Ethics & Integrity

Compliance & Code of Conduct

Building trust through ethical business practices, transparent operations, and unwavering commitment to compliance standards worldwide.

Our Commitment to Compliance

At P4 Software, we are committed to conducting business with integrity, transparency, and respect for all stakeholders. Our Code of Conduct establishes the ethical standards that guide our daily operations and long-term strategy.

As a provider of enterprise software solutions, we understand the critical importance of maintaining the highest standards of corporate governance, data protection, and regulatory compliance. This commitment extends to every aspect of our business—from product development and customer relationships to employee conduct and environmental responsibility.

Core Principles of Our Code of Conduct

These fundamental values guide every decision we make and every action we take.

Integrity & Honesty

We conduct all business activities with the highest standards of integrity, honesty, and fairness. We never compromise our values for short-term gains.

Legal Compliance

We comply fully with all applicable laws, regulations, and industry standards in every jurisdiction where we operate, including GDPR, CCPA, and SOC 2.

Respect & Diversity

We treat all employees, customers, partners, and stakeholders with respect. We value diversity and maintain a workplace free from discrimination and harassment.

Data Privacy & Security

We protect customer and employee data with industry-leading security measures. Privacy is a fundamental right, and we design our systems with privacy by default.

Anti-Corruption

We have zero tolerance for bribery, corruption, or any form of unethical influence. We compete fairly and transparently in all markets.

Environmental Responsibility

We minimize our environmental footprint through cloud-first architecture, energy-efficient operations, and sustainable business practices.

Key Compliance Policies

Detailed frameworks that govern our operations and ensure regulatory adherence.

Data Protection & Privacy

We comply with GDPR, CCPA, and other global data protection regulations. Our privacy-by-design approach ensures customer data is protected at every level of our systems.

  • GDPR Compliance: Full compliance with EU data protection standards
  • Data Minimization: We collect only data necessary for service delivery
  • Customer Rights: Right to access, rectification, erasure, and portability
  • Encryption: Data encrypted at rest and in transit (TLS 1.3, AES-256)

Anti-Corruption & Bribery

We prohibit all forms of bribery, kickbacks, and corrupt practices. Our employees, partners, and vendors must adhere to the highest ethical standards.

  • Zero Tolerance: No bribes, facilitation payments, or improper gifts
  • Third-Party Due Diligence: All partners screened for compliance risks
  • Training: Regular anti-corruption training for all employees
  • Whistleblower Protection: Safe reporting channels with no retaliation

Information Security

Our ISO 27001-aligned security framework protects against cyber threats, data breaches, and unauthorized access. We maintain SOC 2 Type II certification.

  • SOC 2 Type II: Annual audits verify security controls
  • Penetration Testing: Regular third-party security assessments
  • Incident Response: 24/7 monitoring and rapid incident response
  • Access Controls: Multi-factor authentication and least-privilege access

Speak Up: Reporting Concerns

We encourage open communication and provide safe channels to report compliance concerns without fear of retaliation.

What to Report

  • Violations of law or regulations
  • Breach of Code of Conduct
  • Fraud, bribery, or corruption
  • Data security incidents
  • Discrimination or harassment
  • Conflicts of interest

How We Protect You

  • Anonymous reporting available
  • No retaliation policy enforced
  • Confidential investigations
  • Independent third-party hotline
  • Regular follow-up on reports
  • Legal protection for whistleblowers

Reporting Channels

Contact Form:
Submit Report

Continuous Improvement

Our compliance program is not static. We continuously review, update, and strengthen our policies to reflect evolving regulations, industry best practices, and stakeholder feedback.

Annual
Policy Reviews
Quarterly
Compliance Training
24/7
Monitoring & Response

Accounting Standards ActivoHQ Supports Estándares Contables que Soporta ActivoHQ

ActivoHQ is designed to help your finance team meet the most demanding fixed-asset accounting requirements—without custom scripts or manual workarounds. ActivoHQ está diseñado para ayudar a tu equipo financiero a cumplir los requisitos más exigentes de contabilidad de activos fijos, sin scripts personalizados ni soluciones manuales.

