Policies

It is the policy of 3Core² Certification Limited to deliver consistent, reliable, and efficient certification of management systems that meet the highest standards of quality. Our aim is to enable clients to benefit from our company's expertise, integrity, and commitment to excellence.

All enquiries and applications are handled with integrity and confidentiality, with a clear focus on enhancing customer satisfaction. We are committed to maintaining impartial, objective, and fair treatment of all clients.

The pursuit of quality is essential to the long-term growth and success of 3Core² Certification. To achieve this, we believe in working collaboratively with our clients and continually improving our services, internal processes, and management system.

We maintain an effective and continually improving management system aligned to the following international standard:

• ISO/IEC 17021-1:2015 – Requirements for bodies providing audit and certification of management systems

Our management system is defined through this Policy, our Management System Manual, and our supporting documented procedures.

3Core² Certification is fully committed to:

• Complying with all applicable legal, regulatory, and other relevant requirements.

• Periodically evaluating compliance to ensure ongoing conformance and effectiveness.

• Continual improvement of our management system, operational performance, and customer satisfaction.

• Ensuring that no part of the certification activity is outsourced to any other organisation, in alignment with our core principles and risk-based approach.

• Maintaining high levels of professional competence, confidentiality, and customer focus across all activities.

• Maintaining impartiality at all levels of the organisational processes.

Quality Objectives and Performance Monitoring

To support the implementation of this policy and drive improvement:

• Quality objectives are set by top management, in line with the strategic direction of the organisation.

• Objectives are measurable, relevant to our core services, and aligned with client expectations, accreditation requirements, and regulatory obligations.

• Performance against these objectives is monitored and reviewed regularly, with corrective and improvement actions implemented as required.

This Quality Policy is communicated, understood, and applied across all levels of the organisation. All employees are expected to support and contribute to its implementation. The policy is reviewed periodically to ensure it remains relevant and appropriate to the purpose and context of 3Core² Certification.

Donn Houldsworth

Managing Director

3Core² Certification Limited and its Directors, Managers, and Staff fully recognise the critical importance of impartiality in the delivery of its certification, inspection, and compliance activities. We are committed to ensuring that all dealings with clients or potential clients are conducted in a manner that upholds independence, objectivity, and fairness.

To safeguard and demonstrate impartiality, 3Core² Certification Ltd has identified and risk-assessed all relationships that may present a conflict of interest or pose a threat to impartiality. In support of this, the following principles are established and enforced:

Independent Certification Decisions:

• All certifications are granted following review by an authorised and competent member of the team who was not involved in the audit, ensuring impartiality in decision-making.

Consultancy and Internal Auditing Services:

• 3Core² Certification does not and has never provided management system consultancy or internal audit services.

• 3Core² Certification does not own or hold any financial or other interest in companies offering certification, consultancy or internal audit services for management system standards.

• 3Core² Certification will not be marketed or presented in a manner that implies association with management system consultancy.

• Any such misrepresentation identified will be addressed promptly and appropriately.

Separation from other Organisations:

• Any proposed business relationship is subject to a documented risk assessment prior to formalisation. However, 3Core² Certification will not maintain and will not enter into relationships with organisations that may affect the impartiality of our certification processes.

• Existing relationships are reviewed regularly to ensure continued impartiality.

Declaration of Interests:

• All personnel (employees or contractors) are required to declare current and past relationships with clients or related organisations. Any potential conflict of interest must be disclosed and risk assessed.

• Individuals will not be assigned to audits or be involved in decision making where it is identified that a conflict exists.

• Such restrictions will apply for a minimum of two years following the existence of the past relationship, and will always be subject of a risk assessment prior to lifting of those restrictions

Training Services:

• 3Core² Certification does not provide organisation-specific training for the implementation of standards.

• Any training offered is general in nature and available to all interested parties.

Auditor Independence and Pressure Prevention:

• All auditors and personnel involved in certification decisions operate free from internal or external pressure.

• No influence shall be exerted to alter the outcome of an audit.

