Better Health for All
0
SailPoint's core identity governance solutions, when applied in the healthcare sector, aim to improve overall patient care by safeguarding sensitive patient data, enhancing clinician productivity, and ensuring compliance.
1
This provides modest health benefits, warranting a score of 10 for health_impact_core. The company's products do not have direct safety implications for physical or mental health, nor do they involve pricing or accessibility considerations for health products, leading to a score of 0 for price_accessibility. SailPoint's solutions help protect sensitive patient health information (PHI) and ensure compliance with regulations like HIPAA, GDPR, SOX, and NIST, and it has ISO/IEC 27701 PIMS certification, indicating exceptional data practices and a perfect track record with health data protection, scoring 30 for healthcare_data_responsibility.
2
The company provides deep visibility into identities and access rights, using AI to detect and prevent high-risk access combinations, which constitutes excellent risk transparency, scoring 10.
3
While SailPoint uses AI, there is no specific percentage of R&D allocated to health improvement, so health_innovation_investment is omitted. The company's focus on managing access for employees, third parties, and machines, including agency nurses and affiliate physicians, does not directly translate to strengthening healthcare workforce capacity, leading to an omission for healthcare_workforce_support.
4
Similarly, there is no evidence of direct engagement in preventative health measures or mental health initiatives beyond employee assistance programs, leading to omissions for preventative_health_measures and mental_health_initiatives.
5
The company provides resources to expand identity security expertise and information about HIPAA, but not broad public health education, leading to an omission for healthcare_education.
6
There is no evidence for vulnerable_reach.
Fair Money & Economic Opportunity
0
No evidence available to assess SailPoint, Inc. on Fair Money & Economic Opportunity.
Fair Pay & Worker Respect
30
SailPoint Technologies demonstrates a high level of worker engagement, with an overall employee rating of 4.6 out of 5 stars based on over 1,226 reviews, and 94% of employees would recommend working there.
1
The company's culture and values are rated 4.8 out of 5 stars.
2
Furthermore, there are no mentions of labor violations, regulatory actions, or fines in any of the provided articles.
3
Fair Trade & Ethical Sourcing
0
SailPoint is a provider of enterprise identity governance solutions, primarily dealing with software and services rather than physical commodities. Therefore, the KPI for fair-trade certification share is not applicable. No specific, quantitative data was provided for audit frequency, forced or child labor incidents, traceability coverage, remediation speed, ethical clause coverage, materials risk index, or supplier diversity spend.
1
While the company has a Supplier Code of Conduct and a zero-tolerance policy for human rights abuses, including slavery, forced labor, and child labor, no evidence of specific outcomes, percentages, or frequencies related to these policies was found.
2
Honest & Fair Business
-10
SailPoint maintains a comprehensive whistleblower policy, effective February 12, 2025, which includes an anonymous, confidential reporting hotline administered by an independent third-party provider and explicitly prohibits retaliation against employees who report violations in good faith.
1
The Audit Committee oversees these procedures.
2
The company also has a comprehensive Anti-Corruption Policy, effective February 12, 2025, which prohibits bribes, kickbacks, and gifts over $100 annually, and requires compliance with laws like the U.S. Foreign Corrupt Practices Act.
3
This policy includes annual acknowledgment requirements and annual all-company employee privacy training, which is related to compliance.
4
SailPoint has not had any financial restatements since its IPO. Regarding board independence, each member of the Audit Committee is independent in accordance with Nasdaq rules and Rule 10A-3 of the Securities Exchange Act of 1934.
5
However, the percentage of the entire board free from material conflicts of interest is not specified. For third-party verification, SailPoint uses BugCrowd for its invite-only Bug Bounty Reward Program, engaging vetted external security researchers, and the anonymous whistleblower hotline is administered by an independent third-party provider.
6
However, a general percentage of ethical claims verified by third parties is not provided.
Kind to Animals
0
SailPoint, Inc. (SAIL.US) is a provider of enterprise identity governance solutions, operating as a software and service-oriented business.
1
The company's core activities do not involve physical products, animal testing, animal-derived ingredients, animal agriculture, or direct impact on wildlife habitats.
2
Therefore, all KPIs related to animal welfare, including cruelty-free certification, alternative testing, humane operations, ethical sourcing, and animal agriculture practices, are not applicable to its business model.
No War, No Weapons
-40
SailPoint maintains a supplier code of conduct that requires suppliers to comply with legal requirements related to slavery, forced labor, and human trafficking laws.
1
The company's procurement team also requires potential vendors to complete a due diligence questionnaire.
