Weโre pleased to share that we have successfully transitioned to the ISO/IEC 27001:2022 standard! This is a major milestone for us as a SaaS provider and reflects our commitment to maintaining the highest standards of security, confidentiality, and operational excellence.
| Question | Funds-Axis Response |
|---|---|
| Legal Name | Funds-Axis Limited |
| Tax and Registration Number | 05400848 GB 874534987 |
| Legal Entity Identifier (LEI) | 9845007J8C4E61FAA335 |
| Country of Headquarters | UK |
| Industry Classification | 62012 - Business and domestic software development 63120 - Web portals 66190 - Activities auxiliary to financial intermediation not elsewhere classified Cloud Computing Policy Issue 2.1 Page 5 of 16 74909 - Other professional, scientific and technical activities not elsewhere classified |
| Identification Code and Code Type | 62012 - Business and domestic software development 63120 - Web portals 66190 - Activities auxiliary to financial intermediation not elsewhere classified 74909 - Other professional, scientific and technical activities not elsewhere classified |
| Registered Address | 12 Gough Square, London, England, EC4A 3DW |
| Postal Address | 4A Weavers Court, Belfast BT12 5GH |
| Website | https://funds-axis.com/ |
| Does your organisation have professional indemnity insurance? | Funds-Axis holds professional indemnity insurance with a coverage limit of ยฃ5,000,000. |
| Question | Funds-Axis Response |
|---|---|
| What is the name of the service and its modules? | HighWire โ a cloud-based RegTech platform with modules for Investment Compliance, Regulatory Reporting, Shareholder Disclosures, Investor Communications, Risk Monitoring, Sanctions & ESG Monitoring, and NAV Oversight. |
| Is the solution cloud-based or locally hosted? | AWS Cloud. |
| Is the service offered as technology-only, managed, or both? | Both options are available. |
| Does the service include data feed validation? | Yes. Validation occurs at file level, during upload, and within the system using data quality rules and reports. |
| When are monitoring results typically available? | Typically within 2 hours, depending on data delivery timing. Results can be near-instantaneous. |
| Are users notified when monitoring results are ready? If so, how? | Yes โ via automated emails, in-system alerts, and managed service team notifications. |
| How many regulatory rules are included in the rules engine/library? | ~3,000 rules across jurisdictions, including ~1,500 prospectus rules. Coverage includes UCITS (UK, Ireland, Lux, Malta), RIAIF, QIAIF, IA sector rules, and others (e.g., US 1940 Act, HK, Singapore, Canada). |
| What regulatory frameworks form the basis of the rules library? | Based on UCITS, COLL, NURS, QIS, FAIF, LTAF, and other regulatory frameworks. UK-specific nuances are included. |
| What types of logic and conditions can the rules engine support? | Supports rules at all operational levels, asset types, and groupings. Handles eligibility, diversification, ownership, borrowing, and various calculation methods (MV, notional, etc.). |
| Are regulatory rule updates included as part of the service? | Yes. Regulatory libraries are actively maintained. |
| Question | Funds-Axis Response |
|---|---|
| What is the name of the module? | Investor Communications. |
| What solutions does the module cover? | Document Production incl widgets, Calculations, Hosting and Dissemination. |
| Is the service offered as technology-only, managed, or both? | Both options are available. |
| What documents do you produce? | Theoretically we can produce any document. |
| What document types to you have templates for? | UCITS/NURS KIIDs, EU/UK PRIIPs KIDs, CCI, Past Performance Documents and Factsheets. |
| Do you cater for translations? | Yes, documents can be produced in any languages. |
| Is there document approval cycle functionality? | Yes. |
| Is there access to a document library? | Yes. |
| Do you provide hosting services? | Yes, we provide permalinks which means that links on your website for documents only need to be set up once. |
| Do you disseminate documents? | Yes, we have automated document transfer mechanisms in place with the main data vendors. |
| Question | Funds-Axis Response |
|---|---|
| Please describe your typical implementation process, including key phases and indicative timelines. | Funds-Axis follows a structured and collaborative implementation approach designed to ensure a smooth and efficient onboarding experience for all clients. While specific timelines and activities may vary depending on the scope and complexity of the solution, the typical implementation process includes the following key phases: Requirements Specification We work closely with clients during the pre-contract and onboarding phases to validate and refine requirements. This ensures alignment with business objectives and regulatory needs. Infrastructure Setup Standard infrastructure setup is typically completed within a short timeframe, often within one business day, depending on client-specific configurations. System Configuration and Development Our solutions are highly configurable. Where required, we implement tailored rule sets, workflows, or data integrations to meet client-specific needs. Full system development is generally not required. Report Formatting and Configuration Standard reporting templates are available, and we support configuration or customization based on client preferences or regulatory requirements. System