EXECUTIVE SUMMARY

Our quality management framework embodies a commitment to evidence-based practice by establishing comprehensive quality standards that ensure excellence in research methodology, analytical rigor, and client service delivery across all engagement areas, integrating traditional research excellence with advanced technology-assisted capabilities that distinguish CKS in the marketplace while delivering exceptional value to clients.

Our systematic approach encompasses research design validation, methodology implementation oversight, data collection and validation procedures, analytical process verification, and deliverable preparation excellence, all applied consistently regardless of project size, duration, or complexity, with appropriate adaptations for specific sectoral requirements and regulatory obligations that affect our client base.

The quality assurance framework includes comprehensive peer review procedures that provide independent validation of research methodology and analytical processes, multi-tier review systems that combine domain expertise assessment with bias detection and client readiness evaluation, and specialized validation procedures for technology-assisted research that ensure AI and automated analysis tools enhance rather than replace professional judgment and analytical reasoning.

Process management encompasses systematic documentation, standardization, and continuous improvement of all research and client service processes, supported by comprehensive performance metrics that include client satisfaction scores, deliverable quality assessments, project success rates, and both leading and lagging indicators that capture the full spectrum of research quality including methodology rigor, analytical insight, and client value delivery.

Quality culture development emphasizes prevention of quality issues through proper planning and execution, integration of continuous improvement initiatives, competency management through comprehensive staff training on research methodologies and quality assurance procedures, and compliance with applicable professional standards, regulatory requirements, and industry best practices across all jurisdictions where we operate, ensuring that quality management procedures accommodate client-specific requirements while maintaining the highest standards of research integrity and professional excellence.

I. POLICY FOUNDATION

Our commitment to evidence-based practice demands the highest standards of quality management that ensure excellence in research methodology, analytical rigor, and client service delivery.

Our quality management approach integrates traditional research excellence with advanced technology-assisted capabilities, maintaining professional standards that distinguish us in the marketplace while delivering exceptional value to clients across all engagement areas.

II. QUALITY MANAGEMENT FRAMEWORK

Research Excellence Standards

We maintain comprehensive quality standards that encompass research design, methodology implementation, data collection and validation, analytical procedures, and deliverable preparation. These standards reflect our commitment to systematic observation, rigorous analysis, and evidence-based conclusions that support client decision-making with confidence and integrity.

Quality standards are applied consistently across all client engagements regardless of size, duration, or complexity, with appropriate adaptations for specific sectoral requirements and regulatory obligations. Our approach emphasizes prevention of quality issues through proper planning and execution rather than correction after completion.

Process Management

All research and client service processes are documented, standardized, and subject to regular review and improvement. Process management encompasses project initiation, research planning, execution monitoring, quality validation, and client delivery, ensuring consistent approaches that support reliable outcomes.

Process effectiveness is measured through comprehensive metrics including client satisfaction, deliverable quality assessments, timeline adherence, and resource utilization efficiency. Regular process reviews identify improvement opportunities and ensure continued alignment with client expectations and business objectives.

III. RESEARCH QUALITY ASSURANCE

Methodology Validation

Research methodologies employed in client engagements are subject to systematic validation procedures that assess appropriateness for the research questions, adequacy of data sources, validity of analytical approaches, and reliability of conclusions. Methodology selection emphasizes proven approaches while incorporating appropriate innovations that enhance analytical value.

All research designs undergo peer review by qualified internal experts before project initiation, with ongoing monitoring throughout execution to ensure adherence to approved methodologies and appropriate adaptation to emerging findings or changed circumstances.

Data Quality Management

Research data is subject to comprehensive quality controls that include source validation, accuracy verification, completeness assessment, and consistency checking throughout the collection and processing lifecycle. Data quality procedures address both traditional research sources and technology-generated information.

Quality control procedures include automated validation where appropriate, supplemented by human verification for critical data elements and analytical processes. Comprehensive documentation maintains audit trails that support research transparency and enable quality validation by internal and external reviewers.

Analytical Review and Validation

All analytical processes are subject to multi-tier review procedures that validate methodological application, assess analytical reasoning, and evaluate conclusion support. Review procedures include domain expertise validation, bias detection, and client readiness assessment before deliverable finalization.

Technology-assisted analysis is subject to additional validation procedures that assess model appropriateness, validate algorithmic reasoning, and ensure human oversight of automated processes. Quality assurance includes bias detection, explainability validation, and verification of technology-generated insights.

IV. DELIVERABLE QUALITY CONTROL

Content Review and Approval

All client deliverables undergo systematic review procedures that assess research quality, analytical rigor, presentation clarity, and client requirement fulfillment. Review procedures include fact-checking, source verification, logical consistency evaluation, and professional presentation standards validation.

Deliverable approval requires sign-off from qualified senior personnel who validate research methodology adherence, analytical quality, and client value delivery. Final approval includes verification of confidentiality protection and regulatory compliance requirements.

Continuous Improvement Integration

Quality review processes include systematic collection of lessons learned, identification of process improvement opportunities, and integration of enhanced procedures into future engagements. Improvement initiatives emphasize both incremental enhancements and breakthrough innovations that advance research capabilities.

Client feedback is systematically collected, analyzed, and integrated into quality management procedures through formal feedback mechanisms, regular client satisfaction assessments, and ongoing relationship management that identifies enhancement opportunities.

V. TECHNOLOGY-ASSISTED RESEARCH QUALITY

AI and Automation Quality Controls

Technology-assisted research employs comprehensive quality management procedures that address data quality, model validation, algorithmic transparency, and human oversight requirements. Quality controls ensure that technology enhances rather than replaces professional judgment and analytical reasoning.

AI and automated analysis tools are subject to regular performance validation, bias detection procedures, and accuracy assessment that maintain research integrity. Human oversight includes verification of technology-generated insights, assessment of analytical reasoning, and validation of conclusions.

Integration Quality Management

Technology integration with traditional research methodologies is subject to quality validation that ensures seamless operation, maintains data integrity, and supports enhanced analytical capabilities. Integration quality includes technical performance, user experience, and research outcome validation.

Quality management procedures address the full technology lifecycle including system selection, configuration, deployment, operation, and retirement, ensuring continued effectiveness and alignment with research quality objectives.

VI. PEER REVIEW AND VALIDATION

Internal Review Processes

We maintain comprehensive peer review procedures that provide independent validation of research methodology, analytical processes, and conclusion support. Internal review includes domain expertise assessment, methodological validation, and quality standard compliance verification.

Peer review procedures are adapted to project characteristics including complexity, sensitivity, and regulatory requirements, with enhanced review for high-stakes engagements and specialized requirements for technology-assisted research validation.

