Boeing

Code of Conduct—Our Shared Commitment

Across our global enterprise, Boeing employees are united by a shared commitment to our values—safety, quality, integrity, and transparency—above all else. We believe that compliance and ethical behavior are everyone’s responsibility. This means we must hold ourselves—and one another—accountable to our values and to creating an open and inclusive workplace. Boeing leadership encourages employees to proactively seek out issues, speak up and report concerns, and engage with transparency.

Boeing’s Global Compliance organization drives compliant company performance across all geographic locations, encourages integrity and transparency, and demonstrates our commitment to compliant and ethical business practices. Boeing’s Chief Compliance Officer works closely with the Board of Directors, senior company leaders, our employees, and external stakeholders to advance Boeing’s compliance and ethics culture throughout the company.

Every year, Boeing employees reaffirm their commitment to do their work in a compliant and ethical manner, and respect one another, by reading and signing the Boeing Code of Conduct. Because our Code of Conduct guides the way we do our work every day, we provide the code in 18 languages to reach employees in their native language.

In addition, every employee participates in a company-wide training called Recommitment, which features real-life examples of compliance issues and consequences, and highlights how adherence to our values and doing business with integrity is critical to the company’s success.

Click here to learn more about our values or view our Code of Conduct.

Contacting Ethics

Boeing encourages employees to promptly raise concerns about safety, quality, potential violations of the law, or Boeing policy. Boeing also works to foster an environment in which employees feel safe seeking guidance, raising concerns, and identifying areas for improvement. Boeing appreciates that speaking up may not always be easy, and the company offers several options for raising concerns confidentially, including through managers, toll-free phone numbers, and web-based portals. Our local Site Compliance and Ethics Officers and Ethics Ambassadors also provide in-person and online support to employees who are looking for guidance or need to report a concern, and can provide additional compliance and ethics resources. Any retaliation against employees who raise a concern is not tolerated and is grounds for discipline, up to and including termination.

The Boeing Ethics Line (1-888-970-7171) is staffed during U.S. business hours (8:00 a.m. to 6:30 p.m. Central time, Monday through Friday) and is available to Boeing employees, suppliers, contractors, or others from the public.

The Boeing Global Ethics Line is operated by a third party and staffed 24 hours a day, seven days a week and is available in 35 countries.  In addition to the Global Ethics Line, we also provide a web portal, Integrity Counts, for employees to report concerns who may not have access to the reporting channels on the internal Boeing network.

Compliance

Compliance Risk and Management process wheel graphic.

Boeing is committed to ensuring compliance with applicable global laws and regulations, as well as our own internal policies and procedures. To maintain effective compliance risk management strategies and controls consistent with our deep compliance culture, Boeing builds compliance accountability, oversight, and risk management into all levels of the business.

Boeing regularly assesses the effectiveness of internal compliance controls, including policies and procedures, training, data analytics and control validation. Managers and executives are accountable for compliance within the business or functional areas they oversee and, along with all employees, receive annual training on compliance risk areas specific to their work responsibilities. This includes training for a range of compliance topics (e.g. proper handling of proprietary or trade secret information and cyber security, anti-corruption, U.S. Government procurement integrity rules, and data privacy). Compliance training is reviewed and updated regularly to ensure that it is current, relevant, and effective.

Under Boeing’s Compliance Risk Management (CRM) program, senior leaders are accountable for identifying, assessing, and managing effective compliance programs. Co-chaired by the Chief Compliance Officer and Controller, the Compliance Risk Management Board (CRMB) oversees enterprise compliance and is comprised of senior executives from across the company’s business units and functions.

The CRMB’s charter is to create a proactive culture of compliance, integrate compliance risk management across the enterprise, drive effective and efficient compliance controls to achieve business objectives, and lead compliance risk mitigation and accountability. The CRMB evaluates the company’s most significant compliance risks and associated mitigation strategies, prioritizes the most important emerging issues for additional attention and, where appropriate, elevates issues to Boeing’s CEO and to the Audit Committee of the Board of Directors. Boeing’s CRM program also partners with the internal Corporate Audit organization to validate the effectiveness of compliance controls.

