Corporate Governance Statement
Last updated: May 31, 2026
Document owner: General Counsel and Governance Lead
Review cadence: Quarterly; immediate update after material governance, legal, or control changes
Effective date: 2026-05-31
Controller / Legal entity: EthicPages, Inc.
Registered address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Primary contact: ethicpages+contact@invictosoft.com
Purpose
EthicPages operates in a trust-sensitive domain. Customers rely on us to help them communicate privacy, security, compliance, and procurement readiness with confidence. That external trust depends on disciplined internal governance: clear decision rights, ethical guardrails, risk oversight, and transparent accountability.
This Corporate Governance Statement describes how EthicPages is governed and how major business decisions are supervised. It also explains how governance links to related policies across legal, security, data protection, billing, and people operations.
Governance principles
Our governance framework is grounded in six principles:
- Integrity first: Business goals must never override legal, ethical, or safety obligations.
- Clear accountability: Owners, approvers, and escalation pathways are documented.
- Risk-proportionate controls: Governance depth should match the risk profile of each decision.
- Transparency: Material policy and control decisions are recorded and reviewable.
- Continuous improvement: Control failures trigger root-cause analysis and remediation.
- Stakeholder trust: We consider customer, employee, supplier, and regulatory expectations.
Corporate structure and authority
EthicPages, Inc. is the governing legal entity for platform operations, product delivery, and contractual commitments. Internal authority is delegated through board-approved governance charters and executive role descriptions.
Decision rights model
| Decision type | Primary owner | Secondary reviewers | Final approver |
|---|---|---|---|
| Strategy and annual objectives | CEO | Leadership team | Board |
| Budget and capital allocation | Finance lead | CEO, relevant function leads | Board or delegated authority |
| Product roadmap with regulatory impact | Product lead | Security, legal, privacy | CEO / designated committee |
| Material vendor engagements | Functional owner | Security, legal, procurement | CFO/CEO per threshold |
| Policy issuance and updates | Policy owner | Legal, security, privacy, people | Executive sponsor |
| Incident declarations and disclosures | Incident lead | Legal, security leadership | Executive incident council |
This model is designed to prevent concentration of unchecked decision power while preserving operating speed.
Board structure and responsibilities
The board provides strategic oversight, fiduciary supervision, and governance challenge for management decisions. Board responsibilities include:
- Approving long-term strategy and annual business plans.
- Monitoring financial performance and sustainability.
- Overseeing enterprise risk and control effectiveness.
- Reviewing major legal, security, and compliance exposures.
- Evaluating executive leadership performance and succession readiness.
- Ensuring governance and ethics standards are maintained.
Board composition expectations
| Composition element | Governance intent |
|---|---|
| Diverse professional backgrounds | Improves quality of strategic challenge and risk framing |
| Relevant domain expertise | Ensures informed oversight in SaaS, security, compliance, and operations |
| Independence where appropriate | Supports objective challenge to management assumptions |
| Defined tenure and refresh approach | Balances continuity with new perspective |
Board operating cadence
| Activity | Minimum cadence |
|---|---|
| Full board meetings | Quarterly |
| Risk and control review | Quarterly |
| Audit and financial review | Quarterly or as required |
| Policy and ethics review | Semi-annual |
| Succession and talent review | Annual |
Committee and functional oversight
Depending on company size and governance maturity, oversight responsibilities may be handled by formal committees or designated leadership councils. Core coverage includes:
| Oversight domain | Typical focus areas |
|---|---|
| Audit and finance | Financial reporting quality, controls, internal/external audit readiness |
| Risk and security | Cybersecurity posture, incident readiness, supplier risk, resilience |
| Privacy and data governance | Data handling, retention, legal transfer controls, data subject rights |
| Ethics and conduct | Code of conduct adherence, conflicts, whistleblower process |
| People and compensation | Executive compensation, talent risk, DEI oversight |
Charters define each body’s scope, delegated authority, quorum expectations, and reporting outputs.
Executive governance and management accountability
Management is accountable for implementing board direction and operating controls. Accountability mechanisms include:
- Quarterly business reviews with key risk indicators.
- Written ownership of policy controls and risk responses.
- Escalation protocols for material deviations from risk appetite.
- Action tracking for internal audit and post-incident remediation items.
- Performance goals that include risk and compliance outcomes, not only growth metrics.
Executive accountability matrix
| Role | Governance accountability examples |
|---|---|
| CEO | Overall governance effectiveness, culture, and strategic integrity |
| Finance lead | Financial controls, budgeting discipline, regulatory reporting readiness |
| Product lead | Product governance, release controls, customer impact review |
| Security lead | Security architecture, incident response, control assurance |
| Privacy/legal lead | Contracting, legal risk management, policy integrity |
| People lead | Workplace standards, DEI governance, misconduct response |
Ethics and code of conduct
EthicPages expects all employees, contractors, and representatives to comply with the company’s ethical standards. The code of conduct sets behavioral and decision-making expectations in areas such as:
- Honesty and accuracy in customer communications.
- Respectful workplace behavior and anti-harassment standards.
- Confidential handling of customer and company information.
- Prohibition on bribery, corruption, and improper inducements.
- Avoidance and disclosure of conflicts of interest.
- Responsible use of AI and automation in customer-facing contexts.
Conflict of interest controls
| Control | Description |
|---|---|
| Disclosure duty | Personnel disclose actual or perceived conflicts promptly |
| Review process | Conflicts reviewed by legal/people leadership |
| Mitigation actions | Recusal, reassignment, additional approvals, or contract controls |
| Documentation | Decisions recorded for audit and accountability |
Risk management and oversight framework
Risk oversight at EthicPages follows a lifecycle model: identify, assess, mitigate, monitor, and report.