External Validation

Selected research projects may undergo external peer review by qualified independent experts who provide additional validation of methodology, analysis, and conclusions. External review enhances research credibility and provides independent verification of research quality.

External validation procedures include appropriate confidentiality protection, expert qualification verification, and conflict of interest management that maintains research integrity while benefiting from independent expertise.

VII. PERFORMANCE MEASUREMENT AND MONITORING

Quality Metrics and Indicators

Quality performance is measured through comprehensive metrics that include client satisfaction scores, deliverable quality assessments, project success rates, and continuous improvement indicators. Metrics encompass both leading indicators that predict quality outcomes and lagging indicators that measure actual performance.

Performance measurement includes both quantitative metrics and qualitative assessments that capture the full spectrum of research quality including methodology rigor, analytical insight, client value delivery, and professional service excellence.

Monitoring and Reporting

Quality performance is subject to regular monitoring through systematic data collection, trend analysis, and performance reporting that supports management decision-making and continuous improvement initiatives. Monitoring includes real-time project tracking and periodic comprehensive assessments.

Quality reporting provides transparency to stakeholders including clients, senior management, and relevant regulatory authorities, demonstrating commitment to excellence and supporting informed decision-making about quality improvement initiatives.

VIII. TRAINING AND COMPETENCY MANAGEMENT

Staff Quality Competency

Our personnel receive comprehensive training on quality management principles, research methodologies, and quality assurance procedures appropriate to their roles and responsibilities. Training includes initial competency development and ongoing professional development that maintains current expertise.

Competency validation includes regular assessment of research skills, quality procedure compliance, and professional development progress. Training programs address both traditional research methodologies and technology-assisted research capabilities.

Quality Culture Development

We promote a quality-focused culture that emphasizes continuous improvement, professional excellence, and client value delivery through regular communication, recognition programs, and leadership demonstration of quality commitment.

Quality culture initiatives include staff engagement in improvement activities, sharing of best practices, and celebration of quality achievements that reinforce the importance of excellence in all aspects of research and client service.

IX. REGULATORY AND COMPLIANCE QUALITY

Standards Compliance

Quality management procedures ensure compliance with applicable professional standards, regulatory requirements, and industry best practices across all jurisdictions where we operate or serve clients. Compliance includes both mandatory requirements and voluntary standards that enhance research credibility.

Compliance monitoring includes regular assessment of adherence to established standards, documentation of compliance activities, and adaptation to regulatory changes that affect research quality requirements.

Client-Specific Requirements

Quality management procedures accommodate client-specific quality requirements including enhanced validation procedures, specialized reporting formats, and additional review processes that exceed standard procedures where required by client needs or regulatory obligations.

X. POLICY GOVERNANCE

Policy Authority: Craighead Kellas Limited
Effective Date: 14 August 2025

XI. DETAILED DOCUMENTATION

• Comprehensive Procedures: Detailed quality management procedures, validation protocols, and performance measurement systems are available upon request for authorized personnel with legitimate business requirements.

• Implementation Guidelines: Specific quality control procedures, review protocols, and performance standards are maintained separately and provided to relevant stakeholders as appropriate.

• This policy reflects Craighead Kellas commitments to research excellence and quality service delivery that supports client success through rigorous evidence-based practice and continuous improvement.

DATE OF PUBLICATION: AUGUST 14th 2025.

FEEDBACK ON THIS POLICY CAN BE EMAILED TO OFFICE@CRAIGHEADKELLAS.COM

EXECUTIVE SUMMARY

This research ethics framework reflects our foundational commitment to the highest standards of research ethics that protect all stakeholders while maintaining research integrity, professional conduct, and client service excellence through comprehensive ethical requirements that balance commercial research realities with rigorous ethical standards drawn from recognized international frameworks including UK Research Integrity Office guidelines, ESOMAR international standards, and relevant professional codes.

Our ethical research approach encompasses all phases of research activity from initial planning through data collection, analysis, reporting, and knowledge dissemination, ensuring that ethical considerations are integrated into research design rather than treated as separate compliance requirements, with fundamental principles of research integrity including honesty in research design and reporting, reliability in research conduct and analysis, transparency in methodology and limitations, and accountability for research quality and ethical compliance across all client engagement areas.

Participant protection procedures include informed consent frameworks adapted to cultural contexts and research requirements, comprehensive privacy and confidentiality measures that extend beyond immediate research periods to include long-term data storage and secure disposal, and special provisions for vulnerable populations and sensitive research topics that respect participant rights while enabling legitimate research activities.

Conflict of interest management encompasses systematic identification and declaration procedures for all potential conflicts, comprehensive management and mitigation measures that prioritize research integrity and client interests, and transparent documentation that supports conflict management decisions and regular review validation.

The framework addresses technology ethics and AI governance through responsible integration procedures that assess algorithmic bias, data quality, transparency requirements, and human oversight responsibilities, ensuring that technology enhances rather than replaces ethical judgment and professional responsibility while maintaining privacy protection throughout the research lifecycle.

International and cross-cultural ethics considerations include cultural sensitivity measures, regulatory compliance integration across multiple jurisdictions, and specialized procedures for complex or high-risk research projects that may require external ethics consultation, all supported by comprehensive staff ethics education, decision-making support systems, and systematic ethical review and oversight procedures that ensure research activities contribute positively to knowledge advancement while serving legitimate client interests.

I. POLICY FOUNDATION

Our commitment to evidence-based practice requires the highest standards of research ethics that protect all stakeholders while maintaining research integrity, professional conduct, and client service excellence.

Our research ethics framework balances commercial research requirements with rigorous ethical standards, ensuring that all research activities uphold professional integrity, respect participant rights, and contribute positively to knowledge advancement while serving legitimate client interests.

II. ETHICAL RESEARCH FRAMEWORK

Professional Standards Integration

Our research activities are governed by professional standards drawn from recognized international frameworks including the UK Research Integrity Office guidelines, ESOMAR international standards, and relevant professional codes that establish comprehensive ethical requirements for commercial research practice.

Ethical standards encompass all phases of research activity from initial planning through data collection, analysis, reporting, and knowledge dissemination, ensuring that ethical considerations are integrated into research design rather than treated as separate compliance requirements.

Research Integrity Principles

All research conducted by us adheres to fundamental principles of research integrity including honesty in research design and reporting, reliability in research conduct and analysis, transparency in methodology and limitations, and accountability for research quality and ethical compliance.

Research integrity includes proper attribution of sources, accurate representation of findings, appropriate acknowledgment of limitations, and honest reporting of both supportive and contradictory evidence that emerges during research activities.

