Ethics & Compliance
We set the highest professional and personal expectations.
Report an Ethics Concern
We take every report seriously and have zero tolerance for retaliation of any kind against individuals who, in good faith, raise questions or report concerns.
We set the highest professional and personal expectations.
Leidos is known for maintaining the highest standards of integrity and ethical behavior. Our robust policies, procedures, training, and communications creates a comprehensive program, cultivating a culture of integrity that touches every aspect of employee conduct.
We have a strong history of performance resting on our foundation of integrity. This foundation supports an environment where ethics and compliance is everyone's responsibility. Leidos employees proudly embrace these standards through their work and interactions. Managers at all levels must model the behavior they expect from their teams, and reinforce those values to promote a strong ethical culture within their organizations.
Leidos is recognized by the Ethisphere Institute as a global leader in defining and advancing the standards of ethical business practices, specifically as one of the World’s Most Ethical Companies. This honor underscores the company’s commitment to leading with integrity and prioritizing ethical business performance.
The Leidos foundation was built on a commitment to ethics since the company’s inception in 1969.
Ethical conduct is a hallmark of our business and we commit to corporate integrity and compliance throughout all levels of the company. Leidos established ethics and compliance as a cornerstone of employee behavior by forming the Employee Ethics Council (EEC) in 1984. Comprised of representatives from across the enterprise, the EEC seeks to embed ethics into our business culture. It is an important resource and a strong part of the Leidos Ethics and Compliance Program. The EEC exchanges information, discusses best practices, and presents concerns of interest to the enterprise. EEC members also serve as one of the eight channels for employees to report violations of the Leidos Code of Conduct and other ethics concerns.
Leidos pioneered a number of industry best practices in developing its Ethics and Compliance Program. As one of the early signatories to the Defense Industry Initiative on Business Ethics and Conduct (DII), Leidos is now considered a leader among the nearly 80 companies that comprise the DII. Leidos is also unique in its long history of Board-level ethics oversight. In 1988, the Board of Directors created the Ethics and Corporate Responsibility Committee (ECRC), currently known as the Corporate Ethics and Governance Committee (CGEC), comprised of board members responsible for reviewing and recommending policies and procedures that maintain a business environment committed to high standards of ethics, integrity, sustainability, and legal compliance. The Board’s close oversight of the company’s Ethics and Compliance Program is now considered to be a best practice in the defense industry.
In 2005, Leidos created a senior management position to oversee the Ethics and Compliance Program. Today, the Senior Vice President, Chief Ethics & Compliance Officer, reports to the Chief Executive Officer and the Board Chair of the CGEC. Through comprehensive training, continuous communications and leadership actions, these efforts help to embed a values-based program into everyday activities across the enterprise.
The Leidos Ethics and Compliance Program seeks to continuously strengthen our culture of uncompromising integrity by promoting ethics through a variety of initiatives.
Combining policies, procedures, training and communications, the Leidos Ethics and Compliance Program is comprehensive and touches every aspect of employee conduct. Current employees stand on the shoulders of those who founded the company in 1969 and who established its solid reputation over the decades. The company’s continued success stems from a culture that recruits and retains outstanding individuals committed to preserving our reputation.
Policies and Procedures
The Code of Conduct is the basis of Leidos corporate policies and practices and is designed to promote ethical business conduct and compliance with the law. All employees are required to conduct all business affairs ethically and to comply with the Code. The Leidos core values of integrity, innovation, agility, collaboration, and commitment are emphasized in the Code and are the foundation of our culture.
The Standards of Business Ethics and Conduct at Leidos is the foundational policy of the Ethics and Compliance Program. The Ethics Review Board (ERB), an executive management committee, meets quarterly in conjunction with an Audit Review Board and Enterprise Risk Management Committee, to review significant enterprise ethics and compliance matters and strengthen the ability to review risks across the company.
The Chief Ethics and Compliance Officer reports to the ERB on a range of issues, including significant ethics cases, trends, disciplinary actions, remedial measures, compliance risks, policy issues, training, communications, and new developments and initiatives. Members of the ERB include the CEO, Chief Financial Officer, General Counsel, Chief Ethics and Compliance Officer, Chief Human Resources Executive, Group Presidents and corporate functional executives.
Corporate Governance and Ethics Committee
The Chief Ethics and Compliance Officer reports quarterly to the Corporate Governance and Ethics Committee Chair (CGEC), a long-standing Leidos Board of Directors committee. The CGEC charter establishes its oversight of ethics policies and practices, including ethics training, case trends disciplinary actions, and conflicts of interest. In order to provide effective oversight, the CGEC keeps itself knowledgeable about ethics and compliance conditions and trends in the broader industry and within Leidos.
The CGEC also reviews policies and practices in the areas of sustainability, including the safety and protection of the environment; charitable contributions; and political, social and environmental issues that may affect the company's business operations, performance, public image or reputation.
