Ethics and governance
EXFO is committed to fully complying with all applicable laws, regulations, and other obligations related to both our products and our operations.
Our ethics commitment framework
We have a framework in place to ensure we uphold the highest standards of ethics and security to protect our stakeholders, their personal information and business continuity.
Reporting ethical violations
Any interested party with significant concerns may report them to a member of EXFO's Board of Directors by submitting this form. After you complete this form, an email from this website will be sent to a Director and a copy will be sent to EXFO's General Counsel and Corporate Secretary.
As the sender of an email from this site, you will not be identified, and no reply can be sent to you unless you type in your name and contact information. EXFO's General Counsel and Corporate Secretary will retain any such messages for a reasonable period of time. The Director may discuss the matter with EXFO’s General Counsel, independent advisors, non-management directors or EXFO’s management, or may take other action in their good faith, judgment and discretion. For additional information, see our Statement on Reporting Ethical Violations.
Information and data security
Information security management system
EXFO’s information security management system (ISMS) is based on the ISO 27001 family of standards. These standards address ISMS requirements and the deployment of methods, procedures and best practices relevant to information privacy and confidentiality, IT security and more. We use these standards to:
- Help EXFO establish, implement, operate, monitor, review, maintain and continually improve its ISMS
- Ensure adequate protection of our customers’ sensitive information and data
- Manage information security risks affecting our business objectives
- Protect critical business processes from the effects of major failures of information systems or disasters and ensure their timely resumption
Download EXFO’s Information security statement.
Data privacy
Safeguarding the privacy of the personal information that we collect is of critical concern to EXFO. Our Personal Data Protection Policy outlines key principles to ensure comprehensive protection throughout the data life cycle, mitigating the risk of data breaches in compliance with relevant regulations like the General Data Protection Regulation (GDPR), Quebec’s privacy laws.
Download EXFO’s Personal data protection policy.
Product security
We are committed to ensuring that our products cannot be used as a gateway for cyber-attacks. We implement secure development practices and continually monitor and improve product security to mitigate potential risks. We provide our customers with resources and information on how to properly install and use EXFO products and solutions. We also actively monitor our products for vulnerabilities, and we warn customers when we find potential breaches.