Overview
Code of Conduct Acknowledgment is the formal process of requiring employees to review and attest to the organization’s Code of Conduct on a defined schedule. This process supports SOC 2 Control Environment requirements by demonstrating management’s commitment to ethical values and employee accountability.
Step-by-Step Process
Review and approve Code of Conduct
The HR Manager reviews the current Code of Conduct to confirm it reflects company values, policies, and legal requirements. Any updates are approved by executive management, and the final version is saved as a controlled document. The output is a dated, approved Code of Conduct ready for distribution.
Role: HR Manager
Configure acknowledgment workflow
The HR Manager configures the annual acknowledgment workflow in the selected HR or e-signature tool. This includes uploading the Code of Conduct, defining acknowledgment language, and setting due dates. The output is an active workflow assigned to all in-scope employees.
Role: HR Manager
Assign acknowledgment to employees
The HR Manager assigns the acknowledgment task to all active employees, including new hires if applicable. Contractors are included if required by company policy. The output is a system-generated assignment record for each employee.
Role: HR Manager
Notify employees and track completion
The system sends automated notifications to employees with instructions to review and acknowledge the Code of Conduct. The HR Manager monitors completion status and follows up on overdue acknowledgments. The output is a real-time completion dashboard.
Role: HR Manager
Address non-responses and exceptions
The HR Manager escalates unresolved non-responses to management after the due date. Approved exceptions or terminations are documented. The output is a complete population with documented resolution for all employees.
Role: HR Manager
Retain acknowledgment evidence
The HR Manager exports acknowledgment records and stores them in a secure compliance or HR repository. Records are retained according to the company’s retention policy. The output is an audit-ready evidence set for the annual SOC 2 period.
Role: HR Manager
What You Need Before Starting
- Approved and current Code of Conduct document
- List of active employees in scope for acknowledgment
- Administrative access to HRIS or e-signature tool
- Defined acknowledgment due date and escalation policy
Evidence Your Auditor Expects
- Final Code of Conduct PDF with approval date and version number
- System-generated acknowledgment report showing employee name, status, and timestamp
- Screenshot of completion dashboard dated within the audit period
- Exported CSV or PDF of acknowledgments with electronic signatures and dates
How This Looks In Your Tools
BambooHR
Log in to BambooHR as an administrator and navigate to Settings > Employee Files > Document Templates. Upload the Code of Conduct as a new document and enable the acknowledgment or signature requirement.
Go to Settings > Tasks > Company Tasks and create a new task titled “Annual Code of Conduct Acknowledgment.” Assign it to All Employees, set the due date, and attach the Code of Conduct document. Enable email reminders for incomplete tasks.
Track completion by navigating to Tasks > Company Tasks and opening the acknowledgment task. Use the Export option to download completion records with employee names and timestamps for audit evidence.
Workday
Log in to Workday and search for “Create Distribute Document” from the global search bar. Upload the Code of Conduct and configure it as a required acknowledgment with electronic confirmation.
Define the distribution population by selecting All Active Employees or a specific supervisory organization. Set the due date and enable automatic notifications and reminders.
Monitor completion by searching for “View Document Distribution Status.” Export the acknowledgment report showing employee IDs, completion status, and completion dates for audit retention.
DocuSign
Log in to DocuSign and select Manage > Templates > New Template. Upload the Code of Conduct, add a required acknowledgment or signature field, and save the template.
Create a new envelope from the template and send it to the employee distribution list, or use bulk send for all employees. Configure reminder and expiration settings to align with the annual deadline.
Track completion in Manage > Envelopes by filtering on Completed and Sent. Export the Certificate of Completion and signed documents with timestamps for audit evidence.
Common Audit Findings
- Incomplete employee acknowledgments
- This occurs when terminated or newly hired employees are not properly tracked in the annual cycle. Prevent this by validating the employee population before assignment and documenting exceptions.
- Outdated Code of Conduct version used
- Organizations sometimes reuse prior-year documents without formal review. Prevent this by requiring documented annual review and version control before distribution.
- Missing acknowledgment timestamps
- Auditors may find acknowledgments without clear completion dates due to improper exports. Prevent this by exporting system reports that explicitly include timestamps.
- Evidence not retained for audit period
- Acknowledgment records may be overwritten or deleted. Prevent this by exporting and storing evidence in a read-only compliance repository annually.