• No member of staff or sub-contractor will perform any part of an internal audit of their own work to ensure independence of the audit undertaken

Donn Houldsworth

Managing Director

It is the policy of 3Core² Certification Limited to reserve the right to suspend a client's certification by giving the client notice of its intention. The certificate may be suspended or withdrawn if:

• The client's management system has persistently or seriously failed to meet certification requirements.

• The client's management system is no longer compliant with the certified standard(s) and the failure(s) within the management system are so serious that certification can no longer be justified.

• Where the client has failed to address the requirements of any new issues / versions of existing standards (upgrades) and any such failure is so serious that certification can no longer be justified.

• The certified client does not allow surveillance or recertification audits to be conducted at the required frequencies.

• The certified client has voluntarily requested a suspension.

• Failure of a client to comply with the financial requirements of the agreement entered into with 3Core² Certification Ltd. i.e. non-payment of invoices.

• Failure to supply evidence that correction and / or corrective actions have been implemented to address identified failures in the client's management system.

Upon suspension of the certification by 3Core² Certification Ltd. for whatever reason, the client shall be notified in writing and provided with the details of the appeal procedure.

Suspensions will only be lifted following receipt of evidence that the actions needed for 3Core² Certification Ltd. to consider lifting the suspension have been completed within the required timescale, and which are deemed satisfactory upon review.

Donn Houldsworth

Managing Director

PL03 r01 October 2022

Introduction

3core2 Certification Ltd is committed to complying with relevant economic and trade Sanctions laws ("Sanctions") in all jurisdictions in which it operates, as these may apply to its operations, through identifying, mitigating, and managing the risks of both primary and secondary Sanctions violations.

In this Sanctions Compliance Policy ("Policy"), "3core2 Certification Ltd" refers to 3core2 Certification Ltd (a company incorporated in UK 20 May 2019 Registered number 12004687.

Policy Applicability

This Policy applies to:

All employees, officers, directors, and contracted personnel of 3core2 Certification Ltd, and to such other persons as designated by 3core2 Certification Ltd from time to time (each an "Employee", collectively "Employees"); and,

All natural and legal persons (and their respective employees, officers and directors) that perform services for or on behalf of 3core2 Certification Ltd, including without limitation, supply chain business partners, suppliers, consultants, contractors, distributors, and agents (including without limitation, sales agents/representatives) (each an "Associated Person", collectively "Associated Persons").

As a condition of doing business with 3core2 Certification Ltd, 3core2 Certification Ltd will require each Associated Person to accept that this Policy be incorporated into the contract entered into between the Associated Person and 3core2 Certification Ltd .

Contracts and agreements executed between 3core2 Certification Ltd and Associated Persons may contain more specific provisions addressing some of the issues set out in this Policy. Nothing in this Policy is meant to supersede any more specific provision in a particular contract or agreement executed between 3core2 Certification Ltd and an Associated Person, and to the extent there is any inconsistency between this Policy and any other provision of a particular contract or agreement, the provision in the contract or agreement will prevail.

This Policy is intended to supplement and not replace other 3core2 Certification Ltd codes of conduct, policies, rules and procedures that are applicable to Employees and Associated Persons from time to time. If any Employee or Associated Person has any doubt as to the codes, policies, rules and procedures applicable in a given situation, or if any Employee or Associated Person perceives any conflict or inconsistency between this Policy and any other 3core2 Certification Ltd code of conduct or any other 3core2 Certification Ltd policies, rules or procedures, then he/she should raise the issue with, and seek direction from the 3core2 Certification Ltd info@3core2.co.uk. This Policy is a statement of principles and expectations for individual and business conduct. It is not intended to and does not in any way constitute a contract, an employment contract, or assurance of continued employment, and does not create any right in any Employee or Associated Person. The enforcement and interpretation of this Policy rests solely with 3core2 Certification Ltd. This policy only creates rights in favour of 3core2 Certification Ltd. The headings contained in this Policy are for convenience only and shall not be interpreted to limit or otherwise affect the provisions of this Policy. In the event of any conflict between this Policy and applicable mandatory law, the applicable mandatory law shall prevail.

Overview of Sanctions and Prohibited Conduct

Purpose

This Policy sets out 3core2 Certification Ltd ʹs approach to identifying and managing Sanctions‐related risks, including:

Guidance about the meaning of Sanctions and how to comply.

