1.1 Purpose and scope of the document
The purpose of Supplier Requirements is to provide information of the global requirements Vuzix has for its suppliers. In order to ensure the quality and consistency of its purchased goods and services, this document defines the guidelines of the Vuzix’ expectations and requirements for suppliers regarding to management responsibility, environment, social and governance. All these requirements apply to all Vuzix suppliers. For more information, please contact your Vuzix contact person.
1.2 Vuzix Supplier Code of Conduct
- The supplier shall commit and agree to the principles of Vuzix Supplier Code of Conduct.
2. Environmental, Social and Governance (ESG)
2.1 Environment, Health and Safety (EHS) requirements
Requirement 1: EHS management system
- The supplier has an EHS policy.
- The supplier has identified health and safety risks and environmental aspects related to its business.
- The supplier’s employees have the possibility to participate actively in monitoring and developing health and safety.
- The supplier monitors and measures their environmental performance as well as EHS related incidents and accidents regularly.
- The supplier has procedures for incident investigation and corrective actions.
- The supplier has regular internal EHS audits.
- The supplier trains all employees on relevant EHS matters.
- The supplier has defined waste management practices.
- The supplier has a written emergency response plan and preparedness procedures to manage EHS risks associated with any emergencies.
Requirement 2: Compliance management
- The supplier has a program or procedure in place to regularly identify and monitor compliance with applicable EHS laws and other requirements.
- The supplier has required licenses and permits to run their operations (such as for air emission, storage or use of hazardous substances, wastewater management, and waste issues).
- The supplier complies with legislation restricting the use of certain substances when applicable (such as RoHS, REACH, TSCA, Packing Directive, Battery Directive, etc.)
- The supplier is able to deliver environmental compliance data of purchased products or parts according to Vuzix’.
Requirement 3: Actions to reduce health and safety risks and to improve environmental performance
- The supplier is able to demonstrate its efforts and activities to reduce environmental impacts.
- The supplier has specified objectives, goals, processes and plans to reduce any known hazard risks.
- The supplier provides the employees with occupational health care and regular health checks, adequate considering the nature of its operations.
- The supplier provides its personnel with necessary protective equipment.
Requirement 1: Ethical business practices
- The supplier has a Code of Conduct or a written Ethics policy.
- The supplier has procedures in place to prevent corruption and criminal activities, including but not limited to bribery, excessive gift-giving, extortion, money laundering or embezzlement.
- The supplier should not deliver to Vuzix any products or services that are from an entity or a person subject to United Nations, European Union, the United States or other applicable sanctions laws and regulations.
Requirement 2: Governance and legal compliance
- The supplier complies with all the laws and regulations of the countries in which it operates.
- The supplier has a system to control compliance with local labor laws, social security and taxes.
- The supplier has a process in place to ensure compliance with internationally recognized Human Rights standards, legislation and conventions (e.g., International Labor Organization (ILO) Core Conventions on Labor Standards, Universal Declaration of Human Rights, the International Bill of Human Rights and UK Modern Slavery Act).
- The supplier conducts regular internal audits of their ethics practices in order to assess conformance with compliance obligations.
Requirement 1: Compliance with labor and human rights
- The supplier has mechanism(s) in place to permit employees to report anonymously their concerns related to labor and human rights, violations of the law or non-compliance with company’s policies.
- The supplier prohibits retaliation against workers and other stakeholders (including those that represent them) for raising concerns related to labor and human rights.
- The supplier conducts regular internal audits of its labor practices in order to assess conformance with compliance obligations.
- The supplier has established, documented, maintained and continually improves its Corporate Social Responsibility policy or program.
- The supplier has policies that prohibit forced labor and child labor, and the supplier complies with the local minimum working age laws or the ILO standards. The supplier verifies the ages of all of its young workers.
- The supplier has written policies and guidelines to prevent discrimination in hiring, promotion, equal pay, benefits, and training based on race, color, age, gender, sexual orientation, personal opinions, gender identity and expression, ethnicity or national origin, disability, pregnancy, religion, political affiliation, union membership, covered veteran status, protected genetic information or marital status.
- The supplier has a formal, written policy that clearly states a commitment to prevent physical and mental harassment and abuse in the workplace.
- The supplier has a policy on regular hours and overtime that is communicated to all workers. This policy must be in accordance with the applicable ILO standards and national laws and regulations concerning maximum hours and minimum breaks and rest periods. In addition, the supplier has a system to track working hours of its workers.
- The supplier has procedures in place to ensure all workers are paid at least the legal minimum wage for standard working hours and that this wage is adequate to cover basic living costs (living wage).
- The supplier provides all employees employment conditions in a clear and understandable written form in a language understood by the employee.
- The supplier shall not use involuntary labor, including but not limited to forced, slave or human trafficked labor. The supplier does not restrict workers’ freedom of movement, for example, through the retention of their personal identification or travel documents. In addition, the supplier shall not use third party recruitment agencies or labor providers who provide forced labor.
- If parts or products supplied to Vuzix by the supplier contain tin, tantalum, tungsten or gold, the supplier must ensure responsible sourcing of these minerals and report to Vuzix using the most recent RMI Conflict Minerals Reporting Template.
- Supplier shall manage its suppliers according to a documented process.
- Supplier shall have a documented procedure for its supplier evaluation and approval.
- Supplier shall monitor the performance of its supplier using key performance indicators.
- Supplier shall ensure that all applicable requirements and contractual obligations from Vuzix are transferred to its suppliers.
Requirement 1: General security and risk management
- Supplier shall have company management approved security policies and guidelines which are reviewed on regular intervals. Supplier shall have a nominated resource defined for security related matters.
- Supplier shall have electronics access control system to the data centre and server room. There shall be a sufficient fire protection and firefighting system for the data centre and server room.
- Supplier shall have procedures for emergency situations such as fire or any natural disasters.
- The supplier has a process to identify, evaluate and treat risks.
- The supplier has a business continuity plan that must contain contingency plans in the event of significant accidents/disasters/key equipment failures/utility interruptions. This plan should also allow for the safeguarding, storage and recovery of drawings, specifications, tooling and other critical information and materials in the event of damage or loss.
- Vuzix has the right to periodically audit the supplier for its compliance with the Vuzix Supplier Requirements.
- The supplier shall have adequate general and product liability insurance covering their services and products supplied to Vuzix, and upon request, provide a certificate of such insurance.
- Supplier shall have a procedure to protect unauthorized access to its facilities and confidential business information of Vuzix.
Requirement 2: Information security
- The supplier has commercially reasonable and acceptable information security and confidentiality controls in place, including but not limited to information classification, access management, documentation retention, contingency management (such as backups and malware protection) and encryption.
- The supplier has procedures in place to identify and report information security incidents.
Vuzix must be promptly informed if an incident is anyhow related to Vuzix or will impact its supply of products or services.
- The supplier has information security requirements and processes in place and functional and will ensure all subcontractors who play a part in the supply chain of delivery of goods or services to Vuzix.
- The supplier materially complies with Vuzix’ Supplier Information Security Requirements
- The supplier complies with applicable legislative, regulatory and industry data security and privacy requirements such as EU General Data Protection Regulation (GDPR).
- Supplier has a background checking procedure for personnel in security critical positions.
Requirement 3: Product Safety, Security and Liability
- Supplier shall have a procedure to proactively communicate any potential product safety, security or liability related issues to Vuzix.