Skip to main content

Ethics and governance

EXFO is committed to fully complying with all applicable laws, regulations, and other obligations related to both our products and our operations.

Our ethics commitment framework

We have a framework in place to ensure we uphold the highest standards of ethics and security to protect our stakeholders, their personal information and business continuity.

Ethics and Business Conduct Policy Agent code of conduct Board of Directors Corporate Governance Guidelines Code of Ethics of our Principal Executive Officer and Senior Financial Officers

Reporting ethical violations 

Any interested party with significant concerns may report them to a member of EXFO's Board of Directors by submitting this form. After you complete this form, an email from this website will be sent to a Director and a copy will be sent to EXFO's General Counsel and Corporate Secretary. 

As the sender of an email from this site, you will not be identified, and no reply can be sent to you unless you type in your name and contact information. EXFO's General Counsel and Corporate Secretary will retain any such messages for a reasonable period of time. The Director may discuss the matter with EXFO’s General Counsel, independent advisors, non-management directors or EXFO’s management, or may take other action in their good faith, judgment and discretion. For additional information, see our Statement on Reporting Ethical Violations

Information and data security

Information security management system

EXFO’s information security management system (ISMS) is based on the ISO 27001 family of standards. These standards address ISMS requirements and the deployment of methods, procedures and best practices relevant to information privacy and confidentiality, IT security and more. We use these standards to: 

  • Help EXFO establish, implement, operate, monitor, review, maintain and continually improve its ISMS
  • Ensure adequate protection of our customers sensitive information and data 
  • Manage information security risks affecting our business objectives 
  • Protect critical business processes from the effects of major failures of information systems or disasters and ensure their timely resumption 

Download EXFO’s Information security statement.

Data privacy 

Safeguarding the privacy of the personal information that we collect is of critical concern to EXFO. Our Personal Data Protection Policy outlines key principles to ensure comprehensive protection throughout the data life cycle, mitigating the risk of data breaches in compliance with relevant regulations like the General Data Protection Regulation (GDPR), Quebec’s privacy laws. 

Download EXFO’s Personal data protection policy. 

Product security

We are committed to ensuring that our products cannot be used as a gateway for cyber-attacks. We implement secure development practices and continually monitor and improve product security to mitigate potential risks. We provide our customers with resources and information on how to properly install and use EXFO products and solutions. We also actively monitor our products for vulnerabilities, and we warn customers when we find potential breaches. 

Learn more about our initiatives

Documents

Agent code of conduct Board of Directors Corporate Governance Guidelines Certificate of Amalgamation Code of Ethics of our Principal Executive Officer and Senior Financial Officers Combatting Trafficking in Persons Compliance Plan Ethics and Business Conduct Policy Modern Slavery Policy Personal data protection policy Policy Regarding Conflict Minerals Statement on Reporting Ethical Violations