Better Health for All

OneSpan's core business is digital security and e-signature solutions, which are not inherently health-focused. While the company's solutions are applied in the healthcare sector, providing benefits such as streamlining patient onboarding, maintaining accurate medical records, and safeguarding patient data, there is no quantitative evidence to determine the percentage of the product portfolio dedicated to health benefits, thus scoring 0 for health_impact_core. The company's solutions are compliant with HIPAA, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, SOC 2 Type II, and FedRAMP, demonstrating industry-leading data protection standards.

OneSpan commits to mitigating bias in algorithms related to facial recognition/comparison.

Fair Pay & Worker Respect

In 2024, the CEO-to-median employee pay ratio was 70:1, based on the CEO's total compensation of $7,127,355 and median employee pay of $101,572.

The voluntary employee turnover rate across the global employee base was 12.4% in 2024, an increase from 10% in 2023 but lower than 16% in 2022 and 20% in 2021. The company's overall employee engagement score was 68% favorable in 2021, improving to 75% in 2022. However, engagement scores for 2023 and 2024 were not available.

Kind to Animals

OneSpan Inc. is a provider of digital security solutions, including software, hardware, and cloud-based services.

Its core business model does not involve animal-derived products, animal testing, animal agriculture, or direct impact on wildlife habitats. The provided articles do not contain any specific information or data points related to animal welfare, animal testing, or animal-derived inputs in its operations or supply chain. Therefore, all KPIs related to cruelty-free certification, alternative testing, humane operations, wildlife conservation, ethical input substitution, animal-related supplier audits, cage-free sourcing, animal testing policy and volume, innovation investment in animal-free technologies, animal agriculture ethics, animal-free R&D collaboration, and public policy engagement on animal welfare are not applicable to the company's operations.

No War, No Weapons

No specific evidence was found in the provided articles regarding OneSpan Inc.'s involvement in arms contracts, dual-use technology, sales to embargoed regimes, peacebuilding investments, conflict divestment policies, board oversight of defense activities, export end-user certifications, lobbying related to arms control, humanitarian procurement, human rights due diligence frequency in conflict areas, Arms Trade Treaty compliance, AI military safeguards, UN Guiding Principles alignment, dual-use item screening, surveillance transparency, ethical red lines, exposure to controversial weapons, war risk audits, annual conflict partner reviews, defense divestment, conflict minerals, peace tech investment, conflict zone procurement, or ethical red line compliance rates.

Therefore, no KPIs could be scored against the 'No War, No Weapons' value.

Planet-Friendly Business

OneSpan's total GHG emissions in 2024 were 8,877 tCO2e, representing a 61% reduction from 2023.

The company has not yet adopted climate-related goals or targets, nor has it conducted a climate scenario analysis. It reports in partial alignment with TCFD recommendations. In 2021, 6.57% of its energy was sourced from renewables. Regarding its supply chain, 60% of its top 50 vendors had an ESG program in 2024, and 36% of its top 50 vendors committed to GHG reduction targets in the same year. OneSpan requires product manufacturing suppliers to be ISO 14001 certified and makes office recycling programs available. The company has not reported any environmental compliance violations. OneSpan's Supplier Code of Conduct requires suppliers to comply with environmental laws and treaties, but there is no formal deforestation policy or verified implementation.

Respect for Cultures & Communities

OneSpan maintains a compliance concern reporting hotline and an Ethics Hotline, allowing employees and partners to report suspected violations, human rights issues, harassment, discrimination, or retaliation.

The company has not reported any cultural appropriation incidents. OneSpan's Digipass devices include a voice feature that can audibly speak displayed items, and over 250,000 accessible Digipass devices have been provided since 2019, with more than 3.5 million accessible transactions via OneSpan Sign in 2023. OneSpan adopted a Supplier Diversity Policy in 2023 and reported spending $457,000 with diverse suppliers in 2024, an increase from $250,000 in 2022. All employees take annual diversity and inclusion training, and training on unconscious bias and psychological safety is required upon hire. Additionally, all employees take annual training covering harassment prevention and respect in the workplace.

Safe & Smart Tech

OneSpan has not experienced any material information security breaches in the last three years, though a minor data privacy breach occurred in 2018 due to human error, which resulted in no material expenses, penalties, or regulatory action.

The company's cloud platforms and services are audited annually by external independent auditors against SOC 2, ISO 27001, 27017, and 27018 standards, for which they receive annual certifications. OneSpan Sign is FedRAMP SaaS-level compliant, and Digipass authenticators are FIDO2 and FIPS 140-2 certified. The company also self-certifies for GDPR and HIPAA. OneSpan maintains a global security awareness training program, which is mandatory for all employees at hire and annually thereafter. Role-specific training is also provided, and recurring phishing campaigns are conducted weekly to improve employee recognition and reporting of phishing attempts. The company's Corporate Privacy Statement, last updated in November 2023, outlines user rights to access, rectify, delete, and transfer their data, as well as object to processing. It also states that users can control preferences for site usage and opt-in/out of marketing uses of personal data via a Preference Center or by contacting privacy@onespan.com. OneSpan conducts regular internal reviews and continuous security monitoring of its information systems and assets, and independent reviews of key security components are performed periodically. The company reports misuse or data breaches within the time limits set by Applicable Data Protection Laws and mentions compliance with GDPR, CCPA, and other Data Protection Laws. OneSpan's sites use TLS (Transport Layer Security) in combination with the highest level of encryption supported by the browser. Telephone recordings are automatically deleted after 30 days, and website monitoring data are kept for 1 year or longer as per applicable legal requirements.

Zero Waste & Sustainable Products

OneSpan makes office recycling programs available and recycles or refurbishes customer authentication devices.

The company requires its product manufacturing suppliers to be ISO 14001 certified and comply with environmental laws related to waste disposal, emissions, discharges, and hazardous material handling. OneSpan's Digipass authentication devices are subject to the EU RoHS Directive, which restricts hazardous substances, and the EU WEEE Directive, which requires the manufacturer or importer to recycle products containing certain substances. The company has had no waste disposal violations in the past three years. Suppliers are also required to use packaging materials that comply with all environmental laws and treaties.