As outlined in Boeing's Audit Committee Charter, the Chief Compliance Officer reports at least annually to the Audit Committee of the Board of Directors on Compliance Risk Management and provides regular reporting on the company's ethics and compliance program. More details on reporting and oversight functions of the CRMB can be found in the Audit Committee Charter, published on the Boeing Corporate Governance page.

Anti-Corruption Program

Our people design, build, and support aerospace products that touch and affect lives around the world. That’s why we are committed to doing business and operating with integrity at all times. At Boeing, we have zero tolerance for corruption or bribery, and we are dedicated to building a culture that fosters openness, trust, and accountability. –Uma Amuluru, Chief Compliance Officer; Vice President, Global Compliance

Boeing strictly forbids bribery and corruption of any kind. It is imperative that we compete on the merits alone. Integrity is a core company value and in support of it, Boeing publishes an internal policy inclusive of anti-corruption and anti-bribery requirements and expectations applicable to employees, board of directors, and other stakeholders.  Boeing also provides employees and other stakeholders detailed procedures to ensure compliance with the U.S. Foreign Corrupt Practices Act and other global anti-corruption laws and regulations; requires annual training related to ethics and compliance; and provides guidance and instructions on various reporting mechanisms. This guidance is clear that we must never sacrifice our ethical principles to win or keep business—that no business is worth it.

Our anti-corruption program is organized into nine risk areas and includes extensive controls. These controls are tested annually through a self-assessment process as well as periodic risk-based corporate audits and external assessments to assess risk, ensure effectiveness, and identify potential enhancement opportunities. Confidential and anonymous reporting methods are provided. Retaliation against reporting parties is strictly prohibited, and action is taken against violators of anti-retaliation policies. The company also makes its employees aware of their federally protected whistleblower rights which are designed to protect employees against retaliation for reporting potential wrongdoing by a U.S. contractor or subcontractor.

Competing Globally with Honesty, Integrity and Compliance

Boeing’s anti-corruption program is organized into nine areas, and reflects the company’s commitment to competing globally with honesty, integrity and in full compliance with all applicable laws and regulations. Detailed policies and procedures govern each area and demonstrate the company’s zero tolerance for corruption, applicable to employees at all levels and in every location where we operate. We work with our partners, including through Boeing-appointed board members, to ensure that the joint ventures in which we participate adopt similar policies and procedures to govern their respective operation. Program risk is assessed throughout the year, and results are shared at the company’s executive council and board levels. Assessment results are used to make improvements to further strengthen the program and sustain effectiveness.

Business Courtesies, Offering and Accepting

Boeing employees are required to be vigilant in ensuring that any business courtesy is reasonable, lawful and fully justified under the circumstances, and does not suggest the appearance of impropriety. Company policies and procedures strictly prohibit offering any courtesy that could be misinterpreted as an attempt to gain an improper business advantage, and include elevating thresholds of management approval. Before any courtesy is offered, an employee must determine that it is lawful and appropriate and would not cause embarrassment to the company or recipient.

Additionally, employees must follow strict guidelines when determining if an offered courtesy can be accepted. Employees are prohibited from soliciting courtesies, or accepting any courtesies when a real or perceived attempt is being made to influence action by Boeing.

Employment Decisions

Boeing policies and procedures require that all hiring decisions be made fairly, ethically and in accordance with all relevant laws and regulations. Additional precautions, including Law Department review, are taken for hiring decisions involving current or former non-U.S. government officials, representatives of non-U.S. airlines, officials of public international organizations and their relatives.

Financial Controls, and Books and Records

The Boeing financial management system is designed to assure, among other things, that company resources are effectively and efficiently managed and that reporting requirements are satisfied with integrity and reliability and in compliance with all relevant laws, regulations and generally accepted practices and principles. Specific to anti-corruption controls, all employees are required to maintain accurate financial records and appropriately document and obtain approval of costs and expenses. Employees may not approve expense reports for themselves or their peers. Use of company credit cards for non-business expenses is strictly prohibited. Personal credit cards may not be used for business expenses, except in very limited circumstances. Company policy prohibits falsification of accounting or other business records.

