Code of Business Ethics and Conduct

Version 0.4 – Effective Date: 02/28/2023


At Coalfire Federal, we are driven by our mission: to make the world a safer place by solving our client’s toughest cybersecurity challenges. But we don’t just want to make the world a safer place, we want to make it a better place. Coalfire Federal is committed to enhancing our environment, enriching our communities, and encouraging inclusion and diversity in everything we do. We strive to run our business in a responsible and sustainable way, and we consider it our corporate responsibility to understand and manage our social and environmental impact.

  • We strive for excellence and provide an inclusive, respectful, and rewarding work experience for all employees.
  • We operate with integrity, following all international labor laws and abiding by human rights standards.
  • We work together to volunteer, give back, and bring meaningful change to our communities.
  • We lead the industry in promoting women and supporting veterans in cybersecurity.
  • We respect privacy and protect the personal data of our employees, clients, and vendors.
  • We enthusiastically identify opportunities to reduce waste and minimize our impact on our environment.

We expect all team members, contractors, and partners to act in the spirit of this statement when conducting business on behalf of Coalfire Federal. Together, we can make a positive impact and leave our communities, and our planet, in a better place.


At Coalfire Federal, we are committed to fostering a culture of inclusion and diversity. We believe that the individual differences of our employees make our business stronger and more successful. Our human capital is our greatest asset, and the collective sum of your individual differences, life experiences, knowledge, innovation, self-expression, and talents represent a significant part of not only our culture, but also our reputation. By respecting these differences, we can offer all employees an equal opportunity to succeed.

We embrace and encourage our employees’ differences in age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, military status, and other characteristics that make each of us unique.

Coalfire Federal is committed to providing a work environment that supports gender and diversity equity. All Coalfire Federal team members the Board of Directors, consultants, subcontractors and other third parties who are authorized to act on behalf of our company are expected to treat others with dignity and respect at all times.


The success of our business is dependent on the trust and confidence we earn from our employees, customers and suppliers. We gain credibility by adhering to our commitments, displaying honesty and integrity and reaching company goals solely through honorable conduct. It is easy to say what we must do, but the proof is in our actions.

When considering any action, it is wise to ask: will this build trust and credibility? Will it help create a working environment in which we can succeed over the long term? Is the commitment I am making one I can follow through with? The only way we will maximize trust and credibility is by answering “yes” to those questions and by working every day to build our trust and credibility.


We all deserve to work in an environment where we are treated with dignity and respect. Coalfire Federal is committed to creating such an environment because it brings out the full potential in each of us, which, in turn, contributes directly to our business success.
Coalfire Federal is an equal employment and affirmative action employer and is committed to providing a workplace that is free of discrimination of all types from abusive, offensive or harassing behavior. Any employee who feels harassed or discriminated against should report the incident to his or her manager or to human resources business partner.


Coalfire Federal is committed to achieving the highest standard of professionalism and ethical conduct in its operations and activities. We do not tolerate inappropriate behavior wherever it may occur. As such, employees are expected to conduct themselves according to the highest ethical standards of conduct and comply with all applicable laws. We are all responsible for maintaining the reputation of our company and our culture during work, at work functions, on or off the work site, and at all other company-sponsored and participative events, and we pride ourselves on building a business with high integrity, great people, excellent products and services, and highly satisfied customers. Essential to this is the spirit of fairness, honesty, cooperation and teamwork with and among all employees.

As a Coalfire Federal employee, you are expected to:

  • Live the Coalfire Way
  • Treat others with kindness
  • Be courteous and helpful when interacting with clients and colleagues


Coalfire Federal prohibits unlawful harassment due to age, race, sex, color, national origin, disability, military status, genetic information, or any other status protected by applicable state or local law.

We will not tolerate any unlawful harassment of our employees by anyone, including supervisors, employees, co-workers, customers or vendors.

Unlawful harassment includes verbal or physical conduct that has the purpose or effect of substantially interfering with an individual’s work performance or creating an intimating, hostile or offensive work environment.


Coalfire Federal strongly opposes sexual harassment and inappropriate sexual conduct. Sexual harassment is defined as unwelcome sexual advances, requests for sexual favors, and other verbal or physical conduct of a sexual nature, when:

  • Submission to such conduct is made explicitly or implicitly a term or condition of employment.
  • Submission to or rejection of such conduct is used as the basis for decisions affecting an individual’s employment.
  • Such conduct has the purpose or effect of unreasonably interfering with an individual’s work performance or creating an intimidating, hostile, or offensive work environment.