Risk taxonomy
| Risk domain | Example exposure | Typical controls |
|---|---|---|
| Strategic | Misaligned roadmap, market concentration | Planning cycles, scenario reviews |
| Operational | Service interruptions, process failures | SOPs, monitoring, incident management |
| Security | Unauthorized access, vulnerabilities | Access controls, patching, security testing |
| Privacy and legal | Data misuse, regulatory non-compliance | Policy framework, legal review, DPA controls |
| Financial | Revenue volatility, fraud, cash risk | Financial controls, reconciliations, approval gates |
| Third-party | Vendor outage or non-compliance | Due diligence, contract clauses, periodic reviews |
| Reputational | Public trust erosion | Communication protocols, issue response playbooks |
Risk oversight cycle
| Phase | Description | Output |
|---|---|---|
| Identification | Capture emerging and known risks | Updated risk register |
| Assessment | Evaluate likelihood, impact, and velocity | Prioritized risk ranking |
| Mitigation | Define controls and owners | Control plans and timelines |
| Monitoring | Track key risk indicators and control health | Quarterly risk dashboard |
| Escalation | Trigger leadership/board attention for threshold events | Escalation records and actions |
Internal controls and assurance
Governance quality depends on control execution, not only policy language. We maintain internal controls across:
- Change management and release governance.
- Access and privileged account administration.
- Financial approval and reconciliation processes.
- Vendor onboarding and ongoing risk checks.
- Incident detection, response, and post-incident learning.
- Policy lifecycle management and periodic attestations.
Assurance sources
| Assurance type | Purpose |
|---|---|
| Management self-assessments | Confirm control ownership and operation |
| Internal control reviews | Evaluate design and operating effectiveness |
| External assessments (as relevant) | Independent challenge for high-risk domains |
| Customer and partner feedback | Detect control blind spots and process friction |
Control failures trigger corrective action plans with accountable owners and completion dates.
Policy framework and cross-links
Corporate governance is operationalized through policy documents. The following references are core:
| Policy | Purpose | Link |
|---|---|---|
| Privacy Policy | Data handling commitments and legal basis | Privacy Policy |
| Data Retention Schedule | Retention periods, deletion, legal hold process | Data Retention Schedule |
| Security Overview | Security controls and incident principles | Security Overview |
| Terms of Service | Customer contract baseline | Terms of Service |
| Billing Terms | Commercial and subscription controls | Billing Terms |
| AI Usage Policy | AI processing expectations and safeguards | AI Usage Policy |
| Acceptable Use Policy | Product usage boundaries | Acceptable Use Policy |
| DEI Statement | Workforce and supplier inclusion governance | DEI Statement |
Each policy has a named owner, review cadence, and change approval path.
Regulatory and legal compliance posture
EthicPages aligns governance operations with applicable legal requirements relevant to company operations, customer obligations, and workforce management. Key practices include:
- Maintaining contract templates and legal review standards.
- Monitoring material legal and regulatory changes.
- Updating policy language and controls when obligations evolve.
- Documenting legal interpretations that affect product or process design.
- Coordinating response protocols for legal requests and regulatory inquiries.
Governance does not substitute legal advice for customers; rather, it ensures internal legal obligations are managed responsibly.
Incident governance and escalation
Material incidents are handled through a structured incident governance process:
- Detection and triage: Identify severity and potential impact.
- Containment: Limit customer, data, or operational impact.
- Executive activation: Convene incident decision group where thresholds are met.
- Communication: Provide accurate updates to affected stakeholders.
- Recovery: Restore services and verify control effectiveness.
- Post-incident review: Capture root causes and long-term fixes.
Escalation triggers
| Trigger type | Escalation expectation |
|---|---|
| Potential data breach | Immediate legal/privacy/security involvement |
| Prolonged service outage | Executive incident leadership activation |
| Material financial control anomaly | Finance and leadership escalation |
| High-severity conduct concern | Legal/people leadership intervention |
| Regulatory notice | Legal lead and executive governance review |
Stakeholder communication and transparency
Trust requires proportionate transparency. EthicPages communicates governance-related information through:
- Customer-facing policies and Trust Center documentation.
- Contractual notices where required.
- Internal policy publication and acknowledgement workflows.
- Incident and corrective action communication when relevant.
- Periodic updates to governance documents and change records.
We aim to communicate clearly without exposing unnecessary sensitive operational details.
Culture, incentives, and governance alignment
Governance effectiveness depends on incentives. We therefore seek alignment between business targets and responsible operation:
- Leadership goals include risk and control metrics.
- Managers are assessed on team conduct, not only output volume.
- Product delivery quality includes compliance and customer trust criteria.
- Incident learning is treated as a system-improvement opportunity.
- Ethical escalation is encouraged and protected.
Document lifecycle management
This governance statement is part of a living policy system:
| Lifecycle step | Requirement |
|---|---|
| Drafting | Owner prepares revision and impact summary |
| Review | Legal, security, privacy, and executive review as needed |
| Approval | Executive sponsor and governance owner sign-off |
| Publication | Updated in Trust Center and internal policy repository |
| Change log | Material changes documented with rationale |
Material changes may include board structure changes, revised risk governance model, or policy cross-link updates.
Contact and governance inquiries
Questions about governance, ethics, or policy accountability can be directed to:
| Inquiry type | Contact |
|---|---|
| Governance and board matters | ethicpages+contact@invictosoft.com (subject: Governance) |
| Ethics and conduct concerns | ethicpages+contact@invictosoft.com (subject: Ethics) |
| Risk and control inquiries | ethicpages+contact@invictosoft.com (subject: Risk Oversight) |
| Postal correspondence | EthicPages, Inc., 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ |
Related documents: Terms of Service · Privacy Policy · Data Retention Schedule · Security Overview · Billing Terms · DEI Statement