Testing Internal testing is conducted to ensure system readiness and alignment with agreed specifications. This includes validation of rules, data flows, and reporting outputs. User Acceptance Testing (UAT) Clients are supported through a structured UAT phase, with guidance and documentation provided to ensure confidence in the solution prior to go-live. Process Mapping Our Customer Success team collaborates with clients to define and document operational processes, governance controls, and escalation procedures. This is typically delivered through interactive workshops. Training Comprehensive training is provided to client teams, including access to online resources, documentation, and tailored in-person or virtual sessions as required. Go-Live Support Dedicated support is provided during the go-live phase to ensure a smooth transition to live operations, including assistance with final testing and operational readiness. Post-Live Support Following go-live, clients are supported by our Business-as-Usual (BAU) and Managed Services teams, who provide ongoing assistance, monitoring, and change management support. |
| Please describe your approach to data integration, migration, and testing. | Funds-Axis has established data integrations with a wide range of third-party administrators and data providers. These integrations support automated data ingestion across all major asset classes and are designed for rapid deployment. Our data migration and integration processes are fully automated, with built-in validation and exception handling. The platform provides full visibility into data upload success and highlights any discrepancies or failed records. Testing is embedded throughout the process, including automated checks such as NAV tolerance testing, which ensures that uploaded portfolio values align with official NAVs. This ensures data accuracy and integrity from day one. |
| What is the typical implementation timeline for out-of-the-box solutions (excluding Investor Communications), and what factors may influence delivery? | For a standard out-of-the-box implementation, the typical timeline is approximately 4 to 6 weeks, depending on the scope and readiness of client inputs. This includes core system setup, configuration, rule implementation, and testing. Common factors that may impact timelines include: Availability of client resources and responsiveness Use of multiple data administrators or custom data feeds Delays in receiving or validating data Complexity or volume of bespoke rule requirements Concurrent onboarding projectsIncomplete or evolving business requirements We provide a generic project plan to guide expectations, but timelines are always tailored based on each client's specific needs and environment. |
| What is the typical implementation timeline for Investor Communications, and what factors may influence delivery? | For Investor Communications, the typical implementation timeline is around 4 weeks from the point all required data is provided. This includes system setup, configuration of communication templates, and testing. Delivery timelines may vary based on: Timeliness and completeness of client data Scope of services selected (e.g., factsheets, KIIDs, EETs, etc.) Customisation of templates or workflows Availability of client stakeholders for reviews and approvals We provide a tailored project plan based on the specific services selected and your operational environment. |
| What are the typical data sources required for the service, and what key data points are needed? | Funds-Axis supports integration from a wide range of data sources. While we can work with any provider, fund accounting data is typically preferred for its completeness and reliability. Common data sources include: Fund Accounting Systems โ for holdings, valuations, transactions, and NAV Custodians โ for custody cash and liquidity-related data ACDs โ for fund-level attributes and compliance parameters PMS/OMS โ for pre-trade and order-level data Third-party vendors โ for security master and pricing data (e.g., ICE, Bloomberg) Additional sources relevant to Investor Communications include: Static data โ such as share class details and fund identifiers Chart of accounts and trial balances Historic performance data Dividends, AUM, and share class prices Key data points typically required: Holdings and valuations Transactions and cash flows NAV and share class details Security identifiers and classifications Prospectus and regulatory parameters Custody cash balances (if applicable) Performance history, dividends, and AUM Static and financial data for reporting We offer flexible integration options tailored to each clientโs operational setup and selected services. |
| How is source data typically transmitted to your platform? Please describe supported methods for all data sources. | Funds-Axis supports a variety of secure data transmission methods to accommodate different client and provider setups. The most commonly used and preferred method is secure file transfer protocol (sFTP). Other supported methods include: API integrations, where available Direct download from provider portals, subject to client-authorised access Encrypted email, used in limited, controlled scenarios Manual upload via the platform, for ad hoc or exception-based data For established data providers, we typically coordinate with the provider to set up access, configure reporting, and automate data retrieval. This may involve client authorisation to access specific portfolios or data sets via the provider's portal or reporting environment. Our approach is flexible, secure, and designed to minimise client effort while ensuring reliable and timely data delivery. |
