Governance and Management
Solid management, performance and compliance for a sustainable enterprise
Strong compliance practices ensure that SAS conducts business in an honest, respectful, fair and safe manner. Guided by the Code of Business Ethics, SAS’ compliance practices have earned the company a strong reputation as an ethical and responsible employer and business partner. SAS is committed to maintaining this reputation and ensuring all aspects of the business are conducted in a way that promotes ethical practices.
SAS actively engages in public policy discussions, particularly related to the role of technologies to help solve the larger macro-societal issues that challenge our localities, states, federal and international governments. These challenges include, without limitation, delivering better and safer health care while minimizing fraud, waste, and abuse; mitigating environmental impacts while utilizing scarce resources more effectively; providing better stewardship of taxpayer resources with greater government accountability; and helping governments make better use of their data assets to better fulfill their mission (such as helping detect terrorist financing and money laundering schemes). SAS also actively engages in public policy discussions to help it more fully protect the valuable intellectual property resources that are the underpinning of its business.
In line with our commitment to education, SAS supports initiatives that will increase high school graduation rates in the United States. We encourage investment in classroom educational technologies, as we believe students today should be prepared for an economy dependent on creativity and innovation. The company also supports efforts at all levels to increase science, engineering, mathematics, and technology (STEM) graduates at the university level, with a focus as well on encouraging participation in computer science at younger ages. SAS encourages policymakers (and our partner organizations) to focus educational planning on encouraging our K-12 students to be critical thinkers and developing students who excel at communication skills. For more information, please visit the Education and Community tab in our annual CSR report.
SAS Institute Inc. is a North Carolina corporation. It has been privately held since its inception in 1976. Jim Goodnight, Chief Executive Officer, and John Sall, co-founder and Executive Vice President, constitute the board of directors and serve as executive officers, overseeing corporate performance and investment decisions across environmental, social and economic interests. Jim Goodnight and John Sall are also the company's principal shareholders.
The SAS Americas division includes twelve companies (SAS Institute Inc. and 11 operating subsidiaries), which provide software and services to customers in specific territories. The Europe, Middle East, Africa and Asia Pacific division includes approximately 48 such subsidiaries. SAS also has a number of representative and branch offices in the above regions, with a presence in more than 55 countries. SAS has subsidiaries in the Asia Pacific region that are dedicated to conducting research and development activities for SAS and its affiliates.
Corporate social responsibility initiatives and priorities are set by the board, working with Senior Vice President and Chief Marketing Officer Jim Davis. The SAS Executive Sustainability Council, formed in 2008, continues to ensure that SAS global operations conduct business in a sustainable manner. This group includes representation from senior-level executives. Read more on SAS’ sustainability initiatives.
SAS is headquartered in Cary, NC. The company operates through functional divisions that include Worldwide Marketing, Research & Development, Finance, Legal, and Corporate Services.
The company delivers software and related services to customers throughout the world. These sales operations are conducted primarily through SAS and its controlled sales subsidiaries, which operate in 57 countries. These entities are grouped into three regional sales divisions – the Americas; Europe, Middle East, and Africa; and Asia-Pacific.
DataFlux, IDeaS, Memex, VSTI, and Assetlink are separately-branded but affiliated lines of business that are operated through dedicated wholly-owned subsidiaries of SAS. JMP and Teragram are affiliated lines of business that are operated as integrated divisions of SAS.
SAS strives to employ the highest ethical standards, demonstrating honesty, fairness and accountability in every decision and action – in every interaction with employees, customers, suppliers and competitors. This SAS Code of Ethics applies to every employee – at every subsidiary and in every region – as well as all members of the board of directors, officers appointed by the board of directors, agents and employees.
Employees are responsible for immediately communicating any concerns regarding suspected unethical or illegal conduct to a supervisor, Human Resources or the General Counsel. SAS does not take retaliatory action against people who report suspected violations in good faith, and all reports of misconduct are investigated as appropriate.
