Governance

Good governance and ethical business practices are the foundation for all of Bittium’s activities.

Sustainability Statement 2024

Corporate Citizenship and Good Governance

Bittium is committed to operating in accordance with the law and regulations in all its operations, adhering to ethical practices. Bittium has a zero-tolerance policy towards bribery and corruption. The company’s goal is to ensure ethical operations and compliance with the corporate culture, and to increase awareness of the principles of responsible business practices through training. Bittium’s corporate culture is based on commitment to shared values ​​and openness.

Good governance and ethical practices are the foundation of all Bittium operations. The business areas represented by the company are subject to strict regulation. Trust is one of Bittium’s values ​​and the cornerstone of business operations. Our customers can trust that we respect the confidentiality of our customer relationships. Bittium wants to be an easy and solution-oriented partner and stakeholder network to engage with. Bittium has an Anti-Corruption Statement and a Code of Conduct that generally address the principles of good business practice.

Bittium’s guiding principles are divided into strategy, values ​​and ethical principles, and mission and vision. Bittium’s values ​​are innovation, courage and trust. The company expects its personnel to act in accordance with its values. Customers and other stakeholders can also expect the company to act in accordance with its values. The visibility of the values ​​in the company’s operations is measured through annual personnel and customer satisfaction surveys. Bittium has a group-wide management system that includes control methods against corruption applicable to all business segments, and anti-corruption guidelines for all personnel.

Business conduct targets:

• We prevent corruption and improve our ethical operating models
  • Updated Code of Conduct and Anti-corruption trainings:
  • 2025: 95% of the personnel
  • 2026: 100% of the personnel

Confidential Customer Relationships and Security

Confidentiality and ensuring information security are an essential part of Bittium’s responsibility. Bittium helps its customers combat threats related to information and national security. The company is known for its information security expertise and secure products for the defense and security industry.

The operations are managed in accordance with an information security management system. The system defines information security objectives, responsibilities and resourcing of functions. The management system brings together information security policies, instructions, templates and requirements set by customers and legislation, including ISO 27001, Katakri and FSC standards and requirements. They cover the information security of all functions and areas of the company.

Bittium uses various technical solutions, methods and practices for information security. Staff are also trained to take responsibility for information security and to report any security incidents and threats they may have detected. Staff are regularly trained to take information security practices into account.

Information security target:

• We will improve the information security of our products and develop new technology for improving information security
  • New security training: 2025: Personnel training coverage 100%

Research and Development Cooperation as Part of Corporate Culture

In Bittium’s operations, research and development cooperation with companies and research institutes is a central part of the corporate culture. Research and development cooperation projects generate innovations related to, for example, information security or well-being, develop the expertise of our own personnel and promote business opportunities.

Bittium’s participation in domestic, European and international information security development projects can influence stakeholders and bring diverse know-how to the company. Through research and development cooperation, Bittium aims to promote the emergence of innovations and improve the overall competitiveness of the industry with high-quality products. Bittium’s cooperation with educational institutions promotes awareness of information security issues among students and teachers and offers the company the opportunity to influence the construction of a sustainable society.

Whistleblowing

1. Introduction – what is whistleblowing, and why is it important?

Our organisation strives to achieve transparency and a high level of business ethics. Our whistleblowing channel offers a possibility to alert the organisation about suspicions of misconduct in a confidential way. It is an important tool for maintaining trust in our operations by enabling us to detect and act on possible misconduct at an early stage. Whistleblowing can be done openly or anonymously.

2. When to blow the whistle?

The whistleblowing channel can be used to alert us about serious risks of wrongdoing affecting people, our organisation, the society or the environment. The service may be used for reporting conduct that may be inconsistent with the Bittium´s Ethical Principles and Code of Conduct, or laws or regulations.

