Modern-slavery-act

CyberWhite Ltd. – Modern Slavery & Human-Trafficking Statement

Financial year ending 31 March 2025

*(Published under section 54 of the UK Modern Slavery Act 2015)*

—

1. Our business

CyberWhite Ltd. is a UK-based cyber-security services provider headquartered in Sunderland, with additional offices in London and Glasgow. We deliver penetration testing, managed detection and response (MDR), governance-risk-compliance (GRC) consultancy and security-awareness training to public- and private-sector clients. During FY 2024/25 we employed 42 permanent staff and worked with approximately 110 third-party suppliers, the majority of whom are UK or EU software vendors, data-centre operators and professional-services firms.

2. Our commitment

We have **zero tolerance** for slavery, servitude, forced or compulsory labour and human trafficking in any part of our operations or supply chain. We are committed to acting ethically and with integrity and to implementing and enforcing effective systems and controls.

3. Governance & policies

| Policy | Key points |
| ——————————– | ————————————————————————————————— |
| **Ethical Sourcing Policy** | Mandatory supplier due-diligence questionnaire; Tier-1 suppliers audited every two years. |
| **Code of Conduct** | Explicit prohibition of modern-slavery practices; whistle-blowing routes for staff and contractors. |
| **Recruitment & Vetting Policy** | Direct hiring wherever possible; labour agencies must be GLAA-registered and ISO 9001-certified. |
| **Supplier Terms & Conditions** | Clause 9 requires compliance with the Act and immediate notification of any breach. |

All policies are approved by the Board and reviewed annually.

4. Risk assessment & due diligence

Our inherent risk is assessed as **low** because we operate in a skills-based services sector with short supply chains. The higher-risk areas we monitor are:

* Offshore software development or support contracts.
* Hardware and promotional-merchandise suppliers outside the UK/EU.

Controls include:

* Pre-contract risk questionnaire (aligned to the ETI Base Code).
* Right-to-work checks and salary benchmarking for all new hires.
* Annual supplier attestations and random spot-checks for invoices and payroll records.

5. Measuring effectiveness (FY 2024/25)

| Indicator | Target | Result |
| ——————————————— | ———— | —————— |
| Supplier attestations returned | 100 % Tier-1 | **100 % achieved** |
| Staff completion of modern-slavery e-learning | ≥ 95 % | **98 %** |
| Reported incidents or whistle-blower alerts | 0 | **0** |

No instances of modern slavery or human trafficking were identified in the period.

6. Training & awareness

All staff must complete an e-learning module on modern-slavery risks at induction and refresh every two years. The Procurement and HR teams receive additional face-to-face workshops covering red-flag identification and escalation routes.

7. Continuous improvement (2025/26 priorities)

1. Extend supplier audits to tier-2 hardware vendors.
2. Integrate modern-slavery due-diligence checks into our ISO 27001 supplier-evaluation workflow.
3. Collaborate with a not-for-profit organisation to deliver awareness sessions for our smaller suppliers.

—

**Approval**
This statement was approved by the Board of Directors of CyberWhite Ltd. on **12 April 2025** and will be reviewed and updated no later than **31 July 2026**.

David Horn
Managing Director, CyberWhite Ltd.
Signed on behalf of the Board