Employee Ethics Council
The ethics and compliance function is further assisted by members of the Leidos Employee Ethics Council (EEC), who work closely with line managers to identify and resolve ethics and compliance issues in their organization. Established in 1984 and comprised of diverse representatives from each group across the enterprise, the EEC is an important resource and part of the Leidos Ethics and Compliance program. EEC members serve as one of the eight channels for employees to report violations of the Leidos Code of Conduct and other ethics concerns.
The Ethics and Compliance Office promotes a culture of integrity at Leidos. The office provides ethics and compliance training, communications, and guidance to create a transparent environment and informed employee population. Each year, the Ethics and Compliance Office endeavors to find new and innovative ways to underscore the importance of ethical decision-making for all employees. Using robust communications campaigns, the program routinely publishes a variety of ethics and compliance-related information by email directly to employees and also on the Leidos intranet. Articles and announcements posted to the intranet include sections for employees to provide comments and feedback.
Reporting Channels and Case Management
Leidos has an established process for reporting observed or suspected misconduct or any employee grievance that is widely advertised and promotes eight separate channels for employees and others to report a concern or simply to ask for guidance. The available reporting options are:
- Their supervisor or other individual in the management chain.
- Their Group Ethics Director, the Director of Investigations or the Chief Ethics and Compliance Officer
- Their local Human Resources representative, the Workforce Solutions Director or the Chief Human Resources Officer.
- The Employee Ethics Council.
- The Leidos Hotline at 855-7-LEIDOS (855.753.4367), which connects employees to an independent third-party provider, EthicsPoint, or by online submission of their concern at LEIDOS.ETHICSPOINT.COM (international hotline numbers are available to employees on our Ethics and Compliance intranet hub).
- The General Counselor Chief Security Officer.
- The Chairman and CEO
- The Board of Directors via the Lead Director of the Leidos Board of Directors, the Corporate Governance and Ethics Committee Chair or the Audit and Finance Committee Chair.
Independent case management of every assigned ethics and compliance case is crucial to the successful execution of the program's goals. This bedrock concept ensures that all issues are appropriately investigated and impartially adjudicated. Before closure, all reported cases are thoroughly reviewed by an independent and objective subject matter expert.
The company has zero tolerance for retaliation in any form. Leidos supports those who speak up and the company has always encouraged its employees to report any legal or ethical misconduct without fear of retaliation. Those who engage in retaliation will face disciplinary action, up to and including termination of employment. Anyone who asks questions or reports concerns in good faith will be protected. We are committed to complying with the employee whistleblower protections contained in the Federal Acquisition Regulation (FAR) and the Department of Defense FAR Supplement (DFARS) as well as the anti-retaliation provisions of all applicable laws that prohibit discrimination in the workplace.
Ethics Program Update
Ethical business conduct is the responsibility of every employee. In fact, integrity is the first of the five stated Leidos values that employees both currently emulate and also aspire to further exemplify. Leidos defines this value of integrity as “having the courage to make tough ethical decisions, taking pride in our work, being transparent with our team, and being respectful of everyone.” The Code of Conduct and annual Ethics Awareness training reinforce Leidos’ core values and provides important information related to many key compliance and risk areas. The Code and training are updated annually and Chairman and CEO, Roger Krone, delivers strong messages in both regarding ethical behavior and accountability.
Leidos has consistently achieved a Code of Conduct certification and Ethics Awareness training completion rate of 100 percent. This exceptionally high rate demonstrates the company’s focus on and prioritization of employee ethics training. Ethics Awareness training must be undertaken by all employees, including part-time employees, every year.
Notably, Leidos engages in an ongoing ethics and awareness campaign to focus all employees on the necessity of ethical behavior and to emphasize its commitment that ethics concerns will reach the right people, that swift corrective action will be taken in valid ethics cases, and that the company has zero tolerance for retaliation of any kind.
The campaign message is simple and clear: Protect Leidos and customer assets; foster a safe and healthy work environment; deal fairly and honestly with customers, third parties and public officials; conduct international business properly; report misconduct; and protect colleagues from retaliation. In sum, do the right thing every day. Leidos leadership and the Ethics and Compliance Office remain focused on increasing employees' understanding of how the Code of Conduct translates into day-to-day work experiences.
Data privacy is integral to our Code of Conduct and employee training programs. Protecting personal information is a commitment we make to our customers and it is an essential part of doing business. Improperly handling Personal Information, even by a single individual, can have serious consequences for our employees, our company, our investors and our customers.
We offer data privacy awareness and compliance programs relating to data security and privacy, as well as tailored training programs related to specific subject matter such as the Health Insurance Portability and Accountability Act (HIPAA). Annual HIPAA training is required for all employees that handle or have access to Protected Health Information.
We integrate data privacy awareness and related obligations into our Code of Conduct. We have a process for identifying customer programs which involve the handling of personal information and we work closely with designated Points of Contact (POCs) to integrate data privacy protection into program execution.
