Operating
Responsibly /

We are committed to acting ethically and with the highest levels of integrity and to safeguarding data privacy and security by aligning with industry best practices.
Operating responsibly is fundamental to maintaining a healthy, robust and sustainable business. Our clients, investors and fellow Endavans must trust that we are always doing the right thing.”
Rohit Bhoothalingam
Group General Counsel


Our code of conduct
Our code of business conduct is rooted in our values. It provides a comprehensive framework for the way we conduct ourselves at work. Every year, Endavans take a code of conduct e-learning module.
Last year, our e-learning module included topics such as inclusion and belonging, anti-bribery, fraud-prevention, employee privacy and our ‘Speak Up Safely’ policy.
Speak Up Safely
Our Speak Up Safely process allows anyone to raise concerns in confidence if we’re not meeting the standards of integrity we have set for ourselves.

Speeki platform
The Speeki AI-powered platform and app allow real-time two-way anonymous messaging between any concerned reporter and our integrity team. Speeki also supports the process of declaring gifts and hospitality as well as disclosing potential conflicts of interest.
Sustainable procurement
We aim to have a positive impact on the environment and society. Our procurement policy together with our supplier code of conduct and modern slavery questionnaire are designed to maintain the integrity of our supply chain.
Supplier code of conduct
All our suppliers are required to adhere to the principles laid out in our supplier code of conduct. We updated it recently, asking strategic suppliers for environmental commitments by tracking their Scope 1 and 2 emissions and establishing emissions reduction targets.
Download now
Modern slavery statement
We have a zero-tolerance policy towards modern slavery and human trafficking, working to ensure neither play any part in our business and supply chain. This statement is made in respect of FY 2023/2024 in accordance with the UK’s Modern Slavery Act 2015 and Australia’s Modern Slavery Act 2018.
Read the statement
Corporate governance
We make our code of conduct, speak up safely policy, anti-bribery and anti-corruption policy, committee charters, board inclusion policy, sanctions compliance policy and other governance documents publicly available on our investors website.
Employing best practice standards
All our people are required to complete security awareness training at onboarding and annually. Additionally, we conduct simulation-based testing to help Endavans recognise and report potentially malicious communications.
In January 2025, we achieved our fourth consecutive SOC 2 Type II attestation covering both software development and our ‘Run by Endava’ operations.
System and Organization Controls (SOC) 2 is a comprehensive reporting framework put forth by the American Institute of Certified Public Accountants (AICPA) in which independent, third-party auditors carry out an assessment and subsequent testing of controls relating to the Trust Services Criteria (TSC) of security, availability, processing integrity, confidentiality and privacy.
As a distributed agile organisation, Endava consistently delivers high-quality services from a network of global delivery locations. Each location operates using secure, cloud-based tools and processes that enable seamless collaboration and resilient service delivery. Our technology infrastructure supports both in-office and remote collaboration through enterprise managed devices, encrypted communications and secure cloud platforms – ensuring flexibility and continuity regardless of location.
Our privacy team in our legal department includes regional legal professionals and provides comprehensive privacy oversight across jurisdictions, ensuring we remain compliant with expanding global privacy laws. To reinforce a culture of responsible data use, we have established a data community that includes designated data champions from across the business.
Certifications
Information security management
We are actively expanding our Information Security Management System (ISMS) in alignment with the ISO 27001 standard across our global delivery locations. At the end of June 2025, approximately 60% of Endava legal entities achieved the ISO 27001 certification.
Our offices in Berlin and Timisoara are also certified under Trusted Information Security Assessment Exchange (TISAX), an internationally recognised data security standard for the automotive industry.
Quality management
Our Quality Management System (QMS) is certified to the ISO 9001 standard. Our QMS is embedded within The Endava Adaptive Model (TEAM) and ensures consistent delivery of high-quality digital products and services.
CyberEssentials
Since April 2024, Endava has maintained Cyber Essentials Certification, a UK government backed programme administered by the National Cyber Security Centre. We successfully renewed our certification in April 2025, underscoring our ongoing commitment to security best practices.
Find out more
See how we’re having an impact in other sustainability areas

Our people
and communities
/
We enable our people to be the best they can be by creating learning and development opportunities, fostering an inclusive work environment and making sure everyone is connected to our culture. We also aim to make a positive difference in our communities by supporting impactful projects.
Meet our people

Accelerating
innovation
/
We are committed to driving innovation and delivering transformative digital solutions that support our clients in achieving real impact, while and enablinge the sustainable growth of our organisation. We focus on embedding AI in our operations, working closely with technology partners and reinforcing our client-centric approach.
See how we innovate

Environmental
impact
/
We care about our impact on the world and follow sound environmental practices to reduce our environmental footprint.
Explore our impact

2025 Sustainability Report
Learn from our 2025 report how we are evolving our sustainability approach and reporting framework to align to the CSRD and the Double Materiality principles.