Governance
Supplier Engagement
We expect our suppliers to care as much about social, ethical and environmental issues as we do. That’s why we have processes in place to vet potential suppliers. We start by embedding performance criteria into the
selection process.
All new suppliers complete a supplier evaluation questionnaire that requests information relating to their supply chain, such as the country of origin for raw materials, current social compliance and quality audits in place for their manufacturing partners. We also request any other documentation that demonstrates adherence to the ethical and fair treatment of facility workers and to state and federal environmental regulations.
In addition to the questionnaire that new suppliers complete, we ask our direct materials suppliers and our partner network to complete an annual voluntary ESG Self-Assessment (see highlights below) that provides information about their ESG policies or commitments, what ESG data and indicators they’re measuring, any targets they have set and their participation in additional voluntary disclosures. We also seek information on GHG emissions, diversity, equity and inclusion (DE&I) efforts, worker welfare and human rights topics. This gives a good picture of our strengths and weaknesses throughout our value chain and helps us find opportunities to partner together to improve these areas. In 2023, more than half of our audience responded to the assessment, an increase from 2022, showing a positive increase in engagement in this space.
Health & Safety
Whether at a manufacturing site or in an office building, everyone deserves to be safe at work. We’re proud of our rigorous safety program, which has allowed us to was accepted into the best-in-class safety rates at our Shutterfly manufacturing sites. For example, in 2019, our Tempe site achieved OSHA Voluntary Protection Programs (VPP), which recognizes companies that go beyond compliance to promote the well-being of their employees. The site has maintained their VPP status and top-tier incident rates since then.
To look at our safety performance proactively, we utilize leading indicators such as Near Miss tracking, monthly audit scores, percentage of audits completed on time and the number of cause analyses performed for safety incidents. In addition to Near Miss reporting, we track corrective action quality and time to complete corrective action with performance goals in
place. Using these leading indicators allows us to identify risks or concerns that could lead to injuries or unsafe situations and correct them before an accident occurs.
Cybersecurity & Privacy
Protecting customers’ and creators’ private personal information is a top priority, and we take our responsibility to protect data entrusted to us very seriously. We have controls and policies in place for customer protection and privacy, which we update regularly in response to changes in the regulatory and threat landscape. We monitor privacy and cybersecurity issues that might affect Shutterfly and our consumers and creators. We stay proactive, ready to respond with updated policies, practices and or/controls.
While we have a cybersecurity program and controls in place, no organization is immune to the risk of a cyberattack. In the event of a cyber incident, Shutterfly’s incident response team will be activated to respond, mitigate, and investigate. As part of our incident response process, Shutterfly will provide notifications to impacted individuals in accordance with our legal obligations.
As part of our ongoing commitment to the privacy of personal information in our care, we regularly review our existing procedures and work to put additional safeguards in place to further secure our information systems. Full Privacy Notices are available on each brand site.
Ethics & Compliance
We conduct business in a manner that is honest and fair, complying with all applicable regulations, and doing so with integrity. A guiding force is our transparent ethics and compliance policy found in our Code of Conduct, which includes our policies for anti-corruption, anti-discrimination, cybersecurity, DE&I, Emergency Response plan, and more. Programs may be executed differently across different brands to ensure that the training and policies are delivered in a way that is effective for every employee and to address situations that are relevant for them.
In 2023, the company revamped the Employee Handbook, making it available in a digital format and updating policies as needed. Shutterfly distributed the handbook to all employees and collected acknowledgments of receipt and review.
At the time of hire, all new employees receive training on the Code of Conduct, the prevention of harassment and discrimination in the workplace, data privacy, and technology use and security. As of 2024, Shutterfly conducts regular refresher training for data privacy, technology use and security, the Code of Conduct and key compliance topics.
Associations
Association of National Advertisers
DSCOOP (Digital Services Co Op)
DPAC (Digital Print Advisory Council)
National Safety Council (NSC)
National Fire and Protection Association (NFPA)
VPPPA (Voluntary Protection Program Participants Association)
AMAXX Risk Solutions (Workers’ Compensation)
ASSP (American Society of Safety Professionals)
OSHA SGE (Occupational Safety & Health Association Special Government Employee)
PMI (Project Management Institute)
AME (Association for Manufacturing Excellence)