FASB ASC 842

US GAAP lease accounting standard (effective for most entities 2019+) Estándar contable de arrendamientos US GAAP (vigente para la mayoría de entidades desde 2019)

What ActivoHQ Does Qué hace ActivoHQ

  • Right-of-Use Asset Tracking:Seguimiento de activos por derecho de uso: Maintains separate register entries for owned vs. leased assets, tagging each with the applicable lease schedule. Mantiene entradas separadas en el registro para activos propios vs. arrendados, etiquetando cada uno con el cronograma de arrendamiento correspondiente.
  • Depreciation & Amortization Schedules:Calendarios de depreciación y amortización: Generates period-by-period amortization schedules that feed directly into your GL, reducing month-end close effort. Genera calendarios de amortización período a período que alimentan directamente tu libro mayor, reduciendo el esfuerzo de cierre mensual.
  • Disclosure-Ready Reports:Informes listos para divulgación: Pre-built report templates covering maturity analysis and weighted-average discount rate disclosures required under ASC 842. Plantillas de informes preconstruidas que cubren el análisis de vencimientos y las divulgaciones de tasa de descuento promedio ponderada requeridas por ASC 842.
  • Audit Trail:Pista de auditoría: Every classification change, reassessment event, and journal entry is timestamped and user-attributed in an immutable log. Cada cambio de clasificación, evento de reevaluación y asiento contable queda registrado con marca de tiempo y atribución de usuario en un registro inmutable.

IFRS 16

International lease accounting standard, applicable to most jurisdictions outside the US Estándar internacional de contabilidad de arrendamientos, aplicable en la mayoría de jurisdicciones fuera de EE.UU.

What ActivoHQ Does Qué hace ActivoHQ

  • Single-Model Lease Recognition:Reconocimiento de arrendamiento modelo único: Follows IFRS 16's single on-balance-sheet model, recognizing both right-of-use assets and lease liabilities from day one. Sigue el modelo único de balance de IFRS 16, reconociendo tanto los activos por derecho de uso como los pasivos de arrendamiento desde el primer día.
  • Multi-Currency Support:Soporte multidivisa: Handles lease liabilities denominated in foreign currencies with automatic revaluation at each reporting date—critical for multi-country operations. Maneja pasivos de arrendamiento denominados en monedas extranjeras con revaluación automática en cada fecha de reporte, crítico para operaciones multinacionales.
  • Practical Expedients:Expedientes prácticos: Supports short-term lease and low-value asset exemptions with a configurable threshold, minimizing unnecessary balance-sheet complexity. Soporta exenciones de arrendamientos a corto plazo y activos de bajo valor con un umbral configurable, minimizando la complejidad innecesaria del balance.
  • IFRS Disclosure Pack:Paquete de divulgación IFRS: Export-ready tables for Note disclosures, including carrying amounts, additions, derecognitions, and depreciation by asset class. Tablas listas para exportar para divulgaciones en notas, incluyendo valores contables, adiciones, bajas y depreciación por clase de activo.

SOX Section 302 / 404

Sarbanes-Oxley internal controls over financial reporting (ICFR) Controles internos sobre informes financieros (ICFR) de la Ley Sarbanes-Oxley

What ActivoHQ Does Qué hace ActivoHQ

  • Segregation of Duties:Segregación de funciones: Role-based access control (RBAC) enforces that the same user cannot add, approve, and dispose of the same asset—a core SOX ICFR control. El control de acceso basado en roles (RBAC) garantiza que el mismo usuario no pueda agregar, aprobar y dar de baja el mismo activo, un control ICFR fundamental de SOX.
  • Immutable Audit Log:Registro de auditoría inmutable: Every create, update, approve, and delete action is permanently logged with user identity, timestamp, and before/after field values—satisfying SOX Section 302 attestation requirements. Cada acción de creación, actualización, aprobación y eliminación queda registrada permanentemente con identidad del usuario, marca de tiempo y valores antes/después de los campos, cumpliendo los requisitos de atestación de la Sección 302 de SOX.
  • Approval Workflows:Flujos de aprobación: Configurable multi-step approval workflows for asset additions, disposals, and revaluations ensure no material change reaches the GL without authorized sign-off. Los flujos de aprobación de múltiples pasos configurables para adiciones, bajas y revaluaciones de activos garantizan que ningún cambio material llegue al libro mayor sin autorización firmada.
  • Audit Package Export:Exportación del paquete de auditoría: One-click export of the complete fixed-asset sub-ledger reconciliation, depreciation roll-forward, and ICFR evidence package—reducing external auditor prep time by up to 60%. Exportación con un clic del libro auxiliar completo de activos fijos, el movimiento de depreciación y el paquete de evidencia ICFR, reduciendo el tiempo de preparación para auditores externos hasta en un 60%.