III. PARTICIPANT PROTECTION AND CONSENT

Informed Consent Procedures

Research involving human participants requires informed consent procedures that provide clear information about research purposes, data collection methods, participant rights, and data usage intentions. Consent procedures are adapted to cultural contexts, participant capabilities, and research requirements while maintaining ethical standards.

Consent procedures address both direct research participation and secondary data usage, ensuring that participants understand how their information will be used and maintained throughout the research process. Special provisions apply to vulnerable populations and sensitive research topics.

Privacy and Confidentiality Protection

Participant privacy is protected through comprehensive confidentiality measures that include data anonymization, secure storage procedures, and limited access controls that restrict information usage to authorized research personnel with legitimate business requirements.

Confidentiality protection extends beyond the immediate research period to include long-term data storage, reporting procedures that prevent participant identification, and secure disposal procedures when retention is no longer required or authorized.

IV. CONFLICT OF INTEREST MANAGEMENT

Identification and Declaration

All research personnel are required to identify and declare potential conflicts of interest that could affect research design, conduct, analysis, or reporting. Conflict identification includes financial interests, professional relationships, personal connections, and ideological commitments that could compromise research objectivity.

Declaration procedures include initial disclosure during project planning, ongoing monitoring for emerging conflicts, and immediate reporting of new conflicts that arise during research conduct. Comprehensive documentation maintains transparency and supports conflict management decisions.

Management and Mitigation

Identified conflicts of interest are managed through appropriate mitigation measures that may include disclosure to clients, implementation of safeguards, assignment of oversight responsibilities, or in severe cases, personnel reassignment or project withdrawal.

Management decisions prioritize research integrity and client interests while balancing legitimate business requirements and professional development opportunities. All management decisions are documented and subject to regular review and validation.

V. RESEARCH CONDUCT AND METHODOLOGY

Methodological Integrity

Research methodologies are selected based on appropriateness for research questions, validity of analytical approaches, and reliability of expected outcomes rather than convenience, cost considerations, or predetermined conclusions. Methodology selection includes consideration of ethical implications and participant impact.

Research conduct follows established methodological protocols with appropriate adaptations for emerging findings, changed circumstances, or new information that affects research validity. Changes to approved methodologies require ethical review and appropriate stakeholder notification.

Data Collection and Analysis Ethics

Data collection procedures respect participant rights, minimize intrusion and harm, and maintain appropriate boundaries between research requirements and participant privacy. Collection procedures include provisions for participant withdrawal and data deletion upon request where feasible.

Data analysis maintains objectivity through systematic approaches that avoid bias, consider alternative explanations, and acknowledge limitations and uncertainties. Analysis procedures include verification steps that validate findings and assess potential methodological influences on results.

VI. TECHNOLOGY ETHICS AND AI GOVERNANCE

Responsible Technology Integration

Technology-assisted research employs ethical frameworks that address algorithmic bias, data quality, transparency requirements, and human oversight responsibilities. Technology deployment includes assessment of ethical implications and implementation of appropriate safeguards.

AI and automated analysis tools are subject to ethical evaluation that addresses fairness, accountability, transparency, and explainability requirements. Human oversight ensures that technology enhances rather than replaces ethical judgment and professional responsibility.

Privacy and Surveillance Considerations

Technology usage in research activities includes comprehensive privacy protection measures that address data collection, processing, storage, and usage throughout the research lifecycle. Privacy considerations include both legal compliance and ethical best practices that exceed minimum requirements.

Research activities avoid unnecessary surveillance, minimize data collection to research requirements, and implement appropriate security measures that protect participant privacy and research confidentiality from unauthorized access or disclosure.

VII. PUBLICATION AND DISCLOSURE ETHICS

Research Transparency

Research transparency includes appropriate disclosure of methodologies, limitations, conflicts of interest, and funding sources while maintaining client confidentiality and protecting proprietary information. Transparency balances research integrity requirements with legitimate business protection needs.

Publication activities contribute positively to professional knowledge advancement while protecting client interests and maintaining competitive advantages. Publication decisions consider both professional development benefits and potential risks to client relationships and business operations.

Attribution and Acknowledgment

Research outputs provide appropriate attribution to data sources, methodological influences, and collaborative contributions while maintaining necessary confidentiality protections. Attribution includes recognition of both internal contributions and external expertise that supports research quality.

Intellectual property considerations are balanced with professional acknowledgment requirements, ensuring that contributions are recognized while protecting proprietary methodologies and client-specific innovations that provide competitive advantages.

VIII. INTERNATIONAL AND CROSS-CULTURAL ETHICS

Cultural Sensitivity

Research activities involving diverse cultural contexts include appropriate cultural sensitivity measures that respect local customs, values, and communication patterns while maintaining research integrity and ethical standards. Cultural adaptation addresses both participant interaction and data interpretation.

Cross-cultural research includes consultation with local experts, adaptation of consent procedures to cultural norms, and consideration of cultural factors in research design and analysis that could affect validity and participant welfare.

Regulatory Compliance Integration

Research activities comply with applicable ethical requirements across all jurisdictions where research is conducted or participants are located, ensuring that research meets the highest applicable standards regardless of location or regulatory framework differences.

Compliance integration addresses both mandatory ethical requirements and professional best practices, with particular attention to export control considerations, data transfer restrictions, and sector-specific ethical obligations that affect client engagement areas.

IX. ETHICAL REVIEW AND OVERSIGHT

Internal Ethics Review

Research projects undergo systematic ethical review that assesses participant protection, conflict management, methodological integrity, and compliance with professional standards. Review procedures are proportionate to project characteristics including risk level, participant involvement, and potential impact.

Ethics review includes both initial project approval and ongoing monitoring for emerging ethical issues, changed circumstances, or new information that affects ethical considerations. Review documentation supports transparency and accountability for ethical decisions.

External Ethics Consultation

Complex or high-risk research projects may undergo external ethics consultation by qualified independent experts who provide additional validation of ethical procedures and safeguards. External consultation enhances research credibility and provides independent verification of ethical compliance.

Consultation procedures include appropriate confidentiality protection, expert qualification verification, and integration of recommendations into research design and conduct procedures that maintain ethical standards throughout project execution.

X. ETHICS TRAINING AND COMPETENCY

Staff Ethics Education

All research personnel receive comprehensive ethics training that covers fundamental principles, practical application procedures, and reporting requirements appropriate to their roles and research responsibilities. Training includes both initial competency development and ongoing professional development.

Ethics education addresses traditional research ethics principles and emerging considerations related to technology-assisted research, cross-cultural activities, and commercial research requirements that distinguish consulting practice from academic research.

