Code”) sets forth Zscaler's guidelines and requirements for ethical business practices and legal compliance.

Scope and Applicability

Suppliers must adhere to this Code while conducting business with or on behalf of Zscaler. Suppliers should monitor their own operations—including their own next tier suppliers—through appropriate due diligence, audits, and similar activities.

In all cases in which Zscaler requirements are different from local legal requirements, Suppliers are required to meet the more stringent requirement.

Compliances with Law, Standard Conduct, and Business Ethics

Compliance with Applicable Laws

Suppliers shall comply with all other applicable local, national and international laws, regulations, treaties and industry standards.

Suppliers are responsible for maintaining awareness and updating themselves (and employees) on rules and regulations that are applicable to them or their subsidiaries in all regions and jurisdictions where the Supplier conducts business.

Financial & Accounting Practices

All financial and business records are of vital importance and all Suppliers must maintain accuracy and integrity of such records. Suppliers shall ensure their actions or engagement do not result in conveying false or inaccurate financial information to Zscaler or its customers or partners. Suppliers must maintain and retain all financial and accounting records in accordance with applicable laws (local, federal, or global), accepted industry guidelines, and procedures relating to preservation of documents and records.

Zscaler reserves the right to audit (themselves or through a hired third-party auditor) or inspect Suppliers’ records applicable to Zscaler and the services it provides to Zscaler, as permitted by law.

Anti-Bribery and Corruption

Suppliers must comply with all applicable anti-corruption and anti-money laundering laws, regional, federal and global. No forms of bribery, corruption, kickbacks, extortion or embezzlement are tolerated in any form or for any purpose. We expect our Suppliers to refrain from providing or giving personal gifts, fees, favors, other compensation or business courtesies, including but not limited to entertainment activities, that are intended to influence, or might reasonably appear to influence, a business decision.

Every business transaction should be carried out in full transparency and precisely recorded in the Supplier’s accounts and records. To ensure compliance with anti-corruption legislation, including but not limited to the OECD Anti-Bribery Convention, the United Kingdom Bribery Act of 2010, and the United States Foreign Corrupt Practices Act of 1977, Suppliers should ensure that appropriate controls are in place.

Conflict of Interest

Suppliers should strive to avoid situations and/or transactions where a conflict of interest might occur or appear to occur while being associated with Zscaler in any form.

Conflict disclosure is just as crucial as recognizing and avoiding conflicts. Suppliers must inform Zscaler of any transaction or relationship that could give rise to conflict of interest or the perception of a conflict.

Intellectual Property Rights

Suppliers must protect and respect Zscaler assets, confidential information, proprietary information, customer information and intellectual property. Suppliers shall not misuse or infringe Zscaler’s intellectual property rights, including but not limited to, invention, discovery, idea, original works of authorship, development, improvements, trade secret, concept, or other proprietary information or right.

Any known unauthorized use by a third party of trade secrets, brands, trademarks, logos, or any proprietary or private information belonging to Zscaler must be immediately reported to Zscaler by the Supplier.

Fair Competition and Antitrust Laws

Suppliers must comply with all applicable fair competition and antitrust laws and regulations. Suppliers must only use legal means to gather information about sellers of products or services that compete with Zscaler products and services.

Any communication between a Supplier and a competitor discussing a deal or discussion with Zscaler’s prices, costs, terms and conditions, or any other information that could be considered competitively sensitive and/or Zscaler confidential may be construed as a violation of this Code.

Global Export Compliance 

Suppliers and their subcontractors must comply with all applicable export controls and trade sanctions laws, regulations and/or any other relevant restrictions, including not operating in any country where such access or use is subject to a trade embargo or prohibition. Suppliers and their subcontractors must not provide, operate, or otherwise support any controlled technology, industry, or goods or services, or any other restricted use, without having a valid governmental license, authority, or permission to engage in such conduct. Suppliers or any of their subcontractors must not be enlisted on the OFAC Sanctions List.

Transparency

We believe that transparency is crucial for the long-term health of our business relationships and ask that all our Suppliers embrace this as a core aspect of our partnership.

Data Confidentiality, Privacy & Protection

Data privacy, compliance, and security are at the core of our business. Zscaler adheres to rigorous security, availability, confidentiality, and privacy standards so that our customers can adopt our services with confidence.

Suppliers must comply with all applicable data privacy, data protection and cybersecurity laws, regulations, and guidelines while dealing with any information received from Zscaler.

Suppliers are required to protect data (their own, Zscaler and Zscaler’s customers and partners) by building secure products, services and strong internal protocols.

Labor and Human Rights

Zscaler seeks to ensure that the people who work in our supply chain are treated with fairness, dignity and respect. This applies to all employees, including temporary, migrant, student, contract, direct employee, and any other type of employee.

Human Rights

Zscaler believes that every individual in our supply chain deserves to work in a fair and ethical environment. Suppliers must uphold the human rights of all persons it employs and treat them with utmost respect and dignity.

All Suppliers are required to uphold and abide by international, national, and local human rights standards, including but not limited to those from the International Labour Organization (ILO), the United Nations Guiding Principles on Business and Human Rights (UNGPs), the Organisation for Economic Co-operation and Development (OECD), as well as industry-leading health and safety organizations.

We expect our Suppliers to have appropriate policies and practices in place that apply to their employees and supply chains. Suppliers must ensure they are not complicit in human rights abuses, including modern slavery and human trafficking. 

Anti-discrimination and Harassment

In hiring and other employment practices, Suppliers shall not discriminate against any employee on the basis of race, color, ethnicity, gender, religion, creed, marital status, age, national origin, ancestry, citizenship, physical or mental disability, military and veteran status, genetic information, medical condition, sexual orientation, or any other protected class, characteristic, or consideration made unlawful under applicable federal, state, or local laws. Zscaler takes pride in its inclusive work culture and expects Suppliers to further uphold these beliefs in their supply chain.