| What third-party data feeds are required or supported for the service, and how are they typically sourced? | Funds-Axis supports a wide range of third-party data feeds to meet regulatory, operational, and reporting requirements. Our platform is data-source agnostic and integrates with most industry-standard providers. Commonly supported data types and sources include: Holdings Data โ Typically sourced from fund administrators or custodians; foundational for portfolio and reporting services. Security and Issuer Data โ Can be client-provided or sourced via ICE, Bloomberg, Refinitiv, or Morningstar. Includes identifiers, classifications, issuer details, and pricing. Index Constituent Data โ Required for benchmark-relative reporting or index-based rules. Derivative Instrument Data โ Includes underlying asset, price, contract size, and delta; available for standard instruments. CIS (Collective Investment Schemes) Data โ Covers UCITS classification, investment restrictions, and asset class breakdowns. Investor Communications-specific data โ Often sourced from the fund administrator and includes share class prices, AUM, dividends, static data, and performance history. We maintain integrations with major fund administrators and prime brokers, enabling efficient onboarding and data flow. Where needed, we can also source data directly (e.g., via ICE). |
| Do clients need to arrange licenses for third-party data feeds, or are any provided under your agreements? | Funds-Axis offers flexibility in how third-party data is sourced and licensed. Clients have two main options: Use of Funds-Axis Licensed Data We maintain licensing agreements with selected data providers (e.g., ICE) and can supply security and ratings data directly under our license. This is available for a fixed fee (e.g., ยฃ6 per security, up to 6,000 unique securities) and includes access to key data such as security identifiers, classifications, and credit ratings. This approach can reduce implementation time and simplify onboarding. Please note: when using our licensed data, there may be restrictions on how the data can be extracted or stored outside the platform, in line with provider licensing terms. Client-Supplied Data Alternatively, clients may choose to provide their own licensed data from providers such as Bloomberg, Refinitiv, Morningstar, or others. In this case, the client is responsible for ensuring appropriate licensing is in place. We are happy to support either model and will work with clients to determine the most efficient and compliant approach. |
| Do you provide a demonstration or test environment for user acceptance testing (UAT) and familiarisation prior to go-live? | Yes, Funds-Axis provides access to a dedicated client environment to support user acceptance testing (UAT) and familiarisation with the platform. Rather than using a generic demo site, we prioritise giving clients early access to their own configured environment, as this allows for more meaningful testing using familiar data and workflows. Within this environment, clients will also have access to: Sandbox portfolios pre-loaded with test data Custom test portfolios for bespoke testing scenarios Full platform functionality to simulate live operations This environment is typically available within two weeks of project initiation, enabling clients to begin testing and training well in advance of go-live. |
| What controls and procedures do you have in place to ensure a smooth transition during client onboarding? | Funds-Axis follows a structured and quality-assured onboarding process designed to ensure a smooth and efficient transition for every client. Our approach minimises client effort while ensuring a fully configured, tested, and ready-to-use platform within a typical timeframe of 4 weeks. Key control procedures include: Dedicated Onboarding Management A named project manager to oversee delivery A time-bound, standardised project plan A comprehensive onboarding pack including training and test documentation Quality Assurance & Internal Governance Internal project approval and oversight processes Standardised implementation and testing plans Multi-stakeholder internal sign-off, including compliance, risk, data, and automation teams Robust Testing Framework Internal testing by the implementation team prior to handover Independent review by the Managed Services team to validate readiness Multi-layered testing including data validation, rule execution, and exception handling Clients are provided access to their configured environment, along with training and support, ensuring they are fully prepared for go-live with minimal disruption. |
| Question | Funds-Axis Response |
|---|---|
| What Service Level Agreements (SLAs) govern the client relationship? | Funds-Axis operates under a structured SLA framework that covers all key aspects of service delivery and support. This typically includes: Managed Services SLA - Outlines the scope, responsibilities, and performance standards for any bespoke managed services provided. Change Request SLA - Defines timelines and procedures for handling client-initiated system changes or enhancements. Support SLA - Covers the classification, response, and resolution times for bugs, issues, and support queries. These SLAs are designed to ensure transparency, accountability, and high service quality throughout the client relationship. Full SLA terms are provided during onboarding and can be tailored to meet specific client needs. |