As a Coalfire Federal employee, you are always expected to conduct yourself in a professional manner.


In the spirit of fostering safe and comfortable environment for all employees, Coalfire Federal is strongly opposed to violence in all forms in the workplace. Violent behaviors may include, but are not limited to, physical and/or verbal intimidating, threatening or aggressive conduct, vandalism, sabotage, arson, use of weapons and bullying.

Workplace bullying is repeated mistreatment through verbal abuse, offensive conduct/behaviors, and work interference.

Coalfire Federal also prohibits the possession of weapons on company property, regardless of whether you possess a concealed carry permit, subject to any state restrictions placed on Coalfire Federal with respect to applicable “guns-at- the-workplace” laws.

Instances of workplace violence should be reported immediately. All employees should feel comfortable coming forward with questions or concerns. All reports will be investigated, and violations will not be tolerated.

You should directly contact law enforcement, security, and/or emergency services if you believe there is an imminent threat to your safety and health or that of your co-workers.


Coalfire Federal is committed to protecting the security of the personal information we collect, and we take reasonable physical, electronic, and administrative safeguards to help protect information from unauthorized or inappropriate use. Coalfire Federal, and anyone processing data on our behalf, must ensure data is:

  • Processed fairly, lawfully and in a transparent manner.
  • Collected for specific, explicit and legitimate purposes and is limited to the minimum data necessary to accomplish business objectives.
  • Not collected maliciously, indiscriminately, or without a reasonable business purpose.
  • Adequate, relevant, and limited to what is necessary for the intended purpose.
  • Accurate, and where necessary, kept up to date.
  • Maintained only for the period necessary for processing or otherwise required by applicable law or regulatory requirements.
  • Processed in accordance with applicable laws and in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

Coalfire Federal safeguards the PII of all our employees and PII is only disclosed for legitimate business purposes when legally required and authorized.


At Coalfire Federal everyone should feel comfortable to speak his or her mind, particularly with respect to ethics concerns. Managers have a responsibility to create an open and supportive environment where employees feel comfortable raising such questions. In any business, ethical behavior does not simply happen; it is the product of clear and direct communication of behavioral expectations, modeled from the top and demonstrated by example. Again, ultimately, our actions are what matters

We all benefit tremendously when employees exercise their power to prevent mistakes or wrongdoing by asking the right questions at the right times.

Coalfire Federal will investigate all reported instances of questionable or unethical behavior. In every instance where improper behavior is found to have occurred, the company will take appropriate action. We will not tolerate retaliation against employees who raise genuine ethics concerns in good faith.

Employees are encouraged, in the first instance, to address such issues with their managers or a member of the human resources team, as most problems can be resolved swiftly. If for any reason that is not possible or if an employee is not comfortable raising the issue with their manager or human resource business partner, Coalfire Federal’s President operates with an open-door policy.


A whistleblower is an employee who reports an activity they consider to be illegal or dishonest. Examples of illegal or dishonest activities that violate federal, state or local laws include fraudulent financial reporting or billing for services not performed or goods not delivered.

If you know of or are concerned about illegal, dishonest or fraudulent activity, contact your immediate manager or a member of the human resources team. Use sound judgement to avoid baseless allegations. Intentionally filing a false report of wrongdoing is strictly prohibited.

Whistleblowers are protected in two important areas– confidentiality and retaliation. Coalfire Federal will protect the confidentiality of the whistleblower to the extent possible. However, your identity may be

disclosed to conduct a thorough investigation, to comply with applicable law or to provide accused individuals their legal rights of defense.

Coalfire prohibits retaliation of any kind against any employee for filing a complaint in good faith or for assisting in a complaint investigation.

Any whistleblower who believes they are being retaliated against should contact their manager or a member of the human resources team immediately. A whistleblower’s right to protection against retaliation does not include immunity for any personal wrongdoing that is alleged and investigated.


Coalfire Federal is committed to an environment where open, honest communications are the expectation, not the exception. We want you to feel comfortable in approaching your manager or human resources business partner in instances where you believe violations of policies or standards have occurred.

If you believe there has been a violation of our Code of Business Ethics and Conduct we encourage you to report the incident to your manager or human resource business partner so that we can open an impartial investigation Complaints will be kept confidential, unless disclosure is required to comply with law and / or regulations, or to provide accused individuals their legal rights of defense. Managers must report all harassment complaints or instances of possible harassment to human resources immediately upon notification of an incident. If an investigation determines an employee’s behavior violates this policy, disciplinary action will be taken, up to and including termination of employment

In situations where you prefer to make a report in confidence, you are encouraged to use the following hotline, hosted by a third-party hotline provider, Ethics Point. This hotline can be used to submit reports relating to violations of Coalfire Federal policies, as well as ask for guidance related to policies and procedures.