Grants, Business Donations, Sponsorships, Memberships

Boeing makes investments in communities where employees live and work through charitable grants, in-kind donations, sponsorships, volunteer time, and memberships to various organizations to promote positive and sustainable change. Boeing policy requires that all grants, business donations, sponsorships, and memberships be evaluated for alignment with company values and ethical standards. All requests for payments or donations to support an organization or project outside of the United States are reviewed by the Law Department.

Company contributions are subject to review and approval prior to offering, as outlined in the company's internal Company Contributions procedure. This addresses our internal contribution process inclusive of, but not limited to, the application process and properly vetting recipients for charitable donations, sponsorships, and more.

In addition, at Boeing we maintain and monitor a Conflicts of Interest program, which requires each of us to demonstrate accountability and openness by disclosing relationships, outside activities, and financial interests that may pose a conflict of interest or affect our objectivity. Preventing or mitigating COIs is critical to operating with integrity and maintaining the trust of our partners, customers and stakeholders.

International Consultants

Boeing recognizes that good business practices include drawing on the expertise of outside consultants and professional service providers. To ensure those relationships comply with applicable laws, the company has detailed requirements for creating, maintaining and renewing international consultant relationships. The company conducts appropriate and risk-based due diligence based on the international consultant’s statement of work, which may include geographic location, ownership, and other relevant information. The company renews that due diligence at appropriate intervals. International consultant agreements require strict compliance with applicable laws, including anti-corruption laws, and with Boeing’s ethical business conduct guidelines. Hiring, renewing or expanding the scope of work of an international consultant requires multi-layer executive management approvals and review by the Law Department.

Mergers and Acquisitions

Boeing pursues mergers, acquisitions, joint ventures and equity investments when such transactions align with the company’s strategic and operating objectives. All such transactions are accompanied by comprehensive due diligence to examine rigorously the books, records, corporate filings, operations and compliance history of the candidates for the transactions.

Non-sale Agreements (including Teaming Agreements)

Boeing policy sets out detailed procedures for review and approval of teaming agreements and other non-sales agreements with companies, including appropriate levels of due diligence to ensure compliance with the U.S. Foreign Corrupt Practices Act and other applicable anti-corruption laws. Terms and conditions in those agreements must include warranties of compliance with all applicable anti-corruption laws.

Non-U.S. Political Contributions

Boeing maintains detailed requirements for all political activities inside and outside the United States. For activities outside the United States, Boeing policy prohibits company contributions to political candidates, political parties and party officials, and political advocacy groups. This prohibition covers both monetary contributions and in-kind donations.

Supplier Relationships and Anti-Kickback Compliance

Across our supply chain we are united by a shared commitment to the Boeing values. Appropriate due diligence is conducted for potential suppliers, such as screening governmental and industry listings for instances of sanctions and/or other compliance concerns. The terms and conditions in all supplier agreements require that suppliers provide assurance of compliance with all applicable anti-corruption laws, granting Boeing contractual rights in the event of a breach, inclusive of termination rights. Additionally, company procedures prohibit employees from soliciting gifts from suppliers or having any contact with suppliers that would give rise to even the appearance of impropriety, and require all employees to comply with anti-kickback laws and regulations.

For more information on our shared responsibility with suppliers please click here.

Industrial Participation

Boeing enters into various industrial participation agreements with certain customers outside of the U.S., primarily as a result of country laws and regulations, to provide economic flow back or the transfer of technology or skills to their businesses or government agencies as the result of their procurement from us. These commitments may be satisfied by our local operations in those countries, placement of direct work or vendor orders for supplies, opportunities to bid on supply contracts, transfer of technology or other forms of assistance as prescribed by country laws and guidelines. In certain cases, our commitments may be satisfied through other parties (such as our vendors) who purchase supplies from our non-U.S. customers. To be eligible for such a purchase order commitment from Boeing, a non-U.S. supplier must have sufficient capability to meet our requirements and must be competitive in cost, quality and schedule. Even in these cases, Boeing retains the responsibility of the obligation.