Specific procedures for reporting such concerns are provided on the Legal Division's website. Employees submit their comments via email, help line or an anonymous online form. Employees can also submit anonymous reports.
Anti-Corruption and Privacy
The SAS Code of Business Ethics helps the company maintain highest standards for respect, honesty, fairness and accountability. An ongoing corporate ethics and compliance program helps educate employees on the code and regulatory issues pertaining to their work. This program is managed by the Assistant General Counsel and is reviewed regularly.
To help ensure compliance, SAS has phone and email reporting systems and a non-retaliation policy to protect whistleblowers. Reports can also be made anonymously. All employees have access to an internal compliance Web portal that provides guidance on compliance issues.
SAS has developed a compliance system that tracks and reports on lobbying, gift, and campaign contributions – accounting for local variances in jurisdictions where SAS works with government entities. SAS maintains an export management system complete with product licensing and screening processes, and customer and supplier screening practices and systems. SAS has obtained an employee data safe harbor to safeguard the movement of employee data into and out of its US headquarters, and SAS adheres to applicable privacy and information security requirements for the jurisdictions in which it conducts business.
As part of the Corporate Services Division, the manager of Supplier Diversity is responsible for SAS’ Supplier Diversity process. The company’s goal is to develop and maintain effective relationships with suppliers that create incremental value throughout the life of each contract based upon economy, quality, environmental preservation and social values. SAS is a member of the National Minority Supplier Development Council (NMSDC) and the Women's Business Center of North Carolina (WBC-NC). SAS is also represented on the boards of various minority supplier development councils and economic development initiatives.
Supplier Diversity Policy Statement
SAS customers represent a wide range of industries, people and locations – and we want this same level of diversity reflected in our supplier community. Because SAS is not a typical manufacturing environment, the creation of our product does not require purchasing materials or component parts, but rather relies on a highly skilled staff of technical professionals. SAS complies with the federal laws and regulations which prohibit discrimination in employment based on race, color, religion, gender, national origin, age, disability, or veteran status.
As a federal contractor, SAS also complies with Executive Order 11246, as amended, and the implementing rules and regulations of the Office of Federal Contract Compliance, Vietnam Era Veterans Readjustment Assistant Act of 1974, and the Rehabilitation Act of 1973.
In the area of professional services offered to its customers, SAS provides small business concerns owned and controlled by socially and economically disadvantaged individuals and women-owned small businesses the maximum practicable opportunity to participate in the subcontracts it awards to the fullest extent consistent with the efficient performance of the contract.
Regarding the procurement of goods and services to support corporate operations, SAS is committed to continuously seek ways to make business opportunities available to small businesses and businesses that are:
- Veteran or Service-Disabled Veteran-owned.
Continuity of Business
At SAS, Continuity of Business is paramount in light of any threats or hazards that may affect our employees and customers and disrupt our business operations. COB planning incorporates corporate governance, information security and corporate social responsibility.
SAS is a business partner that our customers can entrust with the viability of their operations because we provide vital customer-facing services and are able to continue core operations. Even if SAS does not experience a business disruption, we improve and standardize operational processes by planning and training employees on how to respond and recover from one.
SAS’ global business continuity program goals are to:
- Prepare employees to know what to do in a crisis.
- Provide timely communications between local offices and SAS world headquarters.
- Put plans in place to recover SAS’ most critical business operations that support our customers.
- Develop backup strategies, such as providing support to customers from another office until the affected office can resume normal operations.
- Avoid and minimize business interruptions through greater awareness and risk management.
SAS’ COB initiative extends to all SAS offices. Response and recovery teams from Security, Facilities, IT, Communications, and the business units work together proactively to develop resilience and mitigation strategies, and, in the event of a business disruption, coordinate to execute recovery plans.
Through business continuity planning, SAS exercises operational controls to ensure our long-term viability and meet the expectations of our customers in an increasingly risk-conscious regulatory environment.
More information on SAS’ COB program can be found in the Continuity of Business white paper (PDF).