| Can clients request amendments to the SLA to reflect their evolving business needs? | Yes, Funds-Axis is flexible in tailoring Service Level Agreements to meet individual client requirements. We are happy to work collaboratively with clients to create or amend SLA terms - particularly within the Managed Services SLA - to ensure alignment with evolving business priorities, operational models, or regulatory obligations. |
| What is the process for raising and escalating complaints or concerns? | Clients have access to multiple contact points, including operational staff, team leads, and account managers. Regular meetings (e.g., operational check-ins and quarterly SLA reviews) provide structured opportunities to raise issues. Concerns can also be escalated at any time through the defined contact chain, up to senior management. Full details are provided in the supporting documentation. |
| How frequently are formal service reviews conducted? | Formal service reviews are typically held on a quarterly basis. In addition, service performance is monitored internally on a monthly basis to ensure ongoing compliance with agreed standards. |
| What management information (MI) is provided to track SLA performance? | SLA performance is tracked through multiple channels: For managed services, daily operational data is recorded, including delivery times against agreed targets. This is reviewed during service meetings. For issues and change requests, items are logged and tracked in an internal system based on priority. Progress updates and SLA status reports are shared regularly and discussed during operational meetings. All relevant MI is available to support performance transparency and continuous improvement. |
| Will a dedicated relationship manager and service representative be assigned to our account? | Yes, a named Relationship Manager will be assigned to your account to ensure consistent communication and support. |
| Do you conduct regular review meetings with clients? If so, how often? | Yes, regular review meetings are held with clients. The frequency and structure are tailored to each clientโs needs and outlined in the supporting documentation. For most modules, this typically includes weekly, bi-monthly, or monthly operational calls, along with formal quarterly SLA reviews. For the Investor Communications module, meetings are generally held monthly, with increased frequency during project implementation phases. |
| Where will our account be serviced from? | Your account will be primarily serviced from a central office location within your time zone, ensuring direct support and account management. Additional support may be provided by remote teams in other regions to enhance operational and technical coverage. |
| What training will be provided to help us understand your services and systems? | Initial training is delivered during onboarding through tailored sessions covering system functionality, workflows, and best practices. Ongoing training is available at a frequency aligned with your team's needs, including ad-hoc sessions for new features or specific queries. Training can be customised by user role, and supplemental materials are provided for self-paced learning and reference. |
| How do you support clients in staying informed about regulatory changes? | We actively monitor regulatory developments and provide timely updates through built-in tracking features and client communications. Each change is assessed for system impact, and necessary updates are incorporated into our product roadmap. Key support includes: Automated Updates: System changes are implemented automatically to maintain compliance. Client Notifications: Clients are proactively informed about relevant updates and their implications. System Enhancements: New data fields, reports, or rules are added as needed to reflect regulatory requirements. Details of recent or upcoming changes are shared through regular updates and supporting documentation. |
| Question | Funds-Axis Response |
|---|---|
| Describe the end-to-end user journey for your product or portal. | We simplify complex processes. Clients submit data, which is automatically transformed, enriched, and loaded. Supplementary data is integrated, followed by calculations and rule-based checks. Results are displayed in a compliance workflow with full breach history. All holdings and calculations, including leverage, are accessible with time-stamped records. |
| How is portfolio data fed into your system? | Data is typically sent via secure sFTP for automated transformation and upload. We can also retrieve data from administrator portals, accept secure emails, or support manual uploads. |
| How is market data integrated? Do you support multiple vendors (e.g., Bloomberg, LSEG)? | Yes, we support defined integrations with major market data providers, including Bloomberg, ICE, and LSEG Refinitiv. |
| What data quality checks are built into the system? | Comprehensive checks occur at multiple stages: upon data receipt, during upload (e.g., mandatory fields, valid values), and within the system itself. |
