Home / Our Approach

DGL provides independent executive compensation and management consulting assistance. How we engage with our clients and our policies: CODE OF ETHICS | INFORMATION SECURITY POLICY

Code of Ethics

Clients:

  • We will serve our clients with integrity, competence, and objectivity.
  • We will keep client information and records of client engagements confidential and will use proprietary client information only with the client’s permission.
  • We will not take advantage of confidential client information for ourselves.
  • We will not allow conflicts of interest which provide a competitive advantage to one client through our use of confidential information from another client who is a direct competitor without that competitor’s permission.

Engagements:

  • We will accept only engagements for which we are qualified by our experience and competence.
  • We will assign staff to client engagements in accord with their experience.
  • We will immediately acknowledge any influences on our objectivity to our clients and will offer to withdraw from a consulting engagement when our objectivity or integrity may be impaired.

Fees:

  • We will agree independently and in advance on the basis for our fees and expenses and will charge fees and expenses that are reasonable, legitimate, and commensurate with the services we deliver and the responsibility we accept.
  • We will disclose to our clients in advance any fees or commissions that we will receive for equipment, supplies or services we recommend to our clients.

Communication:

  • We will respect the intellectual property rights of our clients, other consulting firms and sole practitioners and will not use proprietary information or methodologies without permission.
  • We will not advertise our services in a deceptive manner and will not misrepresent the consulting profession, consulting firms, or sole practitioners.
  • We will report violations of this Code of Ethics.

Information Security Policy

Objective:
Our information protection policy sets out our commitment to protecting client data and how we implement that commitment with regards to the collection and use of client data.

Policy:
The policy’s goal is to protect client informational assets against all internal, external, deliberate and/or accidental threats. We are committed to:

  • Ensuring that we comply with the information protection principles, as listed below.
  • Ensuring that information is collected and used fairly and lawfully.
    • Confidentiality of data will be assured.
    • Integrity and availability of data for business purposes will be maintained.
    • Legislative and regulatory requirements will be met.
  • Processing client data only in order to meet our operational needs or fulfill legal and contractual requirements.
  • Establishing appropriate retention periods for client data.
  • Ensuring that data subjects’ rights can be appropriately exercised.
  • Providing adequate security measures to protect client data.
  • Ensuring that all queries about data protection—internal and external—is dealt with effectively and promptly.
  • Data security training will be met.
  • Information and data will be protected against any unauthorized access.
  • All actual or suspected information and data security breaches will be reported and thoroughly investigated.

Protection Principles:
Our data and information protection principles:

  • Client data shall be obtained with the purpose of completing our contractual obligation to the client and shall not be further processed in any manner incompatible with that purpose.
  • We use good common-sense practices to protect client information with strong encryption:
    • Client confidential data is stored on a stand-alone computer not connected to the Internet or a local area network (LAN). Windows Encrypting File System (EFS) is built into the OS and enabled for directories containing secure data.
    • Client data shall be sent back and forth in encrypted format. We email client data using Secure email or with WinZip that supports 128- and 256-bit key AES encryption.
  • Client data shall not be kept for longer than is necessary to complete our contractual obligation to the client. As such, all client data will be deleted 90 days after the client’s project has been completed:
  • We destroy paper records using a cross-cut paper shredder.
    • We hold media and its contents closely; we don’t share it inappropriately and we return it to an appropriated locked space when we are done.
    • We destroy other records in media-appropriate ways, such as erasing files using Tolvanen Eraser using DOD 3-pass erasing standard or if unable to be erased because it is broken, we destroy by physical breakage.
    • All security incidents need to be identified, reported, investigated and monitored to ensure that reaction is appropriate to any actual or suspected incident relating to information systems and data within our custody. We log all incidents. Dependent on the severity and identified impact of the incident, we shall notify clients verbally and in writing until the incident is resolved, either temporarily or permanently.