We are continuously working to expand and improve our supervisory and reporting structures in order to further strengthen our stakeholders' trust in our company. We are therefore working to prevent potential violations of the law from occurring in the first place and to put a stop to them at an early stage by means of precise specifications and guidelines. In this way we protect not only our company but also our employees from penalties and reputational damage.

Detailed information on our compliance can be found at Our Responsibility
 

Code of Conduct

In 2020, we defined and implemented a Code of Conduct in our company that sets out the most important behavioral and compliance rules and procedures for our employees. These include the protection of intellectual property rights, the prohibition of insider trading, and measures to prevent corruption and the acceptance of benefits.

In regular annual training courses on Compliance and our Code of Conduct, our employees are sensitized and learn how to make ethical decisions.

Whistleblower system

Compliance with laws and regulations and ensuring behaviour with integrity are essential for CHEPLAPHARM. To ensure this, all stakeholders need to be alert and willing to report suspected breaches of regulations. With this in mind, we rely on a multilingual, electronically protected whistleblower system. The system is available in all languages of the countries in which CHEPLAPHARM operates one or more sites. This enables our employees, but also third parties who are active in our value chain, to report suspected cases of misconduct anonymously or by providing their contact details. Our fully digital whistleblower system can be accessed via our website at Our Responsibility and is possible at any time via all end devices. Regardless of whether a report is made anonymously or by name, it is always treated confidentially and the protection of whistleblowers and affected parties is guaranteed at all times. In addition, it is also possible to report directly to our Compliance Officer in German and English - here, too, a report of a suspected breach of rules can be made anonymously if the reporting party so wishes. Our whistleblower system is also the subject of company-wide compliance training, which all employees are required to complete. Our employees are also taught how to use the system correctly in specially organised training sessions. Further information can be found here.

To ensure an adequate supervisory structure, CHEPLAPHARM has implemented a two-tier system consisting of an Executive Board and a Supervisory Board at the SE level. This so-called two-tier system enables a separation between the management and control of the company. The Supervisory Board thus assumes the role of the controlling body and reviews the work of the Executive Board in general and the proper accounting and annual financial statements in particular. This ensures that the Executive Board's decisions are always made in the interests of the company and its shareholders. In the 2023 financial year, the Supervisory Board at CHEPLAPHARM consisted of four members and had a female quota of 50%.at the beginning of the 2024 financial year, CHEPLAPHARM strengthened the supervisory body once again. With effect from 1 January 2024, the previous CEO, Sebastian Braun, moved to the Supervisory Board, meaning that the Board now consists of five members. Our Supervisory Board members have extensive expertise in the areas of healthcare, M&A and finance and accounting and also contribute experience from various other Supervisory Board mandates.

The increasing number of cyber attacks on IT infrastructures and systems worldwide also poses considerable risks for companies. CHEPLAPHARM avoids business interruptions and ensures data security for stakeholders by consistently monitoring systems and implementing a wide range of guidelines and training courses on IT, information and data security for all employees. The handling of IT systems and access management to systems and buildings are also part of our precautionary measures.
In addition, CHEPLAPHARM has implemented various emergency plans and procedures for responding to IT and data security incidents. The emergency mechanisms are tested regularly. In addition to an annual recovery test, corresponding back-ups and network emergency equipment (NEA) are even tested on a monthly basis. Furthermore, service providers at CHEPLAPHARM undergo a qualification process in the form of self-disclosure and consent to background checks based on sanctions lists.

Data protection

CHEPLAPHARM attaches great importance to the protection of personal data of all stakeholders and complies with the legal requirements of the European General Data Protection Regulation (GDPR). 
Last but not least, CHEPLAPHARM regularly conducts internal risk assessments on information security and audits of its control procedures to prevent information security breaches. For example, when processing personal data, a data protection impact assessment is carried out together with our external data protection officer. A detailed information security audit in accordance with ISO standard 27001 was also carried out in 2022. In addition, so-called "red teaming exercises" (= commissioned attempt at a simulated hacking attack) and phishing tests are commissioned annually by external service providers in order to maintain a high level of awareness of IT security and standards in the handling of data.
The internal data protection department and an externally appointed data protection officer monitor data protection breaches and ensure that any incidents are reported in a timely manner.

Thanks to the aforementioned extensive measures to protect our IT infrastructure and systems, CHEPLAPHARM once again did not experience any information security incidents in the 2023 financial year.