Principles and measures that 3core2 Certification Ltd follows to comply with Sanctions legislation and to identify, mitigate and manage Sanctions risk in the jurisdictions where it operates; and,

Consequences of failing to comply with this Policy.

This Policy applies to all countries and/or jurisdictions in which 3core2 Certification Ltd operates and extends to any additional countries and/or jurisdictions where 3core2 Certification Ltd commences operations and/or has an active registration or license.

Meaning of Sanctions and How to Comply

Sanctions are laws and regulations enacted by governments (such as the government of the United States (ʺU.S.ʺ), international organisations (such as the United Nations (ʺU.N.ʺ)) and supernational bodies (such as the European Union (ʺE.U.ʺ)) to promote foreign policy and other objectives, including:

• limiting the adverse consequences of a situation of international concern (for example, by denying access to military or paramilitary goods, or to goods, technologies or funding that enable international terrorism or the proliferation of weapons of mass destruction);
• seeking to influence other persons or governments to modify their behaviour; and
• penalizing other persons or entities (for example, by blocking or ʺfreezingʺ their assets, or denying access to international travel or to the international financial system). Sanctions are intended to deter a range of activities, which may include political or military aggression, providing sanctuary for criminals and terrorists, developing nuclear or other weapons programs, and abusing human rights.

Sanctions are implemented largely by prohibiting companies and individuals from doing business with persons, entities, countries and governments that are the targets of the Sanctions. Such restrictions can include:

• export bans, import bans and prohibitions on the provision of certain specified services;
• prohibiting certain commercial activities (such as joint ventures and other investment);
• barring the transfer of funds to and from a sanctioned country;
• targeted financial Sanctions, which include freezing the assets of and prohibiting any dealings with a government, country, or territory, and designated entities and individuals;
• travel bans;
• other financial restrictions.

One key method of imposing Sanctions is to designate a country, territory, government, individual or entity as a target of Sanctions (a ʺSanctions Targetʺ). For example, the United States publishes a list of Specially Designated Nationals (or ʺSDNsʺ), which includes individuals and entities. In general, persons subject to U.S. jurisdiction must block (or freeze) any assets of an SDN within the U.S. personʹs possession or control, and may not have any dealings with, or provide any services to, an SDN. The United States also imposes economic sanctions and embargoes that target geographic regions and governments; some programs are comprehensive in nature and block the government and include broad‐based trade restrictions, while others target specific individuals and entities. In non‐comprehensive programs, there may be broad prohibitions on dealings with countries, and also against specific named individuals and entities.

Most Sanctions regimes prohibit actions taken to circumvent applicable Sanctions or to facilitate activities by another person or entity that would violate Sanctions if undertaken directly. Employees and Associated Persons shall be careful not to inadvertently violate sanctions by facilitating or brokering a transaction that would be prohibited if conducted by 3core2 Certification Ltd. Employees and Associated Persons cannot facilitate, swap, approve, finance, or broker any transaction or activity if such transaction or activity would be prohibited if performed by 3core2 Certification Ltd. This prohibition also includes referrals to a foreign person of business opportunities involving any nation subject to comprehensive sanctions or any persons designated on an SDN list. Example: if an Employee or Associated Person introduces a person from a Sanctioned Country (with whom no business can be made as per applicable Sanctions) to a foreign person for the purpose of facilitating or fostering a business opportunity, then that Employee or Associated Person would be in violation of the ʺfacilitationʺ clause of the Sanctions.

Moreover, some Sanctions regimes have extraterritorial applications, such that they may be extended to persons abroad who cause a domestic person to violate Sanctions, for example, by removing SDN‐ identifying information from funds transfers or other business records so that a domestic person cannot properly screen the transaction for Sanctions violations.

3core2 Certification Ltd 's principles and measures to comply with Sanctions and to identify, mitigate, and manage Sanctions risk

Key Principles

The following key principles govern 3core2 Certification Ltd 's approach to Sanctions and export controls. All other requirements in this document are to be read in the context of these principles. In the event of a conflict between principles and requirements, the principles will prevail.