Ethical Decision-Making Support

We provide decision-making support for ethical dilemmas through consultation procedures, documented guidance, and escalation protocols that ensure appropriate resolution of ethical challenges while maintaining research progress and client service delivery.

XI. POLICY GOVERNANCE

Policy Authority: Craighead Kellas Limited

Effective Date: 14 August 2025

XII. DETAILED DOCUMENTATION

• Comprehensive Guidelines: Detailed research ethics procedures, review protocols, and decision-making frameworks are available upon request for authorized personnel with legitimate business requirements.

• Implementation Procedures: Specific ethical review processes, consent templates, and compliance procedures are maintained separately and provided to relevant stakeholders as appropriate.

• This policy reflects Craighead Kellas commitments to ethical research conduct that protects all stakeholders while maintaining research integrity and professional excellence in evidence-based practice.

DATE OF PUBLICATION: 14 AUGUST 2025.

FEEDBACK ON THIS POLICY CAN BE EMAILED TO OFFICE@CRAIGHEADKELLAS.COM

EXECUTIVE SUMMARY

Our policy on intellectual property reflects our fundamental commitment to evidence-based practiceby emphasizing the creation of substantive value through demonstrated expertise rather than restrictive legal barriers, while maintaining robust protection of our core competitive advantages. Our approach recognizes that intellectual property in the research consultancy domain encompasses not only traditional assets such as proprietary methodologies and analytical frameworks, but also sophisticated technology-assisted research capabilities, knowledge management systems, and the unique integration of evidence-based practice with advanced analytical tools that distinguish our market position.

The policy establishes clear boundaries between client work product, which belongs to clients upon completion of engagement terms, and underlying Company assets including methodologies, technology platforms, and general insights that remain our property and enable enhanced value delivery across multiple engagements. Protection mechanisms span comprehensive confidentiality frameworks, contractual safeguards, and technology security measures, while our publication and disclosure standards allow for thought leadership and professional development activities that build market credibility without compromising proprietary processes or competitive advantages.

International considerations ensure that our intellectual property protection accommodates global operations through jurisdiction-appropriate legal mechanisms and compliance with technology transfer requirements, supported by clear frameworks for collaborative development and strategic partnerships that protect our assets while enabling business growth.

I. Policy Foundation

This policy flows from our philosophy and principles on research quality and standards. Our commitment to evidence-based practice underpins all our intellectual property management and protection protocols.

II. Intellectual Property Management

We maintain a comprehensive portfolio of proprietary research methodologies, analytical frameworks, and systematic approaches that distinguish our evidence-based practice and reflect our commitment to rigorous professional standards. These core assets are complemented by advanced analytical tools, research platforms, and integration systems that we have developed to support our research capabilities and enhance client service delivery. Our knowledge systems, including proprietary databases, information management frameworks, and professional development resources, further support our operational excellence and competitive positioning in the marketplace.

When conducting client engagements, research outputs and analysis produced for clients belong to the client upon completion of engagement terms and full payment. However, the underlying core methodologies, analytical processes, technology platforms, and general insights that enable this work remain our property and may be applied across multiple client engagements to deliver enhanced value. Client-specific adaptations and bespoke research tools developed during engagements are governed by the terms of individual engagement agreements, ensuring clear understanding of ownership and usage rights.

III. Protection Framework

Our comprehensive confidentiality frameworks protect our intellectual property and client interests through appropriate legal and technical safeguards applied to all personnel, contractors, and third parties with access to sensitive information. Client engagement agreements include clear intellectual property ownership provisions, licensing terms, and confidentiality obligations that protect our assets and client interests throughout the research relationship. Proprietary technology assets are further protected through access controls, monitoring procedures, and enforcement mechanisms designed to maintain their competitive value and ensure operational security across all business activities.

IV. Publication & Disclosure

We may publish general insights and methodological approaches for professional development and thought leadership purposes, while maintaining complete protection of proprietary processes and client confidentiality. These publication activities are carefully designed to demonstrate our capabilities and advance evidence-based research practices without revealing competitive advantages or sensitive operational details that could compromise our market position or client interests.

V. International Considerations

Our intellectual property protection strategies are designed to accommodate international operations through jurisdiction-appropriate legal mechanisms and compliance with applicable technology transfer requirements across all markets where we operate. International partnerships and collaborative activities are governed by clear intellectual property frameworks that protect Our assets while enabling appropriate business development opportunities and strategic relationships that enhance our global capabilities.

VI. Policy Governance

Policy Authority: Craighead Kellas Limited
Effective Date: August 10th, 2025
Contact: enquiries@craigheadkellas.com

Detailed Documentation

• Comprehensive Policies: Detailed intellectual property procedures, protection protocols, and enforcement mechanisms are available upon request for authorized parties with legitimate business requirements.

• Implementation Procedures: Operational procedures and technical specifications supporting this policy framework are maintained separately and provided to relevant stakeholders as appropriate.

This policy statement reflects our commitment to protecting and leveraging intellectual property assets while maintaining our philosophical commitment to evidence-based practice and professional excellence.

*****

DATE OF PUBLICATION: AUGUST 10th 2025.

FEEDBACK ON THIS POLICY CAN BE EMAILED TO OFFICE@CRAIGHEADKELLAS.COM

EXECUTIVE SUMMARY

Our position on the use of artificial intelligence is grounded in the production of evidence and insight. We privilege methodological transparency, critical scrutiny, and a deep commitment to distinguishing evidence-based insight from unsupported assertion. We view artificial intelligence as a valuable but still experimental addition to technology-assisted research. It has the potential to be an important enabler of the evidence-based approach that defines our work. With this in mind, we energetically use and test AI tools, under controlled circumstances and within the context of our work.

We are nonetheless clear-eyed about the constraints and opportunities associated with artificial intelligence. We integrate AI technologies in our work to augment processing capability, analytical reach, and organizational efficiency. We do not defer or default to AI technologies. They reflect the data, algorithms, and design choices of their technical developers. We remain mindful of the inheritances and back-end controls that may continue to influence or route their performance. We do not substitute AI-generated logic or outputs for human reasoning, professional end-user skills and competencies, human skepticism and common sense, or context-aware interpretation.

In our daily work, responsibility for determining AI value and application begins and ends with us.

I. Quality Management

We adhere to rigorous academic, professional, and industry standards. We strive to adhere to relevant privacy, security and other requirements, and to ISO quality management standards. We view proactive quality assurance and responsive quality controls to be essential components of our research practice. Some of our own views, listed below, reflect and supplement that position.