Website: Phone: 1-844-986-1442

  • Coalfire Federal’s EEO/AA representative is the Senior HR Generalist. The Senior HR Generalist is responsible for state and federal EEO laws, affirmative action regulations, and implementing Coalfire Federal’s affirmative action plan, including reporting, monitoring, and equal employment practices.


Coalfire Federal’s commitment to integrity begins with complying with laws, rules and regulations where we do business. Further, each of us must have an understanding of the company policies, laws, rules and regulations that apply to our specific roles. If we are unsure of whether a contemplated action is permitted by law or Coalfire Federal policy, we should seek the advice from the resource expert. We are responsible for preventing violations of law and for speaking up if we see possible violations.


Coalfire Federal is committed to competing solely on the merit of our products and services. We avoid any actions that create a perception that favorable treatment of outside entities by Coalfire Federal was sought, received or given in exchange for personal business courtesies. Business courtesies include gifts, gratuities, meals, refreshments, entertainment or other benefits from persons or companies with whom Coalfire Federal does or may do business. We will neither give nor accept business courtesies that constitute, or could reasonably be perceived as constituting, unfair business inducements that would

violate law, regulation or polices of Coalfire Federal or customers, or would cause embarrassment or reflect negatively on Coalfire Federal’s reputation.

Coalfire Federal prohibits employees from seeking any gift(s), favors, entertainment, payment or loans for themselves or their family members from any client or other party doing business with Coalfire Federal.

Coalfire Federals business conduct maintain we follow applicable laws and customer/client polices governing receiving or giving of gifts.

If you ever doubt whether the receipt of goods or services violates Coalfire or customer/client policies, please discuss your concern with your manager.


Coalfire Federal has zero tolerance for bribery or corrupt acts. Coalfire Federal complies with the Foreign Corrupt Practices Act (FCPA), and expressly prohibits soliciting or accepting kickbacks from any party doing business with Coalfire Federal.


Coalfire Federal believes that human rights are the most fundamental rights of every individual. As a result, we stand with fairness, equity and justice and have a zero-tolerance policy for violation of human trafficking, the use of forced labor, or child labor. Furthermore, we expect our employees, vendors and suppliers to maintain the same level of commitment to all human rights.


We are dedicated to ethical, fair and vigorous competition. We will sell Coalfire Federal products and services based on their merit, superior quality, functionality and competitive pricing. We will make independent pricing and marketing decisions and will not improperly cooperate or coordinate our activities with our competitors. We will not offer or solicit improper payments or gratuities in connection with the purchase of goods or services for Coalfire Federal or the sales of its products or services, nor will we engage or assist in unlawful boycotts of particular customers.


Integral to Coalfire Federal’s business success is our protection of confidential company information, as well as nonpublic information entrusted to us by employees, customers and other business partners.

Confidential and proprietary information includes such things as pricing and financial data, customer names/addresses or nonpublic information about other companies, including current or potential supplier and vendors. It is important that we respect the property rights of others.

We will not disclose confidential and nonpublic information without a valid business purpose and proper authorization. We will not acquire or seek to acquire improper means of a competitor’s trade secrets or other proprietary or confidential information. We will not selectively disclose any material nonpublic information or engage in unauthorized use, copying, distribution or alteration of software or other intellectual property.

Proprietary records of third parties is protected under the standard of care which we use to protect our own proprietary records and such protection is carried through disposition in accordance with customer/client polices or applicable law. Coalfire Federal policies require the return of proprietary information upon separation of assignment for all employees, vendors subcontractors and partners to whom proprietary information was entrusted.



Coalfire Federal aims to provide a safe work environment for all employees, contractors, and volunteers, as well as clients and visitors. Hazards and risks to health and safety will be eliminated or minimized as far as is reasonably practicable. Coalfire Federal requires all employees to adhere to posted safety rules and follow OSHA and state safety regulations.

Coalfire Federal management is committed to:

  • Ensure Coalfire Federal complies with all legislation relating to health and safety.
  • Providing information, instruction and training as needed to enable all workers to work safely.
  • Supervise workers to ensure work activities are performed safely.
  • Providing appropriate safety equipment and personal protective equipment when necessary.