3core2 Certification Ltd maintains a Sanctions policy to meet obligations under Sanctions regimes of the jurisdictions in which it operates, is registered and/or licensed

3core2 Certification Ltd complies with the requirements of the UK, U.S., U.N. and E.U. Sanctions regimes (whenever these apply to its operations) wherever it operates, and will not undertake any business that would breach those Sanctions regimes.

In addition to complying with the requirements of the UK, U.S., U.N. and E.U. Sanctions regimes (whenever these apply to its operations), 3core2 Certification Ltd complies with other Sanctions regimes whenever they apply to particular 3core2 Certification Ltd operations and will not undertake any business that would breach those Sanctions regimes.

3core2 Certification Ltd also considers Sanctions regimes imposed by other jurisdictions where the facts of the transaction make it appropriate to do so.

3core2 Certification Ltd may decide not to provide products or services even where it is permitted by law, particularly where the circumstances presents a reputational risk.

3core2 Certification Ltd will not undertake any business that would breach any export laws that apply to it.

Measures to Comply with Sanctions

Before engaging in any commercial relationship or transaction, 3core2 Certification Ltd ensures that these relationships and transactions comply with applicable UK, U.S., U.N., and E.U. Sanctions laws, by screening those individuals or entities against the SDN list and other relevant Sanctions lists.

3core2 Certification Ltd shall also screen its transactions as to potential violations on country specific sanctions.

The level of screening and due diligence undertaken depends on the risk profile of the particular relationship or transaction, with enhanced screening and diligence undertaken where the risks are greater. For example, where a relationship or transaction is with an internationally recognised individual or business in a country or countries that are not subject to Sanctions, a lower standard or diligence may be applied. Conversely, where a relationship or transaction is with an individual or business located in a high‐ risk jurisdiction, enhanced due diligence must be undertaken.

In carrying out such screening, 3core2 Certification Ltd may rely on information provided to it by its customers and business partners unless it is aware or suspects that those customers and business partners, or the information provided, is unreliable or dishonest, or relates to a high‐risk jurisdiction.

Contracts with Associated Persons must include provisions (i) representing that the Associated Person is not itself an SDN or otherwise the subject or target of Sanctions; (ii) requiring compliance with UK, U.S., U.N. and E.U. Sanctions laws and with this Policy, (iii) requiring that its Associated Persons do not engage in or facilitate any business activity that would lead 3core2 Certification Ltd to breach any applicable Sanctions obligations; and (iv) permitting 3core2 Certification Ltd to exit the contract if the Associated Person violates its contract with 3core2 Certification Ltd or this Policy, or becomes an SDN or otherwise the subject or target of Sanctions.

Neither 3core2 Certification Ltd nor any Employee shall engage in any commercial relationship or transaction that directly or indirectly involve:

• countries that are subjects or targets of Sanctions ("Sanctioned Countries"); or,
• nationals of Sanctioned Countries;

unless the contemplated commercial relationship or transaction has been screened and cleared for action in accordance with the applicable 3core2 Certification Ltd sanction screening systems, processes and procedures that are implemented by 3core2 Certification Ltd from time to time. For clarity, the fact that a country is a Sanctioned Country or a person is a national of a Sanctioned Country does not automatically mean that 3core2 Certification Ltd or an Employee cannot engage in any commercial relationship or transaction involving any such Sanctioned Country or person; however the transaction or commercial relationship intended by 3core2 Certification Ltd or the Employee would first need to be thoroughly screened by 3core2 Certification Ltd to ensure that it does not breach any Sanctions related legal obligation. If in doubt advice should always be obtained from the 3core2 Certification Ltd (info@3core2.co.uk).

From time to time relevant Employees shall be informed by 3core2 Certification Ltd of those countries that are Sanctioned Countries. Because Sanction programs are dynamic and constantly changing, the countries that are Sanctioned Countries can change quickly; 3core2 Certification Ltd regularly reviews the UK, U.S., U.N. and E.U. Sanction regimes, and may update the list of Sanctioned Countries at any time.