• Responsibilities: Responsibility for AI management and use sits with us, our people, and their application of qualified intellectual discipline and methodological best practice.

• Consistency: We apply the same critical scrutiny to algorithmic results as we do to information sourced through any other technology, platform, or repository.

• Provenance: Our AI-assisted work is closely monitored, meticulously logged, and carefully traced to safeguard against abuses or degradation of provenance indicators.

• Limitations: We use AI outputs in isolation for demonstration purposes only and never use them as expedient solutions to work, time, or other pressures.

• Assurances: We apply best practice quality assurance protocols, including mandatory review and comprehensive documentation of AI processes and products, regular monitoring of tools for accuracy and capability variances, and independent review and audit.

• Competencies: We engage in continuous professional development, ethics training, collaboration with AI experts, review of emerging technologies, and publication of our views and findings. These points ensure we remain at the forefront of responsible AI use.

II. Integration Philosophy

Artificial intelligence is an essential addition to technology-assisted research capabilities. We manage and use AI technologies as tools that facilitate elements of our research design and workflow. We categorically reject the anthropomorphization of AI tools. These systems are neither “colleagues” nor “research assistants”. Nor do we “collaborate” with them, any more than we would collaborate with a search engine or cite a spellcheck utility as co-author.

• Direction of Flow: Crucially, we recognize that neither human users nor AI technologies are intrinsically objective or subjective. Objectivity in research is the goal and result of properly designed, transparent, and reproducible methodologies, robust critical examination, and explicit acknowledgment of bias. Any suggestion that AI “does the objective part” while human intervention introduces subjectivity, inverts the agency that defines the process and misrepresents the strengths and weaknesses of these tools.

• Specific Applications: We have identified specific areas where AI technologies enhance our research capabilities without compromising our standards. In research enhancement, AI tools accelerate document analysis and digitization, identify patterns in complex datasets, expedite literature reviews, provide multi-language research support, and improve data synthesis and visualization. These applications allow our research to focus on higher-value analytical tasks while maintaining comprehensive coverage of relevant information.

• Research Integrity: We do not use AI for final analysis and interpretation, strategic recommendations without expert validation, client-facing deliverables without human review, or evidence evaluation and credibility assessment. These core research functions require judgment, experience, and contextual understanding that define professional research expertise. Our quality control processes explicitly prevent AI from bypassing established verification mechanisms, replacing peer review, substituting for domain expertise, or making automated decisions about research methodologies. These guardrails ensure that AI enhancement never becomes AI dependence.

III. Experimentation & Innovation

AI technologies are in their infancy and fundamentally experimental. Our approach to AI flows from this point.  We follow a dual track in which we use AI tools in our work while simultaneously investigating and testing the limits of what AI can do. This experimental methodology ensures that our AI integration remains both cutting-edge and empirically grounded. We apply the same rigorous testing and validation standards to our AI tools that we apply to our research processes and outputs, creating an iterative improvement cycle that strengthens both our capabilities and our methodological foundation.

• Thought leadership: We research AI effectiveness, develop and test novel AI-assisted research methodologies, and create proprietary frameworks and benchmarks for testing client-specific challenges. This approach positions us to understand AI capabilities and limitations, innovate technology and methods stacks, and contribute to the broader discourse on AI. The investment generates intellectual property and positions us as thought leaders.

• Prototyping Efforts: Our prototyping efforts focus on experimental AI tools for specialized research applications, development of AI-assisted provenance tracing systems, and creation of proprietary frameworks tailored to specific client challenges. We test emerging technologies through controlled experiments, comparing AI-assisted versus traditional research methods and developing and publishing metrics that evaluate AI's contribution to research quality.

• Continuous Monitoring: Our AI position evolves through structured evaluation and refinement. Quarterly assessments examine AI tool effectiveness, annual policy reviews incorporate lessons learned and technological advances, and continuous client feedback shapes our approach. We monitor industry benchmarks while pursuing innovation opportunities through pilot programs, research partnerships, and custom tool development.

IV. Risk Management & Mitigation

We actively manage the risks associated with AI deployment, including AI hallucination and misinformation, data privacy and confidentiality concerns, algorithmic bias in research outputs, the potential for over-reliance on AI tools, and cybersecurity threats and vulnerabilities. Our risk management framework addresses these challenges through systematic monitoring, verification, and escalation procedures.

• Threats, Vulnerabilities, & Risks. We guard against AI-system failures, compromised research integrity, client trust erosion, compliance challenges, and competitive disadvantage. We do this through comprehensive, 360 reviews of our AI resources, ways of working, and engagements. Regular threat, vulnerability, and risk assessments ensure our AI policy and activities can be adjusted in step with new technology innovations and regulatory updates.

• Confidentiality, Data Protection, & Privacy: We adhere to the highest standards of client confidentiality and data stewardship. AI tools are only used in full compliance with all relevant privacy laws, codes of practice, client obligations, and contractual requirements. Sensitive or confidential material will never be processed with AI systems that transmit data to uncontrolled third-party environments. We maintain comprehensive safeguards, both technical and procedural, to ensure client data security at every project stage.

• Transparency for Clients & Stakeholders: Our research designs explicitly detail the tools we use, including AI technologies. We maintain complete transparency with clients about AI tool usage and the use of AI technologies requires informed client consent.  When we use AI to support a specific deliverable, its role and limitations are disclosed and can be explained in detail upon request. We invite questions and engagement on our methods and strive to maintain the trust that comes from open, clear communication about our work.

V. Policy Governance

Policy Authority: Craighead Kellas Limited
Effective Date: August 10th, 2025
Contact: enquiries@craigheadkellas.com

Detailed Documentation

• Comprehensive Policies: Detailed AI procedures, technical requirements, and operational protocols are available upon request for authorized parties with legitimate business requirements.

• Implementation Procedures: Specific quality management, integration, experimentation, and risk management documentation is maintained separately and provided to relevant stakeholders as appropriate.

• Regulatory Compliance: Complete compliance documentation and regulatory mapping is available for review by clients and partners with legitimate business requirements.

This policy statement reflects our commitment to protecting intellectual property, data security and privacy, and other AI-adjacent practice considerations, while enabling evidence-based research and maintaining the highest standards of professional service.

*****

DATE OF PUBLICATION: August 10th, 2025.

FEEDBACK ON THIS POLICY CAN BE EMAILED TO OFFICE@CRAIGHEADKELLAS.COM

EXECUTIVE SUMMARY

Our policy on data privacy and protection reflects our fundamental commitment to evidence-based practice by implementing the highest standards of information protection to safeguard client interests while enabling rigorous evidence-based research across international operations. Our innovative nested classification system prioritizes client-interest sensitivity over predetermined categorical schemes, ensuring that protection measures are calibrated to the actual potential impact on specific client objectives rather than subject matter classifications, while simultaneously accommodating mandatory government and regulatory requirements through enhanced protections that supplement rather than replace our client-focused approach.