Platform Security & Data Residency Seguridad de Plataforma y Residencia de Datos

ActivoHQ runs on Microsoft Azure, giving you enterprise-grade infrastructure with transparent data-residency options. ActivoHQ funciona en Microsoft Azure, brindándote infraestructura de nivel empresarial con opciones transparentes de residencia de datos.

Azure Cloud Infrastructure Infraestructura Azure Cloud

  • Hosted in Azure US East and West regions by defaultAlojado en regiones Azure US East y West por defecto
  • LatAm tenants optionally routed to Brazil South regionLos inquilinos de LatAm pueden ser enrutados opcionalmente a la región Brazil South
  • 99.9% uptime SLA backed by Azure's global PoP networkSLA de 99.9% de disponibilidad respaldado por la red global de PoP de Azure
  • Geo-redundant backups retained for 90 daysCopias de seguridad geo-redundantes retenidas durante 90 días

Encryption at Every Layer Cifrado en Cada Capa

  • At rest: AES-256 via Azure Storage Service EncryptionEn reposo: AES-256 mediante Azure Storage Service Encryption
  • In transit: TLS 1.2+ enforced for all API and web trafficEn tránsito: TLS 1.2+ aplicado para todo el tráfico de API y web
  • Database-level Transparent Data Encryption (TDE)Cifrado de datos transparente (TDE) a nivel de base de datos
  • Customer-managed key (CMK) option available on requestOpción de clave administrada por el cliente (CMK) disponible bajo solicitud

RBAC & Identity RBAC e Identidad

  • Fine-grained role-based access control (RBAC) per entity / locationControl de acceso basado en roles (RBAC) granular por entidad / ubicación
  • SSO via Azure AD / Entra ID, Okta, and SAML 2.0SSO mediante Azure AD / Entra ID, Okta y SAML 2.0
  • Multi-factor authentication (MFA) enforced for all admin rolesAutenticación multifactor (MFA) obligatoria para todos los roles de administrador
  • Session timeout and IP allow-listing configurable per tenantTiempo de espera de sesión y lista blanca de IP configurables por inquilino

Full Audit Trails Pistas de Auditoría Completas

  • Every write operation logged: who, what, when, and from whereCada operación de escritura registrada: quién, qué, cuándo y desde dónde
  • Logs immutable — cannot be altered or deleted by tenant adminsLos registros son inmutables: no pueden ser alterados ni eliminados por administradores del inquilino
  • 7-year retention to meet typical SOX and FASB requirementsRetención de 7 años para cumplir los requisitos típicos de SOX y FASB
  • Export to CSV / JSON for external audit or SIEM integrationExportación a CSV / JSON para auditoría externa o integración con SIEM

Vulnerability Management Gestión de Vulnerabilidades

  • Annual third-party penetration tests (results available under NDA)Pruebas de penetración anuales por terceros (resultados disponibles bajo NDA)
  • Continuous dependency scanning via Azure Defender for DevOpsEscaneo continuo de dependencias mediante Azure Defender for DevOps
  • Critical patches deployed within 24 hours of vendor releaseParches críticos implementados dentro de las 24 horas del lanzamiento del proveedor
  • Responsible disclosure program for security researchersPrograma de divulgación responsable para investigadores de seguridad

Certifications & Standards Certificaciones y Estándares

  • SOC 2 Type II
  • ISO 27001 (aligned)
  • GDPR & CCPA
  • Azure Security BaselineLínea Base de Seguridad de Azure
  • 256-bit SSL / TLS 1.2+

Questions About Our Compliance Program?

Our compliance team is here to answer your questions and provide additional information about our policies and procedures.

Contact Compliance Team Learn More About Us