Also reports under the scope of the Finnish Whistleblower Act may be submitted to the channel. In respect of reporting misconduct in the course of the whistleblower´s work, the Finnish Whistleblower Act implementing the European Union´s Whistleblower Directive includes an obligation to establish internal reporting channel through which such whistleblowers can report misconduct. Whistleblower Act prohibits retaliation against whistleblowers (for instance laying off the whistleblower due to the report). To receive the whistleblower protection detailed in the Whistleblower Act, at the time of submitting the report, the whistleblower must be reporting a breach they have discovered in the course of their work, the whistleblower must have a legitimate reason to believe that their information about the breach to be reported is true and the information about the breach is included in the material scope of the Whistleblower Act as set out below.

According to the Whistleblower Act, punishable breaches related to, for example, the following EU or national areas of legislation within a work-related context can be reported to the channel:

• Public procurement (excluding defence and security spending)
• Financial services, products, and markets
• Prevention of money laundering and terrorist financing
• Product safety and conformity
• Traffic safety
• Environmental protection
• Radiation and nuclear safety
• Food and feed safety and animal health and welfare
• Public health as defined by article 168 of the Treaty on the Functioning of the European Union
• Consumer protection
• Protection of privacy and personal data, and security of network and information systems
  
  Read more about the material scope and other requirements of the Whistleblower Act at the official webpage of the Chancellor of Justice of Finland on Whistleblower protection.

Please note that employees are asked to contact their supervisor for issues relating to dissatisfaction in the workplace or related human resources matters, as these issues cannot be investigated in the scope of whistleblowing.

Please note that deliberate reporting of false or malicious information is forbidden. Abuse of the whistleblowing service is a serious disciplinary offence.

3. How to blow the whistle?

There are different ways to raise a concern:

• Alternative 1: Contact a supervisor or manager within our organisation.  
• Alternative 2: Anonymous or confidential messaging through the whistleblower reporting channel to the whistleblowing team: https://report.whistleb.com/en/bittium.
• Alternative 3: If your concern falls under the material scope of the Whistleblower Act and the report has been made in accordance with the said legislation, you may be entitled to report your concern to centralised external reporting channel of the Office of the Chancellor of Justice of Finland or directly to the competent authority. Read more at the official webpage of the Chancellor of Justice of Finland on centralised external reporting channel.

4. The investigation process

The whistleblowing team

Access to messages received through our whistleblowing channel is restricted to appointed individuals with the authority to handle whistleblowing cases. Their actions are logged and handling is confidential. At Bittium, the reports received through the whistleblowing channel are investigated by our whistleblowing team consisting of the Chairman of the Audit Committee and Chief Legal Officer as the admins of the channel, and the selected members of the Bittium´s Sustainability Working Group who oversee or conduct the investigations. If necessary, assistance from corporate or external experts or officials may be needed to conduct an investigation.

Receiving a message

The whistleblower will receive an acknowledgment of receipt of the report within 7 days. Upon receiving a message, the whistleblowing team decides whether to accept or decline the report.

The whistleblowing team may not investigate the reported misconduct if:

• the alleged conduct is not reportable conduct under these Whistleblowing guidelines
• the message has not been made in good faith or is malicious
• there is insufficient information to allow for further investigation
• the subject of the message has already been solved

If the report is declined, the whistleblower will be provided with the reasons for the decision. If the report is accepted, appropriate measures for investigation will be taken.

Investigation

All messages are treated seriously and in accordance with these Whistleblowing guidelines. 

• No one from the whistleblowing team, or anyone taking part in the investigation process, will attempt to identify the whistleblower.
• The whistleblowing team can, when needed, submit follow-up questions via the channel for anonymous communication. 
• A report will not be investigated by anyone who may be involved with or connected to the wrongdoing.
• Whistleblowing messages are handled in absolute confidence by the parties involved.

The whistleblowing team shall inform the whistleblower within three months from the acknowledgment of receipt of the report of the measures to be implemented on the basis of the report.

The whistleblowing channel is administrated by WhistleB, an external service provider. All messages are encrypted. To ensure the anonymity of the person sending a report, WhistleB deletes all meta data, including IP addresses. The person sending the report also remains anonymous in the subsequent dialogue with responsible receivers of the report.

5. Privacy Policy

For information on how we process personal data in the service, please visit our Whistleblowing Channel’s Privacy Policy.