The comprehensive protection framework integrates technical safeguards including industry-standard encryption and access controls, procedural safeguards encompassing need-to-know principles and secure communications, and physical safeguards covering facility security and device protection, all proportionate to information sensitivity and regulatory requirements. Technology integration governance ensures that our advanced analytical capabilities, including AI-assisted research tools and automated processing systems, maintain data protection standards throughout the research lifecycle while supporting our evidence-based methodology, complemented by rigorous vendor management that extends our protection standards across the entire technology supply chain.

International operations are supported by appropriate cross-border data transfer mechanisms and multi-jurisdictional compliance frameworks that address regulatory requirements across UAE, UK, and other relevant jurisdictions, while our client relationship model balances transparency about protection measures and incident management with clear expectations for client cooperation in implementing enhanced security procedures where required, all underpinned by systematic data lifecycle management, comprehensive incident response capabilities, and continuous improvement processes that maintain the highest standards of professional service.

I. Policy Foundation

This policy flows from our philosophy and principles on research quality and standards. Our commitment to evidence-based practice requires the highest standards of data protection to preserve the integrity and authenticity of information while protecting client interests.

Our data protection approach prioritizes client-interest sensitivity, recognizing that protection requirements derive from potential impact on client objectives rather than predetermined categorical classifications.

II. Data Classification

Our approach to information protection is calibrated to the potential impact of disclosure on specific client interests rather than predetermined subject matter categories, ensuring that protection measures are proportionate to actual business risk and client needs. Where client information is subject to government or regulatory requirements, additional protections supplement our base client-interest classifications to ensure comprehensive compliance across all applicable frameworks and jurisdictions. This graduated protection system ensures appropriate technical, procedural, and physical safeguards for information ranging from internal use materials to ultra-sensitive client data requiring the highest levels of security and confidentiality.

III. Protection Framework

Our comprehensive protection framework employs industry-standard encryption, access controls, and monitoring capabilities proportionate to information sensitivity and regulatory requirements, ensuring complete protection of data in transit, at rest, and during processing activities. This technical foundation is supported by need-to-know access principles, secure communication procedures, and comprehensive staff training on data protection requirements appropriate to personnel roles and access levels. Physical safeguards, including controlled facility access, secure storage solutions, and device protection measures, ensure comprehensive information security across all operational environments and client engagement activities.

IV. Technology Integration

Our comprehensive oversight of technology-assisted research capabilities ensures that advanced analytical tools support our evidence-based methodology while maintaining the highest data protection standards throughout the research and analysis lifecycle. This governance framework is complemented by rigorous due diligence and contractual requirements for technology partners, ensuring consistency with our data protection and confidentiality standards across all aspects of our technology-enhanced research operations.

IV. International Operations

We maintain appropriate legal mechanisms for international data transfers that ensure compliance with applicable data protection requirements across all jurisdictions where we operate or serve clients. Our multi-jurisdictional framework includes coordination procedures that address regulatory requirements across jurisdictions, including UAE, UK, and other applicable frameworks based on client location and specific business requirements, ensuring seamless global operations while maintaining the highest standards of data protection and regulatory compliance.

V. Client Rights & Responsibilities

We provide clients with clear information about information classification, protection measures, and processing activities affecting their data, supported by prompt notification and comprehensive response procedures for any data protection incidents that may affect client information. Clients maintain appropriate control over retention, processing limitations, and disposal of their confidential information, subject to legal and business requirements that ensure continued compliance and operational effectiveness.

In return, we ask clients to provide accurate and timely disclosure of any regulatory, classification, or sensitivity requirements affecting their information, along with cooperation in implementing appropriate protection measures and compliance with enhanced security procedures where required. Clear client authorization for required information sharing, processing, or cross-border transfers necessary for project delivery ensures that all data handling activities align with client expectations and regulatory requirements.

VI. Data Lifecycle Management

Our evidence-based approach to data retention ensures that retention periods are determined by research value, legal requirements, client needs, and business purposes, with regular review processes to ensure continued justification for data retention activities. When retention is no longer justified or required, comprehensive data destruction procedures ensure complete elimination of sensitive information from all systems and storage media, providing clients with confidence that their confidential information is appropriately managed throughout its entire lifecycle.

VII. Incident Management & Compliance

Our comprehensive incident response capabilities are designed to minimize impact on client interests and ensure appropriate regulatory compliance in the event of data protection incidents, with systematic integration of incident response experience into policy updates, procedure improvements, and preventive measures through continuous improvement processes. Regular assessment of data protection compliance, access controls, and security measure effectiveness is complemented by ongoing monitoring of policy adherence and operational performance. Independent assessment of our data protection measures and compliance with industry standards and regulatory requirements through appropriate audit and certification processes provides additional assurance of our commitment to maintaining the highest standards of data protection and professional service.

VIII. Policy Governance

Policy Authority: Craighead Kellas Limited
Effective Date: August 8th, 2025
Contact: enquiries@craigheadkellas.com

Detailed Documentation

• Comprehensive Policies: Detailed data protection procedures, technical requirements, and operational protocols are available upon request for authorized parties with legitimate business requirements.

• Implementation Procedures: Specific classification criteria, protection measures, and compliance documentation are maintained separately and provided to relevant stakeholders as appropriate.

• Regulatory Compliance: Complete compliance documentation and regulatory mapping is available for review by clients and partners with legitimate business requirements.

This policy statement reflects our commitment to protecting client data and privacy, while enabling evidence-based research and maintaining the highest standards of professional service.

*****

DATE OF PUBLICATION: AUGUST 8th, 2025.

FEEDBACK ON THIS POLICY CAN BE EMAILED TO OFFICE@CRAIGHEADKELLAS.COM

EXECUTIVE SUMMARY

Our information technology management framework reflects our view of technology as an intelligence enabler that must be governed by the highest standards of security, regulatory compliance, and operational excellence.

Our approach recognizes that modern evidence-based research requires sophisticated technology integration that encompasses secure computing environments, protected data storage systems, advanced analytical platforms, and comprehensive communication technologies that support both traditional research methodologies and cutting-edge technology-assisted research.

This policy establishes comprehensive governance structures that align technology decisions with research effectiveness priorities while ensuring data integrity, client confidentiality protection, and regulatory compliance across multiple jurisdictions including UAE cybersecurity standards, UK information security requirements, and sector-specific obligations that affect varied client base.