Associated Persons shall also ensure that they do not engage in any commercial relationship or transaction that directly or indirectly involve countries that are subjects or targets of Sanctions and nationals of such countries unless the commercial relationship or transaction would have been screened and cleared for action in accordance with the applicable screening procedures and processes implemented by each Associated Person. Associated Persons shall at all times have in place systems, processes, policies and procedures to ensure compliance with this limitation. If in doubt as to whether any commercial relationship or transaction conducted by an Associated Person violates this policy, the Associated Person shall notify 3core2 Certification Ltd as soon as practicable.

For clarity and avoidance of any doubt

all commercial relationships and transactions, directly or indirectly, involving Sanctioned Countries and nationals of Sanctioned Countries shall be immediately cancelled and/or not pursued until screened and cleared for action in accordance with the applicable 3core2 Certification Ltd sanction screening systems, processes and procedures that are implemented by 3core2 Certification Ltd from time to time; and

commercial relationship and transactions with persons whose name is not on a list of Specially Designated Nationals may still be prohibited if that commercial relationship or transaction directly or indirectly, involves Sanctioned Countries and nationals of Sanctioned Countries. In such cases commercial relationships and transactions shall also be immediately cancelled and/or not pursued until screened and cleared for action in accordance with the applicable 3core2 Certification Ltd sanction screening systems, processes and procedures that are implemented by 3core2 Certification Ltd from time to time.

Employees and Associated Persons must not facilitate activities by any persons, including customers and passengers, that involve Sanctioned Countries or nationals of Sanctioned Countries, including by referring such business to other persons or entities.

If any Employee or Associated Person becomes aware of an actual or potential breach or a Sanctions regime, then he/she must notify the 3core2 Certification Ltd immediately. 3core2 Certification Ltd will then assess any notification received in the list of, amongst other things, any applicable reporting legal obligations binding 3core2 Certification Ltd.

Obligations of Employees and Associated Persons

Employees and Associated Persons must read and apply this Policy and must ensure compliance with this Policy.

The relevant 3core2 Certification Ltd units/departments dealing with customers suppliers and other business partners/counterparties shall screen and perform due diligence on each prospective customer, passenger, suppliers and potential business partner/counterparty. If there is any doubt whether screening and due diligence has been conducted with respect to any such person or entity, the 3core2 Certification Ltd Director must be contacted immediately.

Under no circumstances may an Employee or Associated Person act to avoid Sanctions obligations or detection of a relationship or transaction that would breach this Policy. 3core2 Certification Ltd and Employees and Associated Persons cannot advise customers or others as to how transactions may be structured or presented to evade applicable Sanctions or this Policy. This includes, but is not limited to, advising customers and others to amend any information or documents to include false or misleading information, to omit accurate information, or changing, removing or omitting information from a transaction or any business record that would otherwise lead to detection of a Sanctions issue.

Employees and Associated Persons may be subject to the Sanctions laws not only of the country or countries in which they live and work, but also of the country or countries of which they are a citizen, permanent resident, or visa holder. In addition, mere presence in a country, or even on a transitory basis, generally will make the Employee or Associated Person subject to the laws of that country while they are within or transiting through it. It is the responsibility of each Employee and Associated Person to understand and meet their Sanctions obligations as a citizen of a particular country or as a result of their presence in a particular country. Questions about particular circumstances should be directed to the 3core2 Certification Ltd Compliance Director. Depending on such circumstances, 3core2 Certification Ltd may require the Employee or the Associated Person to adhere to certain practices to ensure that 3core2 Certification Ltd adhere to certain practices to ensure that 3core2 Certification Ltd and the individual Employee or Associated Person comply with all applicable Sanctions requirements.

Consequences of Failure to Comply

Failure to comply with relevant Sanctions laws would constitute a breach of legal and/or regulatory requirements, and can expose 3core2 Certification Ltd to significant reputational damage, legal and regulatory actions, and financial loss, and can expose individual Employees or Associated Persons involved in any violation to substantial fines and imprisonment.

