Governance
Corporate governanceRisk management Privacy and data protection Business continuity
External communications and accountability
Kelly is committed to doing the right thing; conducting ourselves in a legal, ethical, and trustworthy manner; strictly upholding our regulatory obligations in every country in which we operate and complying with both the letter and spirit of our business policies and values. Our commitment is to hold ourselves accountable for our actions and goals.
Annually report our sustainability performance in alignment with the following disclosure frameworks: GRI, TCFD, UNGC, SASB, and SEC
Integrate ESG criteria into Kelly’s risk management and monitoring approach
Align on SEC reporting guidelines on Climate Change and Human Capital once available
Continued training and acknowledgement of our global policies.
Compliance with new and updated legislations and standards in all the territories where we operate.
95% of employees signed the Code of Business Conduct and Ethics.
44% of the Board’s directors are diverse, including gender and ethnic representation.
The Vice President of Internal Audit, Chief Accounting Officer, and Chief Diversity Officer are now members of the ESG Advisory to support driving strategy.
90% of employees completed global policy training on business ethics and human rights topics.
Recognized in the “Silver” category for the fifth consecutive year by EcoVadis, placing Kelly in the top 5% of companies rated by EcoVadis in the Temporary employment agency activities industry.
Kelly is committed to operating with integrity, doing what is right, and strictly upholding regulatory obligations in every country in which we operate. We maintain strong corporate governance practices that guide our values and expectations from all employees across all regions of operations.
Our Board of Directors provides oversight to management and business strategy and ensures sound governance practices to enhance long-term stockholder value.
Kelly’s Code of Business Conduct and Ethics presents the global policies and procedures that all employees must abide by in order to ensure alignment with internal practices and ethical practices. The Code is upheld by the Board of Directors, and executive leadership team with the purpose of setting expectations and guiding collaborators in identifying and resolving ethical issues properly, deterring any wrongdoing, and providing mechanisms to report dishonest or unethical conduct anonymously as needed.
All global policies and procedures within the Code are reviewed and revised annually in order to allow the company an opportunity to compare against best-in-class performers and their business requirements. The Code of Conduct helps to foster an ongoing culture of honesty, accountability, and integrity. Our business integrity policies and practices extend to our global network of suppliers through the Supplier Code of Conduct.
A third party independently manages our integrity hotline where employees, customers and suppliers can report their concerns confidentially and anonymously.
Training is essential and strengthens our commitment to maintaining an ethical culture. Annually, all Kelly employees are required to acknowledge the Code of Business Conduct and Ethics and complete mandatory compliance training. In 2022, required ethics and human rights training included:
Americans with Disabilities Act Overview
Employee handbook acknowledgement
Code of Conduct and acknowledgement
Global Anti-bribery training
Global Antitrust training
Global Diversity training
Information Security Policy
Harassment Prevention
Safety Management Essentials
Our Code of Business Conduct and Ethics specifically states that the company’s funds, property assets, or equipment may not directly or indirectly be used to make political contributions in the name of Kelly. We participate in several industry organizations to ensure ongoing engagement with external stakeholders.
Our risk management framework and Enterprise Risk Management (ERM) program are overseen by Kelly’s full Board of Directors in conjunction with a more thorough oversight by the Audit committee. Our risk-mitigation strategy considers policies, procedures, and monitoring mechanisms to identify critical risk, facilitate the establishment of our corporate risk appetite and tolerance statement, and integrate risk concepts within the company’s strategic planning process. In 2022, Kelly’s ERM considered additional ESG issues, including climate change, human rights, responsible supply chain management and diversity, equity and inclusion.
Current areas of particular emphasis include cybersecurity, data privacy, wage-hour risk management, and improvements to the company’s compliance governance and incident reporting practices.
In this regard, Kelly has implemented processes to extend risk assessments on Privacy and Data Protection and Cybersecurity to its vendors for identifying third parties’ blind spots that may process confidential data on Kelly’s behalf. These risk management controls include but are not limited: architecture reviews, SSAE audits and review of vendor SOC1 and SOC2 Type II reports for critical and SOX vendors, ongoing monitoring and reporting of vendor security by an independent third party, vulnerability assessments conducted internally and annually by an external third party, data protection impact assessment, annual enterprise risk assessment, incident response and notification procedures, and Data Protection Agreements including standard contractual clauses (SCCs) for privacy compliance.
Our risk-mitigation strategy considers policies, procedures, and monitoring mechanisms to identify critical risk, facilitate the establishment of our corporate risk appetite and tolerance statement, and integrate risk concepts within the company’s strategic planning process.
Kelly is entrusted with a large volume of sensitive personal data from our candidates, employees, talent, customers, and suppliers. With the increased use of technology and global outreach of our business, we take seriously our responsibility of data privacy and protection to ensure the proper collection, use, and security.
Kelly’s Data Privacy principles guide our employees with the tools, training, and information necessary to follow and comply with high standards and procedures in handling personal data and incident reporting procedures. All employees have access to our Data Privacy Resource Center providing guidelines and incident reporting procedures on privacy and cybersecurity awareness.
Privacy and data protection procedures and standards are also communicated in our Code of Business Conduct and Ethics and Supplier Code of Conduct. Compliance to our Code of Conducts is mandatory for all of our global members and suppliers.
Required data protection and retention training in 2022 included:
GDPR: EU General Data Protection Regulation
IT Security: Email and Phishing, Creating a Cyber Secure Home, Working remotely, Social Engineering, Passwords
Kelly’s Enterprise Risk Management and Information Technology teams directly oversee privacy and data protection matters by providing regular quarterly updates to the Audit Committee regarding the company’s proactive approach to cybersecurity and any changes in the regulatory environment that may impose additional compliance requirements related to the collection, use, processing, disclosure, transfer, and retention of personal information.
Kelly has also adopted international standard procedures to ensure ongoing compliance with the European Union’s General Data Protection Regulation (GDPR), California’s Consumer Privacy Rights Act, and all other data privacy laws and regulations in the municipalities where we do business. In 2022, we continued ongoing efforts to strengthen Kelly’s protection around personal data with updates to our Information Security policies to ensure the highest information security standards across our network.
Our business continuity planning is incorporated into Kelly’s overall business strategy to ensure internal resources and prioritize strategies that mitigate unplanned business interruptions that can have a severe impact in our operations and in the health and safety of employees and their families. From natural disasters, extreme weather events, power outages, civil unrest, political instability, and other natural or man-made disasters, our Business Continuity team at Kelly works closely with cross-functional teams and customers to integrate our business plans in order to be prepared to manage crisis response and disaster recovery as they arise. Our approach includes three functions:
Kelly participates in external assessments such as EcoVadis, CDP, Human Rights Campaign Foundation’s Corporate Equality Index (CEI), Responsible Business Alliance (RBA), ISS Corporate Solutions (ICS), S&P Global Corporate Sustainability Assessment (CSA), and DiversityInc Top 50 among others. These platforms allow us to analyze our performance and identify enhancement opportunities while providing a consistent and transparent measurement of the impact of our sustainability and ESG strategy. In addition, our external communication channels help us monitor and inform our external audiences, including customers and clients, about our performance.