| Can users add new variables or data fields to the system? | Users can create custom data items using existing fields, which can also be used in rules. While on-demand field creation is limited by design, additional fields can be added upon request. The system already includes hundreds of predefined elements for regulatory and reporting needs. |
| How does the system manage missing data? | Handling varies by data type. The system uses automated ETL processes to enrich or repair missing or invalid data. Options include blocking file or record uploads, applying default values, or leaving fields blank - depending on the scenario. |
| What user profiles are available in the system? | User access is fully configurable across modules, portfolios, permissions, and rules. We also offer recommended standard profiles to streamline setup. |
| What additional data is required for the product or specific features to function? | Core data includes holdings, security, and issuer-level information. Additional data may be needed based on functionality - e.g., index constituents for rule checks, derivative details (underlying, price, contract size, delta), and comprehensive CIS data for regulatory and mandate rules. We can provide much of this data as a service. |
| How can results and reports be accessed or extracted from the system? | Results and reports can be accessed manually or delivered via scheduled reports, including email distribution. |
| Do you offer standard data interfaces for connecting with external data providers? | Yes, we have integrations with 30+ administrators and data vendors. While not API-based, these enable seamless receipt, transformation, and upload of standard files. |
| Question | Funds-Axis Response |
|---|---|
| Do you enforce least privilege and role-based access control? | Yes, we follow AWS IAM best practices, including least privilege, role-based access, and multi-factor authentication (MFA). |
| Do you use AWS IAM Access Analyzer? | Yes, we use AWS IAM Access Analyzer to continuously monitor and analyze permissions granted to our AWS resources. |
| How do you monitor your cloud security posture? | We use AWS Security Hub to continuously monitor and assess our cloud environment for compliance and security risks. |
| Are your container images scanned for vulnerabilities? | Yes, Amazon Inspector is used to scan container images stored in Amazon ECR. |
| How do you manage secrets and credentials? | We use AWS Secrets Manager with automatic rotation for secure storage and management of secrets. |
| Are backups performed regularly? | Yes, we use AWS Backup to automate and manage backups across our environment. |
| How do you ensure governance and compliance across your cloud infrastructure? | We use AWS Config to continuously evaluate the configuration of AWS resources against compliance rules and best practices. |
| How do you monitor and log activities in your environment? | We use AWS CloudTrail and Amazon CloudWatch for comprehensive logging and monitoring of activities in our environment. |
| Do you have a SIEM in place? | Yes, we use SumoLogic for centralised log aggregation, monitoring, and alerting. |
| How do you detect and respond to threats? | We use Microsoft Defender for real-time threat detection and automated response, supported by documented incident response playbooks. |
| Question | Funds-Axis Response |
|---|---|
| Do you have a security and privacy program with documented policies? | Yes, we maintain a formal Information Security Management System (ISMS) aligned with ISO 27001 and a Quality Management System (QMS) aligned with ISO 9001. These include documented policies covering information security, privacy, access control, cloud usage, and incident response. Policies are reviewed and updated regularly to reflect evolving risks and regulatory requirements. |
| Are your privacy and security policies publicly available? | Yes, our core policies, including Privacy, Information Security, and Quality, are published on our website for transparency and stakeholder assurance. |
| Is there a designated security/privacy lead? | Yes, a Chief Information Security Officer (CISO) or equivalent role is responsible for overseeing our security and privacy programs, ensuring compliance, and managing risk. |
| Who can be contacted for security/privacy enquiries? | Security and privacy-related inquiries can be directed to our CISO or designated security contact, whose details are available upon request. |
| Do you hold any security or privacy certifications? | Yes, we are certified under ISO 27001 for information security and ISO 9001 for quality management, demonstrating our commitment to best practices and continuous improvement. |
| Do you provide security awareness training? | Yes, all staff undergo security awareness training during onboarding and annually thereafter. Training covers key topics such as data protection, phishing, social engineering, and incident reporting, with regular updates on emerging threats. |
| How are security and privacy policies enforced and communicated? | Policies are enforced through onboarding, annual training, and regular internal communications. Updates and reminders are issued by our security team to ensure ongoing awareness and compliance. |
| Can you demonstrate compliance with your security and privacy program? | Yes, we hold ISO 27001 and ISO 9001 certifications, undergo annual external audits, and conduct regular internal audits to validate the effectiveness of our controls. |