3core2 Certification Ltd has a zero tolerance approach to intentional violation of this Policy or applicable Sanctions regimes. If an Employee fails to comply with this Policy, then he/she may be subject to disciplinary action that may include dismissal from employment. Disciplinary measures will depend on the circumstances of the violation and will be applied in a manner consistent with 3core2 Certification Ltd 's policies. In addition, Employees who violate the law during the course of their employment may also be subject to criminal and civil action.

3core2 Certification Ltd may terminate a business relationship with any Associated Person (including terminating all contracts and agreements in force between 3core2 Certification Ltd and any such Associated Person) by means of written notice to the Associated Person, with immediate effect, without need of judicial recourse, and without liability for compensation or damages (whether direct and/or indirect) of any type or nature in favour of the said Associated Person, in the event that: i. the Associated Person fails to comply with any provision in this Policy and fails to remedy (if such a failure is remediable) that failure within 10 days of the Associated Person being notified in writing of the failure; or, ii. the Associated Person becomes a Specially Designated National or the subject or target of Sanctions.

Audits

Each Associated Person shall, without expense to 3core2 Certification Ltd, provide access (with appropriate prior notice from 3core2 Certification Ltd ) to all relevant documents, records, systems, processes, policies and procedures in order to enable 3core2 Certification Ltd (or its third party professional representatives) to audit and verify compliance by the Associated Person with this Policy. If an audit shows that an Associated Person is in breach of this Policy then the Associated Person shall, without delay, implement the necessary corrective action (if the breach can be corrected) determined by 3core2 Certification Ltd.

Revisions and Enquiries

3core2 Certification Ltd will unilaterally review this Policy on a regular basis at its absolute discretion, and will introduce revisions where necessary or appropriate. 3core2 Certification Ltd may also issue addenda, guidelines and memoranda from time to time to supplement this Policy.

For enquiries or any other matter relating to this Policy, the 3core2 Certification Ltd info@3core2.co.uk

Reporting of Violations

3core2 Certification Ltd is fully committed to developing a "Speak up culture" – Employees and Associated Persons should not be afraid to speak up if they think that something is wrong or needs to be fixed. Employees and Associated Persons should at all times feel comfortable sharing their views, asking questions, flagging anomalies, expressing concerns, or reporting perceived violations of this Policy. If an Employee or Associated Person becomes aware of any suspected or known violations of this Policy or he/she realises that 3core2 Certification Ltd or an Associated Person performed a transaction prohibited by Sanctions, then he/she has a duty to promptly report such concerns in accordance with 3core2 Certification Ltd 's Speak Up process for Reporting Concerns Relating to Financial Matters

Confirmation

Employees and Associated Persons shall periodically, whenever requested by 3core2 Certification Ltd (in the case of Employees, as a minimum once a year), individually confirm in writing to 3core2 Certification Ltd that he/she/it has read this Policy and agrees to comply therewith.

Donn Houldsworth

Managing Director

PL06 r00 October 2022 

3core² is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or otherwise interact with us.

When we process your personal data we comply with all applicable data protection legislation, including the UK GDPR and the Data Protection Act 2018.

1. Information We Collect:

• The information we collected is limited to the information we need to process your request for training or certification services.

• Personal Information: We may collect personal information such as your name, email address, postal address, phone number and other contact details when you voluntarily provide it to us.

2. How We Use Your Information:

We may use the information we collect to:

• Communicate with you about your enquiries, and purchases,

• Customise your experience and deliver personalised content and offers.

• Protect against fraudulent or unauthorised activity.

• Comply with legal obligations.

3. Sharing Your Information:

We may share your information with:

• Service Providers: Third-party service providers who assist us in operating our website, conducting business, or servicing you.
• Legal Requirements: When required by law or in response to valid legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.

4. Data Security:

We implement appropriate technical and organisational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

5. Your Choices:

You have the right to access, correct, update, or delete your personal information. You may also opt-out of receiving marketing communications from us.

6. Children's Privacy:

Our website is not directed to children under the age of 17. We do not knowingly collect personal information from children without parental consent.

7. Changes to This Policy:

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the revised policy on our website.

8. Contact Us:

If you have any questions or concerns about this Privacy Policy or our practices regarding your personal information, please contact us at info@3core2.co.uk

Donn Houldsworth

Managing Director

PL09 r01 March 2024