Boeing has dedicated departments focused exclusively on the management and execution of industrial participation commitments. Boeing has specific processes and procedures that detail responsibilities to address industrial participation activities, and receives support from other functions to complete due diligence, comply with export restrictions and prevent corruption. These teams’ training curriculums and guidance are tailored to meet all requirements, including anticorruption, conflict of interest, and business courtesies as regulated by U.S and local laws. Our relevant Terms and Conditions include anti-bribery and corruption provisions.

Leading and Learning with Industry

Boeing is committed to continually developing and evolving its ethics and compliance program. One way we do this is through active participation in industry associations dedicated to furthering ethics and compliance initiatives, such as the Defense Industry Initiative (DII), the International Forum on Business Ethical Conduct (IFBEC), and the Institute of Business Ethics (IBE). These forums provide an opportunity to benchmark, exchange information, share best practices in the field, and discuss global trends in the industry.

Vulnerability Handling & Disclosure

The Boeing Company is committed to maintaining the safety and security of our systems and our customers’ information. We encourage earnest, responsible reporting of potential security vulnerabilities in any product, system, or asset made by or belonging to Boeing. Before reporting, please review our submission process, including our guidelines for responsible disclosure and coordination.

Security Vulnerability Submission Process

If you believe you have found a vulnerability in a Boeing product, system, or asset, please submit the vulnerability information to Boeing through an encrypted communication method. For submission via Email, please send an encrypted file detailing your submission. Encrypt your file using our public Boeing PGP/GPG public key.

To enable Boeing to investigate and remedy the potential vulnerability, please report it as soon as possible after discovering it and provide a detailed summary of the vulnerability, including the following if known:

  • A description of the finding and how it was discovered
  • The product(s), system(s), or asset(s) affected
  • Reproduction instructions to enable Boeing to validate the vulnerability (e.g., actions and results)

Your contact information and PGP key. Personal data Boeing receives in connection with your submission will be retained and protected in accordance with the company’s privacy policies and any applicable laws.

A Boeing representative will acknowledge receipt as soon as possible, typically within 3 business days.

Submit any vulnerability information in full accordance with the following guidelines:

  • Do not engage in any activity that can potentially cause harm to Boeing, our customers, our suppliers, or our employees.
  • Do not engage in any activity that can potentially disrupt or degrade Boeing products, systems or assets.
  • Do not engage in any activity that violates (a) federal or state laws or regulations or (b) the laws or regulations of any country where (i) Boeing data, assets or systems reside, (ii) Boeing data traffic is routed or (iii) the researcher is conducting research activity.
  • Do not engage in extortion, threats, or other tactics designed to elicit a response under duress. Boeing will not respond to submissions made under threat of public disclosure, exposure of data, or withholding vulnerability information.
  • Do not store, share, compromise or destroy data on Boeing systems. If Personally Identifiable Information (PII), proprietary or sensitive data is encountered, you should immediately halt your activity and contact Boeing.
  • Provide Boeing reasonable time to fix any reported issue, before such information is shared with a third party or disclosed publicly.

Safe Harbor & Recognition

We consider activities conducted consistent with this policy to constitute authorized access under anti-hacking laws. To the extent your activities are inconsistent with certain Boeing terms and conditions, we waive those restrictions for the limited purpose of permitting security research under this policy. Boeing will not pursue civil action or initiate a complaint to law enforcement for accidental, good faith violations of this policy.

There is no monetary reward for the disclosure program at this time. However, we understand the hard work that goes into security research, and to show our appreciation for researchers who help keep our systems secure, we have launched a recognition program for responsibly disclosed and validated vulnerabilities. If you are the first to disclose a qualifying vulnerability, we will, with your permission, credit your discovery by publishing your name in Boeing’s Security Hall of Fame. The inclusion on the Hall of Fame does not imply agreement with all the analysis performed as other factors may be in place to reduce risk. Whether and when to recognize a disclosure is entirely at our discretion, and Boeing reserves the right to cancel the recognition program at any time.

Security Hall of Fame:

Argus Cybersecurity – Rubi Arbel and Daniel Rezvani

Pen Test Partners – Alex Lomas

Contact details:

Email address: VulnerabilityDisclosure@boeing.com