Corporate Responsibility
Potbelly is committed to improving the communities we serve, respecting our planet's resources, and working together as a vibrant, diverse team.
Whenever possible, we reuse a building's existing wood floors, brick walls, tin ceilings and other architectural elements. It's a nod to the building's history and a part of the charm of our shops, but it's also less wasteful and better for the environment. Here are some of the other ways we are working toward a greener earth.
As of January 2019 Potbelly Corporation ("Potbelly") is committed to conducting its business in an ethical, legal and socially responsible manner. To encourage compliance with all legal requirements and ethical business practices, Potbelly has established this Supplier Code of Conduct (the "Code") for Potbelly's suppliers ("Suppliers"). At a minimum, Potbelly requires that all suppliers and their facilities meet the standards and promote the principles outlined in this Code, which are intended to advance Potbelly's commitment to all aspects of sustainability (ethical, environmental, and economic).
BUSINESS INTEGRITY
Compliance With Laws and Regulations: Suppliers are required to abide by all applicable laws, codes or regulations including, but not limited to, any local, state or federal laws regarding wages and benefits, workmen's compensation, working hours, equal opportunity, worker and product safety. Potbelly also expects that Suppliers will conform their practices to the published standards for their industry. Anti-Bribery: Suppliers shall not engage in any form of bribery, kickbacks, corruption, extortion or embezzlement. Suppliers shall not take any action that would violate, or cause Potbelly to violate, any applicable anti-bribery law or regulation, including the U.S. Foreign Corrupt Practices Act. Whistleblower Protection: Suppliers are responsible for prompt reporting of actual or suspected violations of law, this Code, or the Potbelly Ethics Code of Conduct. This includes violations by any employee or agent acting on behalf of either the supplier or Potbelly. Such programs shall protect worker whistleblower confidentiality and prohibit retaliation.
EMPLOYMENT PRACTICES
Working Hours & Conditions: In compliance with applicable laws, regulations, codes and industry standards, Suppliers are expected to ensure that their employees have safe and healthy working conditions and reasonable daily and weekly work schedules. Employees should not be required to work more than the number of hours allowed for regular and overtime work periods under applicable local, state and federal law. Non-Discrimination: Suppliers should implement a policy to effectuate all applicable local and federal laws prohibiting discrimination in hiring and employment on the grounds of race, color, religion, sex, age, gender identity, physical disability, national origin, creed or any other basis prohibited by law. Child Labor: Suppliers should not use workers under the legal age for employment for the type of work being performed in any facility in which the Supplier is doing work for Potbelly. In no event should Suppliers use employees younger than 14 years of age. Forced and Indentured Labor: In accordance with applicable law, no Supplier should perform work or produce goods for Potbelly using labor under any form of indentured servitude, nor should threats of violence, physical punishment, confinement, or other form of physical, sexual, psychological, or verbal harassment or abuse be used as a method of discipline or control. Notification to Employees: To the extent required by law, Suppliers should establish company-wide policies implementing the standards outlined in this Code and post notices of those policies for their employees. The notices should be in all languages necessary to fully communicate the policy to its employees.
WORKPLACE HEALTH AND SAFETY
Potbelly expects business partners to be compliant with all relevant national and local safety legislation, including but not limited to workplace and operational health and safety and to take proactive measures to prevent workplace risks.
ENVIRONMENTAL MANAGEMENT
Suppliers are responsible for managing, measuring and minimizing the environmental impact of their facilities. Specific focus areas include air emissions, waste reduction, recovery and management, water use and disposal, and greenhouse gas emissions.
CODE COMPLIANCE
Failure to comply or address non-compliance with this Code may result in termination of the business partner’s relationship with Potbelly (which may include contract termination).
APPLICATION
The Code is a general statement of Potbelly's expectations with respect to its Suppliers. The Code should not be read in lieu of but in addition to the Supplier's obligations as set out in any agreements between Potbelly (or its affiliates) and the Supplier. In the event of a conflict between the Code and an applicable agreement, the agreement shall control.
Our Chief Information Officer oversees our information security program and reports quarterly to the Audit Committee of our Board of Directors regarding any controls remediation as well as any cyber incidents. Our Board receives regular reports on the Company’s cybersecurity and other information technology risks. The Company has not experienced any material cybersecurity incidents.
Each member of our Audit Committee is experienced in the area of information security, either as a result of their professional history, their current responsibilities in overseeing processes and controls in this area at the Company, or both. The Audit Committee may discuss such processes and controls with our internal accounting and security teams and independent registered public accounting firm.
We identify and address information security risks by employing a defense-in-depth methodology that provides multiple, redundant defensive measures in case a security control fails, or a vulnerability is exploited. We leverage internal and external resources to mitigate cybersecurity threats to the Company. We leverage commercially available solutions to manage threats to our information technology environment. We provide and require cybersecurity training for all employees annually to promote good cyber-safety habits and security online.
We are externally audited against top information security standards, including controls for the Payment Card Industry Data Security Standard (PCI DSS), as well as key financial system controls as a part of our Sarbanes Oxley audit process. We regularly engage appropriate external resources regarding emerging threats to navigate the diverse cybersecurity landscape. We maintain cybersecurity insurance at levels we believe to be appropriate for our size in this industry.
Racism is systemic and pervasive, both historically and today. We recognize our employees of color and the black communities we serve experience injustice and marginalization. The color of your skin should not impact how you are treated.
Making real progress often begins with yourself. That's why we are forming a group of employees, including members of the leadership team, to identify and propose how to address any internal bias or racism, conscious or unconscious.
We will first listen and learn. Then together we will take action toward meaningful and sustained change.