Governance Performance
Strengthening Governance Through Scalable, Secure Tech Leadership
As part of our commitment to sustainable growth and operational excellence, EcoOnline has made a significant investment in bolstering our IT leadership. By expanding our expertise in cybersecurity, data infrastructure, and responsible technology, we are laying the foundation for a more resilient and future-ready organisation.
"I’m excited to have joined EcoOnline, where we’re focused on driving growth and empowering our teams to deliver best-in-class products and services for our customers. Together, we’re committed to building a sustainable, scalable and secure IT infrastructure and elevating our approach to data and systems. Looking ahead, our 2025 roadmap will keep us aligned with our group ESG commitments and ensure we’re delivering impact with purpose."
– James Fleming, SVP IT Operations
Promoting Ethical Practices
Policies and Whistle-Blowing Initiatives
We are committed to upholding various policies that guide our governance practices. These have been approved by senior management and the Board, and include our Code of Conduct, Modern Slavery Statement, Data Protection Policy and Information Security Policy. These policies ensure that our operations are conducted with integrity, compliance and protection of data and information.
In line with our dedication to ethical practices, we also have a whistle-blowing policy, which encourages employees to report any concerns or suspicions regarding unethical behaviour or non-compliance, providing a safe and confidential channel for disclosure.
EcoOnline's policy on workplace harassment, equal pay, and whistleblower protection reflects our commitment to creating a safe, inclusive, and ethical work environment for all employees.
We provide training on anti-corruption and anti-bribery policies through yearly e-learning programs for existing employees, and it is included in onboarding processes for new starters.
Cybersecurity
Cybersecurity is a critical component of EcoOnline’s commitment to responsible and sustainable operations. We are continuously enhancing our security posture to align with the standards set by Cyber Essentials and ISO 27001 certification.
We maintain a incident response plan and regularly review our protocols based on recent security events to ensure readiness and resilience. All employees receive mandatory, ongoing cybersecurity training, with a strong focus on identifying and preventing social engineering threats.
Maintaining ISO Certification Excellence
The continuous work to retain our ISO certifications is led by the Director of Standards & Certification. In 2024 we successfully retained our ISO 9001, 22301, and 27001 certifications.
These certifications provide tangible evidence of our dedication to meeting and exceeding customer expectations, maintaining business continuity, safeguarding sensitive information, and positioning ourselves as a trusted partner. By attaining these certifications, we continuously strive for operational excellence, ensuring the highest standards of quality, resilience, and information security in all our endeavours.
The scope of the certifications includes our products and physical locations. All employees are required to read the policies regularly and enrol in training when asked.
Driving Sustainable & Responsible Technology Use
As a SaaS company, the tools and infrastructure we rely on—data centres, software applications, and everyday hardware—are foundational to how we operate safely, securely, and sustainably. To enhance our commitment to responsible consumption and reduce our environmental impact, we are focusing on the following key initiatives:
1. Sustainable Vendor Onboarding:
Evaluating ESG credentials of vendors to ensure we partner with organisations committed to sustainability.
2. Optimised Data Refreshing:
Reducing computer power usage by updating data in our warehouse only when necessary (e.g. every 2 hours instead of every 5 minutes).
3. Sustainable Office Operations:
Minimising energy waste by ensuring IT equipment is only active during reasonable office hours (e.g. disabling access points and printers from 10 PM to 6 AM).
4. Purposeful Procurement:
Implementing the 'WWWH' approach—What are we buying, why are we buying it, who are we buying from, and how are we acquiring it to avoid over-purchasing and optimise our resources.
5. Global IT Equipment Recycling:
Ensuring responsible recycling and disposal of IT equipment across all countries where we operate.
6. Software Usage Optimisation:
Continuously assessing our software utilisation to right-size our tools for our business needs. Using external software to manage usage and license volume across the company, ultimately reducing carbon emissions and cost.
A Showcase of Our Commitment to Quality and Security
ISO 9001: 2015
Quality management
At EcoOnline, we pride ourselves on delivering products and services of the highest quality to our customers. Our ISO 9001 certification is a testament to our commitment to maintaining robust quality management systems.
ISO 22301: 2019
Security and resilience
Through our ISO 22301 certification, we demonstrate our commitment to ensuring uninterrupted service delivery to our customers, even in challenging circumstances. We have implemented robust measures to identify and assess risks, develop business continuity plans, and regularly test and update our response strategies.
ISO/IEC 27001: 2013
Information security
By holding ISO 27001 certification, EcoOnline demonstrates our unwavering commitment to safeguarding information assets and maintaining the trust and confidence of our customers. We are dedicated to protecting their data and ensuring that it always remains secure and confidential.