Code of Conduct Policy - Korr

Purpose

This Code of Conduct establishes expectations for ethical behavior and professional standards for all employees, contractors, and partners. It supports our commitment to SOC 2 principles—ensuring security, availability, processing integrity, confidentiality, and privacy in all our operations.

Core Principles

Respect & Integrity

• Treat all colleagues, clients, and partners with fairness, courtesy, and professionalism
• Communicate honestly and transparently
• Avoid conflicts of interest and promptly disclose any that may arise

Accountability

• Take responsibility for your actions and decisions
• Report any unethical behavior, suspected misconduct, or security breaches immediately

Data Privacy & Security

• Protect sensitive, confidential, and personal information
• Adhere to all internal policies and legal/regulatory data protection requirements

Ethical AI Practices

• Develop, deploy, and maintain AI systems responsibly
• Strive to minimize bias and ensure fairness in all AI solutions

Compliance

• Follow all applicable laws, industry standards, and internal policies
• Non-compliance may lead to disciplinary actions, including termination or legal proceedings

Acceptable Use Policy (AUP)

1. Scope and Objective

This policy governs the use of Korr's systems, networks, and data to protect assets, ensure secure technology operations, and maintain SOC 2 compliance.

2. Authorized Use

Business-Only Use

• Use Korr resources strictly for authorized, business-related activities

Access Control

• Access to systems and data is limited to authorized individuals
• Apply the principle of least privilege when accessing sensitive information

3. Prohibited Actions

Unauthorized Activities

• Do not use Korr systems for illegal, unethical, or unauthorized purposes
• Avoid activities that may compromise system security (e.g., unauthorized access, data exfiltration, malicious software)

Misuse of AI Systems

• Do not deploy or modify AI systems in ways that could cause harm or violate privacy, confidentiality, or ethical standards

4. Data Security and Confidentiality

Protection Measures

• Employ strong passwords, multi-factor authentication, and follow secure coding practices
• Handle all sensitive and personal data according to Korr policies and SOC 2 requirements

Disclosure Restrictions

• Do not share confidential or proprietary information with unauthorized parties

5. Monitoring and Enforcement

Monitoring

• Korr reserves the right to monitor system usage and data access to ensure compliance with this policy

Enforcement

• Violations may result in disciplinary actions, including termination of access, employment, or contractual relationships
• Legal action may be pursued for serious violations

6. Reporting and Policy Updates

Incident Reporting

• Immediately report suspected breaches or violations to appropriate authority within Korr

Policy Review

• This policy will be reviewed annually and updated based on legal, regulatory, and operational requirements

This policy will be reviewed annually and updated based on organizational needs and industry best practices.