Suppliers must ensure a workplace free from harassment and abuse. Harassment in any form, including physical, verbal, sexual, emotional, or psychological will not be tolerated.

Voluntary Employment

Suppliers must not use involuntary labor of any kind, including prison labor, debt bondage, slave labor or forced labor.

Suppliers must allow their employees to terminate their employment after a reasonable notice period. Suppliers must not withhold, keep, destroy, conceal, confiscate, or deny access to their employees’ government-issued identification card, passport, or work permit.

No Child Labor

The use of child labor is strictly prohibited. Suppliers are expected to comply with minimum age requirements set by local laws and International Labour Organisation (ILO) conventions and should not employ anyone below the legal employment age.

Wages and Working Hours

Suppliers must provide fair compensation and benefits for all employees, including employees who are permanent, temporary, migrant, apprentices, and contract. Such compensation must meet the legal minimum standards as required by local law.

Freedom of Association and Collective Bargaining

Suppliers must respect employees' rights to freedom of association, collective bargaining, and peaceful assembly (including the right to refrain from such activities) in accordance with local laws and obligations and international standards.

Environment

At Zscaler we are committed to minimizing our impact on the planet. We also strive to be responsible stewards of the environment and seek to reduce the environmental impacts in our supply chain.

Applicable Environmental Law, Regulations, and Standards

Suppliers must, at a minimum, adhere to applicable environmental laws, regulations, and international treaties, including those governing waste, air, water, and hazardous materials. Further, Suppliers must comply with all applicable laws and regulations regarding the use of prohibited or restricted substances in products, packaging, or manufacturing. Suppliers are required to meet all conflict minerals requirements, conduct proper due diligence, and demonstrate compliance.

Additionally, Suppliers must obtain all required environmental permits, consents, regulatory approvals, and registrations required to conduct their operations. 

Zscaler can request, and Suppliers must provide, all permits and records related to environmental compliance whenever it is needed for internal or third-party audits or as part of a certification or verification process.

Minimize Environmental Impact

Zscaler encourages its Suppliers to strive to create and/or adopt processes and minimize adverse impacts on communities, the environment, and natural resources.

Suppliers are encouraged to set quantifiable goals to reduce environmental impact and greenhouse gas (GHG) emissions, minimize waste, water consumption, and energy consumption. We encourage our Suppliers to set publicly visible science-based targets in line with the objectives of the Paris Climate Agreement.

Suppliers are encouraged to implement strategies to: 1) reduce use of, 2) reuse and 3) recycle materials, whenever possible, prior to disposal. Suppliers are also encouraged to seek and use renewable energy whenever possible.

Occupational Health and Safety

At Zscaler we believe that our greatest asset is our people, and we are committed to the wellbeing of all our employees. Similarly, we expect Suppliers to prioritize the occupational health and safety of their employees and implement reasonable and effective occupational health and safety measures.

Suppliers must comply with all safety rules and practices, cooperate with authorities enforcing these rules and practices, and promptly report all accidents, injuries, and unsafe practices or conditions in accordance with law.

Suppliers are responsible for determining and evaluating any potential emergencies. Suppliers shall devise and put into action emergency plans and procedures that will minimize harm to life, environment, and property for each scenario.

Physical Access Control

Those Suppliers who access Zscaler's premises for performance of services must adhere to the security control system put in place by Zscaler to ensure zero intrusion and the protection of Zscaler and its customers’ and partners’ confidential information. The physical access credentials must only be used for their intended purpose and must not be exploited.

Business Continuity Plan

When it comes to assuring the availability of vital services for Zscaler during an unexpected disaster event that could completely or partially impair the performance of services, Zscaler expects its Suppliers to manage business continuity risk. Zscaler therefore anticipates that its Suppliers will have strategies in place to ensure that their operations can continue with the least amount of disruption possible in the case of an emergency, crisis situation, natural disaster, or terrorist/security-related event.

Cooperation and Support

Suppliers are expected to provide their full cooperation in assessments or audits which may be conducted by Zscaler from time to time, whether conducted by Zscaler itself or through a third party.

Suppliers must produce all necessary evidence in such circumstances, operating in a transparent manner. If Suppliers are found to be violating the Code’s guidelines or requirements, corrective action plans may be suggested, which are to be established within a specified time frame and the progress of the same shall be monitored.

Any breach of this Code or failure to implement suitable corrective action plans may result in further action, including contract termination or loss of status as a Supplier.

Communication and Amendment

Suppliers are required by Zscaler to keep a documented code of business behavior that is applicable to and binding on all of its employees, subcontractors, and agents. In order to avoid and identify illegal and unethical behavior, such policy should include requirements that are substantially similar to this Code as well as any applicable laws and regulations. If a situation arises where either this Code's requirements or Supplier’s own policy are not met, the Supplier shall promptly notify Zscaler.

Zscaler has the right to periodically update this Code to reflect changes in applicable laws or regulations or for any other cause or reason.

Reporting Concerns

To report questionable behavior or a possible violation of this Code, Suppliers should contact their primary Zscaler contact or submit the concern through Zscaler’s reporting hotline at https://zscaler.ethicspoint.com

Suppliers must not retaliate against anybody who in good faith discloses a violation of this Code or assists in an investigation into any such violation or unlawful conduct. No person who reports a suspected breach in good faith shall be subject to discharge, demotion, suspension, threats, harassment, or any other form of discrimination by Suppliers, their employees or their agents or contractors.

For questions regarding this Code, please email: [email protected].