2
Planet-Friendly Business
0
SailPoint, Inc. lacks publicly available quantitative data across all assessed environmental performance indicators.
1
While the company's headquarters is in a LEED-certified facility,
2
and it implements various recycling and resource efficiency initiatives such as encouraging telecommuting and using energy-efficient equipment,
3
no specific metrics are provided to quantify their impact or performance against industry benchmarks.
4
The company's 2023 ESG Report and other public statements emphasize governance, social responsibility, and cybersecurity,
5
but do not include data on greenhouse gas emissions, renewable energy usage, water consumption, or waste diversion rates.
6
A third-party assessment noted that SailPoint's DitchCarbon score is lower than 80% of the industry,
7
indicating a potential gap in environmental performance or, more likely, a lack of public disclosure on these metrics.
Respect for Cultures & Communities
0
The provided articles do not contain specific, quantifiable evidence for any of the KPIs related to 'Respect for Cultures & Communities'. Information regarding formal partnerships with indigenous or local community groups, percentage of revenue reinvested in local development, cultural appropriation incidents, cultural impact assessment protocols, local employment ratios, grievance mechanisms availability for communities, complaint resolution times, FPIC participation rates, community governance inclusion, cultural preservation investment, local procurement share, indigenous supplier count, cultural site protection, social license operations, charitable giving to cultural heritage, community fund allocation, language inclusivity, cultural incident response, or cultural training completion is not present in a measurable format that aligns with the rubric's quantitative thresholds.
1
Therefore, no KPIs can be scored.
Safe & Smart Tech
30
SailPoint has no documented data breaches of its own systems. The company maintains a comprehensive set of privacy and security certifications, including ISO 27001, SOC 1 Type 2, SOC 2 Type 2, SOC 3, Common Criteria ISO/IEC 15408, EU-US, Swiss-US, and UK Extension Data Privacy Frameworks, NPC Seal of Registration (Philippines), FedRAMP Moderate ATO, and IRAP PROTECTED level assessment.
1
SailPoint integrates privacy by design into its products, services, policies, and procedures, and offers a Data Processing Addendum.
2
IdentityIQ utilizes AES-256 encryption for sensitive data and passwords, and Identity Security Cloud encrypts data in transit and at rest, with Zero Knowledge Encryption for credentials at the user's device.
3
The company has a comprehensive Cybersecurity Awareness and Training program, requiring regular completion of security education and awareness modules, including phishing susceptibility tests, with over 75% employee participation in surveys.
4
SailPoint operates an invite-only Bug Bounty Reward Program with monetary compensation for eligible findings and a Responsible Disclosure Policy.
5
It conducts regular, comprehensive security testing, including first- and third-party application security assessments and penetration tests.
6
The company has a robust vulnerability management program, leveraging industry-leading scanning technology, scoring vulnerabilities with CVSS, and remediating critical vulnerabilities within 3-7 days on average.
7
SailPoint's AI ethics governance includes a Responsible AI Statement, conducts Readiness Assessments of all AI models to audit fairness and evaluate against diverse data to unearth potential bias, and monitors every AI model to identify changes in performance and detect unfair outcomes.
8
It incorporates Explainable AI (XAI) into products, providing contextual insights into model decisions.
9
AI features include human-in-the-loop processes, and models are not trained with personally identifiable information (PII) for cross-tenant training without opt-out options.
10
The company adheres to GDPR-compliant privacy programs and monitors emerging AI legislation.
11
SailPoint uses personal information only when necessary and avoids training models with personal data whenever possible, deploying isolated models for customer-specific personal information.
12
Identity Security Cloud supports strong authentication options, including two-factor authentication methods and integration with third-party authentication solutions.
13
The company provides a Privacy Statement explaining how personal information is collected, shared, and used, and how users can exercise their privacy rights.
14
Zero Waste & Sustainable Products
-40
SailPoint has implemented over 10 waste reduction initiatives, including providing recycling bins for various materials, environmentally sound disposal of electronics and toner, distributing product documentation electronically, and using duplex printing.
1
The company disposes of toner cartridges, computer equipment, and cell phones in an environmentally sound way, which is compliant hazardous waste management.
2
SailPoint's headquarters is located in a LEED-certified facility, indicating that 10-15% of its facilities have zero waste certification.
3
The company has not reported any waste disposal violations in the past three years. By distributing product documentation electronically, SailPoint reduces its packaging-to-product ratio.
4
The company also chooses environmentally friendly and energy-efficient equipment from suppliers.
5
For customers, product documentation is distributed electronically, providing clear disposal information.
6