A new Leidos Data Protection Steering Council (DGSC) has been formed, replacing the former Information Protection Council (IPC). The DGSC’s mission is to align the Leidos data management goals, standards, practices and processes with business goals and strategies, while reducing risk of misuse, misappropriation, loss, theft or unauthorized access to various types of unclassified data.
The DGSC is co-chaired by the Chief Privacy Officer (CPO) and Chief Information Officer (CIO) and includes representation from several corporate functions, such as Corporate Security, Information Technology, Legal Department, International Regulatory Compliance, Program Execution, Human Resources, Finance, Contracts, and Communications, as well as from our business groups and non-U.S. entities. It meets monthly to evaluate all aspects of data governance, including data ownership, classification, risk, quality, security, privacy, mapping, retention, quality, unification, access and measurement. Its members serve as proponents of data governance to other members of the Leidos senior leadership team.
In addition, the DGSC has “spun off” several Working Groups, including a Records Retention Working Group, Data Classification Working Group and Cyber Regulatory Working Group.
Our Corporate Information Systems Security Protection Policy, Information Security Plan, and Media Protection Policy cover all information which is deemed proprietary, confidential, subject to regulation or otherwise requiring protection from unauthorized access, acquisition or use.
Information Management Systems and Security Audits
We have a comprehensive Information Security Management System (ISMS) with ISO 27001:2013 certification. Certification covers:
- Business Systems Services
- Collaboration Services
- Data Storage and Backup Services
- Trusted Desktop Services
- Network Services
- Identity and Authentication Services
We have committed to implementing NIST (National Institute of Standards and Technology) 800-171 controls onto our Corporate networks as well as on our program networks where Controlled Unclassified Information (CUI) exists.
We have a formal Incident Management Response Plan that addresses notifications, remediation, and lessons-learned/continuous improvement.
History of Ethics at Leidos
- Formed Employee Ethics Council (EEC) - ethics officers responsible for communications, training, and case management to embed ethics into the business culture.
- Early signatory to Defense Industry Initiatives on Business Ethics and Conduct, committing to self-governance in accordance with the highest standards.
- Pioneered board-level oversight by creating the Ethics and Corporate Responsibility Committee.
- Created the position of senior vice president of ethics and compliance (SVP E&C) in response to revised federal sentencing guidelines.
- Federal government ethics officers applaud Leidos’ (legacy SAIC) case resolution process as a best practice. At Leidos (legacy SAIC), ethics cases are assigned to an independent case manager and subject matter expert investigator. Once the investigation is complete, cases are reviewed by an experienced quality assurance team to ensure thoroughness and objectivity.
- Launched the Targeted Compliance Training Program to supplement the Ethics Awareness Program.
- Reconstituted the EEC, which consists of an ethics officer from every business unit and a key corporate functions, as a representative ethics body.
- Recognized by Ethisphere as one of the “World’s Most Ethical Companies” in the aerospace and defense industry.
- Created the Ethics Review Board, which consists of the CEO and an executive team and meets quarterly to review cases, trends, and policies.
- Elevated SVP of Ethics & Compliance (E&C) to report directly to CEO, strengthening commitment to ethics.
- Launched independent, third-party ethics hotline to further enhance reporting confidentiality.
- Launched an Enterprise Case Management System as a customized central date repository allowing for automated workflow processing, enhanced analytical capability, and more cross-functional collaboration.
- Expanded Ethics and Compliance Program to include group ethics directors, senior investigators, and a dedicated communications lead.
- Strengthened forensic capabilities to better investigate reported cases.
- Implemented root cause analysis as part of every substantiated investigation.
- Created international hotline numbers, with translators available to callers, to support an expanded international presence.
- Launched an enterprise-wide campaign supporting the company’s values-based culture and emphasizing that ethics is not only the responsibility of the (E&C) Office, but also the responsibility of every employee- every employee is an ethics officer at Leidos.
- Promoted quality control and coordinated investigators through bi-weekly meetings with investigators from all investigative functions: Ethics and Compliance, Legal, Internal Audit, Security and Human Resources.
- Recognized by Ethisphere in 2018 and 2019 as one of the “World’s Most Ethical Companies” in the aerospace and defense industry.
Code of Conduct
Leidos has a strong culture of ethics and integrity. Our Code of Conduct is a broad statement of principles for conducting business according to the highest ethical standards. It applies to all Leidos subsidiaries and is available in five languages.
Compliance and Audit
Leidos ethics programs are audited by our Internal Audit Department. The scope of these audits includes assessing compliance with key aspects of the policies and procedures encompassed in our Code of Conduct. These audits generally include, but are not limited to:
- Compliance with contractual requirements
- Financial performance
- Internal Controls and cultural environment
- Supplier Management
- Prior, recurring and current ethics concerns and investigations
Leidos implements risk-based due diligence for any third party intermediaries engaged in international business activities. In addition to initial background investigations conducted by recognized anti-corruption investigation firms, Leidos requires audit rights and additional, more frequent background checks of intermediaries during performance, the frequency and depth of which are determined by numerous risk factors, including but not limited to country risk, industry risk, the intermediary’s history and business profile.