Security frameworks integrate network protection, endpoint security, access management, and monitoring capabilities through recognized standards and industry best practices, with controls proportionate to information sensitivity and enhanced measures for privileged access to critical systems and sensitive client data.

Technology vendor management, cloud computing governance, business continuity planning, and incident response procedures ensure operational resilience while maintaining client confidentiality during emergencies, supported by comprehensive audit and monitoring capabilities that track system performance, security events, and compliance adherence.

The framework encompasses the complete technology lifecycle from strategic planning through system development, deployment, operation, refresh, and secure retirement, all supported by comprehensive staff training and competency development that ensures effective utilization of technology capabilities in support of research excellence and client service delivery.

I. POLICY FOUNDATION

We are committed to an evidence-based practice and ensuring robust information technology management to enable it while maintaining the highest standards of security, reliability, and regulatory compliance.

Our IT management approach supports technology-assisted research through secure, scalable, and professionally managed technology infrastructure that enhances rather than constrains our analytical capabilities and client service delivery.

II. TECHNOLOGY GOVERNANCE

Strategic Alignment

Our information technology systems are designed and managed to support evidence-based research operations and client engagement areas, enabling advanced analytical capabilities while maintaining appropriate security and compliance standards. Technology decisions prioritize research effectiveness, data integrity, and client confidentiality while supporting international operations and regulatory requirements.

Infrastructure Management

Our technology infrastructure encompasses secure computing environments, protected data storage systems, advanced analytical platforms, and communication technologies that support both traditional research methodologies and technology-assisted analysis. Infrastructure design emphasizes reliability, scalability, and security appropriate to the sensitivity of client interests we serve.

Our technology systems are subject to regular monitoring, maintenance, and upgrade procedures that ensure continued operational effectiveness and security posture. Performance metrics and capacity planning support consistent service delivery and anticipate future requirements based on business growth and technological evolution.

III. SECURITY FRAMEWORK

Information Security Management

We maintain information security controls that protect both our intellectual property and client information throughout the technology lifecycle. Security measures are implemented according to recognized frameworks and industry best practices, with controls proportionate to the sensitivity and regulatory requirements of the information being processed.

Security controls encompass network protection, endpoint security, access management, and monitoring capabilities designed to prevent unauthorized access, detect potential threats, and enable rapid response to security incidents. Regular security assessments and penetration testing validate the effectiveness of implemented controls.

Access Management

Technology access is governed by need-to-know principles with role-based permissions that limit system and data access to authorized personnel with legitimate business requirements. Multi-factor authentication and secure credential management protect against unauthorized access while supporting operational efficiency for research activities.

Privileged access to critical systems and sensitive information is subject to enhanced controls including session monitoring, approval workflows, and comprehensive audit logging. Regular access reviews ensure permissions remain appropriate to current roles and business requirements.

Technology Vendor Management

Third-party technology services and solutions are subject to comprehensive due diligence, contractual security requirements, and ongoing performance monitoring to ensure consistency with our security standards and client protection requirements. Vendor relationships include clear data handling obligations, security incident notification requirements, and termination procedures.

Cloud computing services are selected and configured to meet appropriate security standards, data residency requirements, and regulatory compliance obligations. Cloud security configurations are regularly reviewed and updated to address evolving threats and regulatory requirements.

IV. RESEARCH TECHNOLOGY INTEGRATION

Technology-Assisted Research Platforms

We maintain specialized technology platforms that enhance traditional research methodologies through advanced analytical capabilities, automated data processing, and sophisticated visualization tools. These platforms are configured to maintain research data integrity, support audit requirements, and enable comprehensive quality control procedures.

Research technology deployment includes validation procedures that ensure analytical accuracy, bias detection capabilities, and human oversight mechanisms that maintain the primacy of evidence-based judgment in research conclusions. Technology integration supports rather than replaces professional research expertise and analytical reasoning.

Data Management Systems

Research data is managed through secure systems that maintain data integrity, support version control, and enable appropriate access controls throughout the research lifecycle. Data processing procedures include quality validation, backup protection, and secure disposal capabilities when retention is no longer required.

Data integration from multiple sources is subject to validation procedures that ensure accuracy, consistency, and appropriate attribution. Automated data processing includes human verification steps for critical analytical processes and maintains comprehensive audit trails for research transparency.

V. BUSINESS CONTINUITY AND DISASTER RECOVERY

Operational Continuity

We maintain business continuity capabilities designed to ensure continued client service delivery during technology disruptions, natural disasters, or other operational emergencies. Continuity planning includes alternative work arrangements, data backup and recovery procedures, and communication protocols that maintain client confidentiality during disruptions.

Critical technology systems are subject to regular backup procedures with tested recovery capabilities that ensure minimal data loss and rapid restoration of operational capabilities. Recovery objectives are established based on client service requirements and regulatory obligations.

Incident Response

Technology security incidents are addressed through comprehensive response procedures that prioritize containment, assessment, and recovery while ensuring appropriate notification to affected clients and regulatory authorities. Response procedures include forensic investigation capabilities and lessons learned integration into enhanced security measures.

Emergency response procedures include communication protocols, decision-making authority, and coordination with external resources when required. Incident documentation and post-incident analysis support continuous improvement of security and operational procedures.

VI. COMPLIANCE AND REGULATORY REQUIREMENTS

Multi-Jurisdictional Compliance

Our technology systems and procedures comply with applicable regulatory requirements across all jurisdictions where we operate or serve clients, including UAE cybersecurity standards, UK information security requirements, and other frameworks based on client locations and business requirements.

Technology compliance includes data protection requirements, export control obligations, and sector-specific regulations that affect our client engagement areas. Compliance monitoring includes regular assessments, documentation maintenance, and adaptation to regulatory changes.

Audit and Monitoring

Technology systems are subject to comprehensive monitoring that tracks system performance, security events, and compliance with established policies and procedures. Monitoring capabilities include automated alerting, trend analysis, and reporting that supports operational decision-making and regulatory compliance.

Regular technology audits assess the effectiveness of implemented controls, compliance with established policies, and alignment with business requirements and regulatory obligations. Audit results support continuous improvement and strategic technology planning.

VII. TECHNOLOGY LIFECYCLE MANAGEMENT

System Development and Deployment

New technology systems and significant modifications to existing systems are subject to comprehensive planning, testing, and approval procedures that ensure security, reliability, and compatibility with existing operations. Development procedures include security requirements, quality validation, and user acceptance testing.

Technology deployment includes comprehensive documentation, staff training, and transition procedures that minimize operational disruption while ensuring effective utilization of new capabilities. Post-deployment monitoring validates system performance and user adoption.

