Contractor & Sub-Contractor Policy

Effective Date : August 2, 2025

CodesenSys engages external talent to expand capacity, access niche expertise, and meet surge demand—but always under clear, consistent rules. The following policy governs independent contractors (direct 1099/freelance engagements) and sub-contractors (workers provided through third-party vendors).

CodesenSys Contractor & Sub-Contractor Policy — Key Points

1 Classification & Legal Compliance

  • Contractors are engaged as self-employed entities; no employment or benefit relationship is implied.
  • Vendors supplying sub-contractors must verify right-to-work status and comply with local labor laws (Pakistan, U.S. federal/state, or worker’s jurisdiction).
  • Misclassification risks are reviewed annually with HR and Legal.

2 Contracting Process

  • Master Services Agreement (MSA) & Statement of Work (SOW) : Outlines scope, rates, deliverables, milestones, and IP ownership.
  • All parties sign NDAs and CodesenSys Security & Compliance addendum before access is granted.
  • Background checks required for roles with production access or sensitive data handling.

3 Onboarding & Access Control

  • Temporary credentials (VPN, GitHub, Slack) provisioned via least-privilege principle; auto-expire at SOW end or after 30 days of inactivity.
  • Mandatory completion of security awareness and Code of Conduct training within the first week.

4 Performance & Deliverables

  • Work is milestone-driven; acceptance criteria defined in each SOW.
  • Technical leads review code for standards compliance, test coverage, and security issues before merge.
  • Weekly status updates via vendor portal or direct stand-ups, depending on engagement model.

5 Intellectual Property & Confidentiality

  • Work-made-for-hire clause assigns all developed IP, documentation, and data to CodesenSys upon payment.
  • Open-source components must follow our Site Content & Open-Source Policy and receive prior approval.
  • Contractors must not reuse client-specific code in other projects without written consent.

6 Security & Data Protection

  • MFA, encrypted disks, and company-approved tooling are mandatory for any device accessing CodesenSys assets.
  • Contractors handling EU resident data must sign a Processor DPA (GDPR Art. 28).
  • Immediate revocation of access and incident review if a security breach is suspected.

7 Health, Safety & Ethics

  • Onsite contractors adhere to office safety protocols; remote workers must maintain an ergonomically safe workspace.
  • Contractors and sub-contractors are bound by our Code of Conduct—zero tolerance for harassment, discrimination, or bribery.

8 Payment Terms

  • Net-30 days from approved invoice unless otherwise negotiated.
  • Milestone payments contingent on formal acceptance; late deliverables may trigger penalty clauses.

9 Audit & Right to Inspect

  • CodesenSys may audit vendor security controls and time-tracking records with 72-hour notice.
  • Non-compliance requires corrective action within agreed timelines or may lead to contract termination.

10 Termination & Off-boarding

  • Termination for Convenience : Either party may terminate for convenience with 14 days’ notice (unless overridden by SOW).
  • Termination for Cause : For cause (e.g., breach, quality failure), termination may be immediate.
  • Before final payment, contractors must: hand over all source files and credentials, delete or return company data from their systems, and confirm destruction of any backups containing CodesenSys proprietary information.

11 Policy Updates

  • Reviewed annually by HR & Legal; material changes communicated via email to active contractors and vendors.
  • Continued engagement after an update signifies acceptance of revised terms.