| Do you assess compliance of third-party vendors? | Yes, all third-party vendors are subject to annual reviews and must comply with our security and privacy requirements as outlined in our vendor management policy. |
| Do you assess third-party vendors and control their data access? | Yes, all third-party vendors are subject to due diligence and annual reviews. Access to client data is restricted and only granted under specific, controlled circumstances, if at all. |
| Question | Funds-Axis Response |
|---|---|
| Do your systems and procedures meet GDPR Article 32 requirements for data security? | Yes, our systems, IT infrastructure, and data protection procedures comply with Article 32 of the GDPR, ensuring the security, integrity, and confidentiality of all data, including investor information. |
| Are you compliant with data protection regulations in relevant jurisdictions? | Yes, we comply with all applicable data protection regulations across the jurisdictions in which we operate. Our Data Protection Policy outlines our approach to safeguarding personal and sensitive data, including defined processes and responsibilities. |
| Does your Privacy Notice meet GDPR requirements? Please provide a link. | Yes, our Privacy Notice complies with GDPR requirements. It is publicly available at https://funds-axis.com/privacy-cookies/. |
| Please provide DPO contact details or explain why a DPO is not appointed. | Trevor Dempster, our Chief Information Security Officer (CISO), currently fulfils the responsibilities of a Data Protection Officer. He can be contacted at trevor.dempster@funds-axis.com for any data protection enquiries. |
| Who is your EU Representative under GDPR Article 27, if applicable? | Trevor Dempster serves as our EU Representative under Article 27 of the GDPR and can be contacted at trevor.dempster@funds-axis.com. |
| How often are your data protection policies reviewed? | Our data protection policies and procedures are reviewed annually to ensure ongoing compliance with regulatory requirements and industry best practices. |
| Do you transfer personal data to any sub-delegates? | No, we do not transfer personal data to any sub-delegates. As standard, we do not collect or process personal data beyond user email addresses. |
| If yes, please list sub-delegates, their locations, and data storage locations. | We have a wholly owned subsidiary and a managed services team based in India that support technology development and infrastructure maintenance. However, we do not collect or process personal data beyond user email addresses. |
| Will you provide advance notice of new sub-delegates, especially for non-EEA data transfers? | Confirmed. We will provide advance notification of any new sub-delegates, particularly where data transfers to non-EEA countries are involved. |
| Are sub-delegates contractually required to meet GDPR standards, including safeguards for non-EEA transfers? | Yes, all sub-delegates are contractually required to provide data protection equivalent to GDPR standards. Non-EEA data transfers are safeguarded using mechanisms such as Binding Corporate Rules or EDPB-approved Standard Contractual Clauses. |
| Question | Funds-Axis Response |
|---|---|
| Do you have a charity or philanthropy programme? Please summarise recent activity. | Yes, we have a Charity Committee that coordinates regular fundraising and volunteering initiatives. We are proud corporate sponsors of several organisations, including: Action Cancer โ providing cancer prevention, detection, and support services in Northern Ireland. NSPCC Northern Ireland โ working to protect children and prevent abuse. Basis.Point โ supporting educational equality for children experiencing disadvantage in Ireland. Our employees actively participate in events supporting these causes throughout the year. |
| Do you have a diversity and inclusion policy? | Yes, we have a formal Diversity & Inclusion policy that promotes an inclusive, respectful, and equitable workplace for all employees. |
| Do you use zero-hour contracts? | No, we do not use zero-hour employment contracts. |
| Are you compliant with all relevant labour laws and regulations? | Yes, we comply with all applicable labour laws and employment regulations in the jurisdictions where we operate. |
| Do you have a health and safety policy? | Yes, we maintain a comprehensive Health & Safety policy to safeguard the well-being of our employees and ensure a safe working environment. |
| Are you aligned with the UN Global Compact Principles? | Yes, we are committed to the UN Global Compact Principles, integrating sustainability, ethical conduct, and responsible business practices across our operations. |
| Have you appointed a Head of ESG or equivalent? | Yes, ESG and sustainability oversight is provided at Board level, ensuring strategic alignment and accountability across the organisation. |
| Do you have a waste management policy? | Yes, our Waste Management Policy is embedded within our Physical Security Procedure, ensuring responsible handling, disposal, and environmental compliance across our operations. |
| Do you have an energy management policy? | Yes, energy management is addressed within our Community and Social Responsibility Policy, reflecting our commitment to energy efficiency and sustainable operational practices. |
| Do you have an ESG, environmental, or sustainability policy? | Yes, we follow a comprehensive Community and Social Responsibility Policy that incorporates environmental sustainability, ethical conduct, and responsible business practices. |