Technology Refresh and Retirement

Technology systems are subject to regular lifecycle assessment that evaluates continued effectiveness, security posture, and alignment with business requirements. Refresh planning ensures timely replacement of aging systems before performance or security degradation impacts operations.

System retirement includes secure data migration, comprehensive data destruction, and license management that protects client information and intellectual property while managing costs and regulatory compliance. Retirement procedures include validation of data destruction and documentation of disposal activities.

VIII. TRAINING AND AWARENESS

Staff Technology Competency

All personnel receive comprehensive training on technology systems, security procedures, and acceptable use policies appropriate to their roles and access levels. Training includes initial onboarding, regular updates on policy changes, and specialized instruction for advanced system users.

Technology awareness programs ensure staff understanding of emerging threats, regulatory requirements, and best practices for technology use in research environments. Regular assessments validate staff competency and identify additional training requirements.

Incident Reporting and Response

Staff are trained to recognize and report potential technology security incidents, system problems, and policy violations through established reporting channels. Clear escalation procedures ensure rapid response to critical issues while protecting against both internal and external threats.

IX. POLICY GOVERNANCE

• Policy Authority: Craighead Kellas Limited

• Effective Date: 14 August 2025

X. DETAILED DOCUMENTATION

• Comprehensive Procedures: Detailed technology management procedures, technical specifications, and operational protocols are available upon request for authorized personnel with legitimate business requirements.

• Implementation Guidelines: Specific technical controls, system configurations, and compliance procedures are maintained separately and provided to relevant stakeholders as appropriate.

• This policy reflects our commitment to leveraging advanced technology capabilities while maintaining the highest standards of security, reliability, and professional service in support of evidence-based practice.

DATE OF PUBLICATION: AUGUST 10th 2025.

FEEDBACK ON THIS POLICY CAN BE EMAILED TO OFFICE@CRAIGHEADKELLAS.COM

Last Updated: 27 August 2025

1. Policy Statement

We are committed to upholding the highest standards of ethical conduct and integrity in all our business activities. We have a zero-tolerance approach to modern slavery and human trafficking in all its forms. We are committed to acting ethically and with integrity in all our business dealings and relationships and to implementing and enforcing effective systems and controls to ensure modern slavery is not taking place anywhere in our own business or in any of our supply chains.

This policy is made pursuant to section 54(1) of the Modern Slavery Act 2015 and constitutes our slavery and human trafficking statement for the current financial year.

2. Scope

This policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives, and business partners.

3. Our Business and Supply Chains

As a provider of specialised research, intelligence, and strategic counsel, our business model is centred on professional services. Our supply chain is primarily composed of providers of professional services, software, IT hardware, and standard office facilities. While we assess our direct operations to be at a low risk of modern slavery, we recognise that risks may exist further down the supply chain, particularly in the manufacturing of electronics and other goods we procure.  

4. Responsibilities and Due Diligence

• Corporate Commitment: We are committed to ensuring there is no modern slavery or human trafficking in our supply chains or in any part of our business. Our internal policies and procedures are designed to assess and manage these risks effectively.

• Risk Assessment: We conduct risk assessments to identify and evaluate potential modern slavery risks within our operations and supply chain. We focus on high-risk areas, such as the geographical location of suppliers and the nature of the goods or services provided.

• Supplier Adherence: We expect all those in our supply chain to comply with our values. As part of our contracting processes, we include specific prohibitions against the use of forced, compulsory, or trafficked labour, or anyone held in slavery or servitude, and we expect that our suppliers will hold their own suppliers to the same high standards.

• Employee Responsibility: All employees have a responsibility to be alert to the risks, however small, in our business and in the wider supply chain. Staff are expected to report concerns and management are expected to act upon them.

5. Training and Awareness

To ensure a high level of understanding of the risks of modern slavery and human trafficking in our supply chains and our business, we provide training to relevant members of staff. All directors have been briefed on the subject.

6. Reporting and Whistleblowing

We encourage all our workers, customers, and other business partners to report any concerns related to the direct activities, or the supply chains of, the organisation. This includes any circumstances that may give rise to an enhanced risk of slavery or human trafficking. Our whistleblowing procedure is designed to make it easy for workers to make disclosures, without fear of retaliation.

7. Review

This policy will be reviewed by the company’s directors on an annual basis and updated as required.

Last Updated: 27 August 2025

1. Policy Statement

It is our policy to conduct all of our business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly, and with integrity in all our business dealings and relationships, wherever we operate. We will uphold all laws relevant to countering bribery and corruption, including the UK Bribery Act 2010.  

2. Scope

This policy applies to all persons working for us or on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives, and business partners.  

3. Definitions

A bribe is a financial or other inducement or reward for action which is illegal, unethical, a breach of trust, or improper in any way. Bribery includes offering, promising, giving, accepting, or seeking a bribe. All forms of bribery are strictly prohibited. This includes so-called "facilitation payments" to government officials to speed up routine procedures.  

4. Prohibited Conduct

You must not:

• Give, promise to give, or offer, any payment, gift, hospitality, or other benefit in the expectation that a business advantage will be received in return, or to reward any business advantage already received.

• Accept any offer from a third party that you know or suspect is made with the expectation that we will provide a business advantage for them or anyone else in return.  

• Give or offer any payment to a government official in any country to facilitate or speed up a routine or necessary procedure.

• Threaten or retaliate against another individual who has refused to offer or accept a bribe or who has raised concerns under this policy.

5. Gifts and Hospitality

This policy does not prohibit the giving or accepting of reasonable and appropriate hospitality for legitimate purposes such as building relationships, maintaining our image or reputation, or marketing our services.  

A gift or hospitality will not be appropriate if it is unduly lavish or extravagant, or could be seen as an inducement or reward for any preferential treatment. Gifts must not include cash or a cash equivalent (such as vouchers) and must be given in our company name, not your personal name.  

All gifts and hospitality given or received must be declared and recorded in our central register.

6. Record-Keeping

We must keep financial records and have appropriate internal controls in place which will evidence the business reason for making payments to third parties. All accounts, invoices, and other records relating to dealings with third parties, such as clients, suppliers, and business contacts, should be prepared with strict accuracy and completeness.  

7. Raising a Concern

If you are offered a bribe, are asked to make one, or if you suspect that any bribery, corruption, or other breach of this policy has occurred or may occur, you must notify your manager or report it in accordance with our Whistleblowing Policy as soon as possible.

8. Review

This policy will be reviewed by the company’s directors on an annual basis and updated as required to ensure it remains effective.