Unsafe conditions or injuries incurred while at work should be reported immediately, no matter how slight.


Coalfire Federal is committed to providing a drug free workplace. Coalfire Federal also offers an employee assistance program where employees can ask questions an obtain additional information related to emotional health and drug or alcohol related issues



Coalfire Federal prohibits engaging in acts which would result in a conflict of interest. We must avoid any relationship or activity that might impair, or even appear to impair, our ability to make objective and fair decisions when performing our jobs. As such, employees are prohibited from using their position with Coalfire Federal for private gain or to obtain benefits for themselves or members of their family.

Determining whether a conflict of interest exists is not always easy to do. Employees with questions related to conflicts of interest question should seek advice from management.



We make certain that all disclosures made in financial reports and public documents are full, fair, accurate, timely and understandable. This obligation applies to all employees, including all financial executives, with any responsibility for the preparation for such reports, including drafting, reviewing and signing or certifying the information contained therein. No business goal of any kind is ever an excuse for misrepresenting facts or falsifying records.

Employees should inform management and the human resource department if they learn that information in any filing or public communication was untrue or misleading at the time it was made or if subsequent information would affect a similar future filing or public communication.


We create, retain and dispose of company records as part of our normal course of business in compliance with all Coalfire Federal policies and guidelines, as well as all regulatory and legal requirements.

All corporate records must be true, accurate and complete, and company data must be promptly and accurately entered in our books in accordance with Coalfire Federal’s and other applicable accounting principles.

We must not improperly influence, manipulate or mislead any unauthorized audit, nor interfere with any auditor engaged to perform an internal independent audit of Coalfire Federal books, records, processes or internal controls.

Coalfire Federal employees are required to enter time daily in accordance with Coalfire Federal timekeeping policies. All hours recorded must be consistent with time worked. Coalfire Federal’s timekeeping policy requires using the appropriate assigned charge codes and manager approval prior to processing of time.


At times, we are all faced with decisions we would rather not have to make and issues we would prefer to avoid. Sometimes, we hope that if we avoid confronting a problem, it will simply go away.

At Coalfire Federal, we must have the courage to tackle the tough decisions and make difficult choices, secure in the knowledge that Coalfire Federal is committed to doing the right thing. At times this will mean doing more than simply what the law requires. Merely because we can pursue a course of action does not mean we should do so.

Although Coalfire Federal’s guiding principles cannot address every issue or provide answers to every dilemma, they can define the spirit in which we intend to do business and should guide us in our daily conduct.


Each of us is responsible for knowing and adhering to the values and standards set forth in this code and for raising questions if we are uncertain about company policy. If we are concerned whether the standards are being met or are aware of violations of the code, we must contact a manager or human resources business partner.

Coalfire Federal takes seriously the standards set forth in the code, and violations are cause for disciplinary action up to and including termination of employment.



Company resources, including time, material, equipment and information, are provided for company business use. Employees and those who represent Coalfire Federal are trusted to behave responsibly and use good judgment to conserve company resources.

Coalfire Federal does not use company or customer/client equipment for other than legitimate business purposes. We will not solicit contributions nor distribute non-work related materials during work hours.

In order to protect the interests of the Coalfire Federal network and our fellow employees, Coalfire Federal reserves the right to monitor or review all data and information contained on an employee’s company-issued computer or electronic device, the use of the Internet or Coalfire Federal’s intranet. Coalfire Federal will not tolerate the use of company resources to create, access, store, print, solicit or

send any materials that are harassing, threatening, abusive, sexually explicit or otherwise offensive or inappropriate.

Questions about the proper use of company resources should be directed to your manager or human resources business partner.


Several key questions can help identify situations that may be unethical, inappropriate or illegal. Ask yourself:

  • Does what I am doing comply with the Coalfire Federal guiding principles, Code of Business Ethics and Conduct and company policies?
  • Have I been asked to misrepresent information or deviate from normal procedure?
  • Would I feel comfortable describing my decision at a staff meeting?
  • How would it look if it made the headlines?
  • Am I being loyal to my family, my company and myself?
  • What would I tell my child to do?
  • Is this the right thing to do?


This code of conduct applies to all employees of Coalfire Federal as well as our vendors and subcontractors. The President of Coalfire Federal is the only individual authorized to grant a waiver(s) herein.


Coalfire Federal Quality Assurance (QA) representatives are responsible for performing independent reviews and/or audits throughout the service lifecycle to ensure process compliance. The QA department is responsible for maintaining this policy. Suggestions for improvement may be submitted to