FIRST EDITION JULY 2021

Passion for life Getinge Ethics & Compliance Report Content

INTRO THE TEAM BUSINESS CONTEXT THE FRAMEWORK FOCUS AREAS

Vision 1 Message from the EVP Legal, Global Trends 9 Our Code of Conduct 11 Anti-Bribery Corruption 15 Business Ethics and Compliance & Governance 4 Lessons Learned in Brazil 10 Our E&C Program 12 Antitrust 17 Responsible Leadership 2 Organization 5 Creating a Speak Up Business Partners 19 Meet the E&C Team 6 Culture 14 Data Privacy 21 Interaction with Health Care Professionals 24 Trade Compliance 26

For more information about our Getinge AB (publ) sustainability work, governance and Lindholmspiren 7A GRI Index, see our Annual Report 2020 P.O. Box 8861 and our Sustainability Update 2020. SE-402 72, Gothenburg For further information regarding Sweden Ethics & Compliance issues, please

Passion for life Passion for life contact [email protected] Tel: +46 (0)10 335 00 00 2020 Annual Report 2020 Sustainability Update E-mail: [email protected] www.getinge.com Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

VISION Becoming the World’s most Trusted and Respected MedTech Company

Our vision is to become the world’s most trusted and standards in everything we do. This comes with some respected medtech company. This guides everything heavy responsibility. Just as people trust doctors to we do. Getinge provides products and solutions that do the right thing, our stakeholders trust us to do the help saving lives around the world. Our continued suc- right thing. This report aims for demonstrating how we cess in providing these life-saving products depends build and maintain this trust. on each member of the staff upholding the highest

1 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Business Ethics and Responsible

Leadership Business Ethics & Responsible Leadership At Getinge, responsible leadership means involving all employees to set the standard and acting as role Getinge has long been dedicated to sustainability, and since 2017 sustainability, models for ethical behavior and professional integrity. together with quality, is a top priority in the company’s strategy. This means that Activities in this area provide the conditions and requirements for Getinge’s employees to ensure ethics, quality and sustainability are integral parts of how the company acts as a business is conducted in an ethical and responsible manner. Doing responsible business in all relations, business and how it treats its employees, customers and partners. in the company’s own organization and in external contexts, is a key part of Getinge’s strategy.

In 2020, Getinge raised its sustainability ambitions, which is described in the company’s Sustainability Framework covering the focus areas of Quality Culture, Passionate Employees, 3 Environmental & Social Engagement Capitalize on having one Quality Culture and Business Ethics & Responsible truly global brand 4 Leadership. Environmental & Social Capture global Engagement The Sustainability Framework growth provides the company with guidance on how to create long-term value, play a positive role in the society and 2 Top priority continue to operate sustainably while Business Ethics Secure leadership QUALITY RESPONSIBILITY & Responsible delivering value to all of its stake­ by strengthening AND SUSTAINABILITY​ Strategic Enablers AND CULTURE Leadership holders. Overall, Getinge’s sustain-­ the offering Build a proud global organization with engaged ability approach is focused on shaping and performance the company’s performance and posi- driven people tioning future matching requirements, including analyzing potential risks. Getinge E&C work is centered around Business Ethics and Respon- 1 Passionate sible Leadership, within the Sustain- Drive productivity and efficiency employees ability Framework. The main purpose is enhancement to enable and inspire all employees to make the right decisions and to foster an open and transparent culture.

2 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Focus Areas ANTI-BRIBERY BUSINESS CORRUPTION page 15 ANTITRUST page 17 PARTNERS page 19 In this report we will focus on describing our most material risks and focus areas As a global medical technology Getinge operates in 125 countries, Getinge has recently revised its company we provide equipment both through our own operations Supplier Code of Conduct. The aim in relation to Business Ethics and and systems within health care and through an extensive network is to increase focus on responsible Responsible Leadership. and life sciences to public and of distributors. We have learned sourcing. The result is a new Busi- private customers in 125 countries. the hard way how important it is to ness Partner Code of Conduct that We take part in public tenders secure fair competition and ensure has been extended to include all of and collaborate with business that hospitals, and taxpayers do Getinge’s business partners and has partners such as distributors and not suffer from unfair competition. a renewed­ focus on Human Rights. integrators. For us it is of utmost Getinge’s purchasing function is importance to manage the risk for responsible for implementing the bribery and corruption in all our new Code with support from the business transactions. Ethics & Compliance team.

DATA INTERACTION WITH HEALTH TRADE PRIVACY page 21 CARE PROFESSIONALS page 24 COMPLIANCE page 26 HUMAN RIGHTS

Maintaining customer trust in Getinge interacts with hospitals Our life saving products are sold With a passion for life we take the security of and safety of its and life science institutions all globally and in some extent also pride in securing the human rights products is critical for Getinge. In over the globe. The company has a to sanctioned countries. We do of both internal employees as addition, the importance of data great responsibility both in terms however never compromise with well as for individuals working privacy and the integrity of person- of patient safety, but also in terms laws and regulations and have for Getinge throughout our value al data is a constantly increasing. of how public funds are spent implemented processes to secure and supply chain. Our work with Meanwhile, the company needs to in relation to its products and compliance and integrity when Human Rights is described in the protect its most valuable assets services. Securing integrity and selling to high risk countries. Business Partner section of this re- against cyber threats. To secure transparency when interacting port. During 2021 we will continue data privacy and security we have with health care professionals and to focus on designing a dedicated formalised our related programs health care organizations is a top E&C program for Human Rights. throughout the organization. priority.

3 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

During the last few years, Getinge To Enable has invested heavily to ensure that we have the right resources and tools in I am proud of the work that place to support and inspire responsi- and Inspire we do and of each and every ble leadership. The ultimate aim is to enable right decisions and navigate employee at Getinge who For us at Getinge, Ethics and the complexities and ethical dilemmas strives to make a difference. Compliance is something that that global business often entails. And should characterize every to achieve this, we have put a great team in place to support our opera- aspect of how we do business, tions across the globe. Naturally, we with all stakeholders and a also have the formal infrastructure in and difficulties in terms of speaking longer time perspective in place, such as e-learning programs and up and raising concerns. We also want mind. We see Ethics and policies. E-learning programs, however, to be humble when we look back on will only make a difference if the infor- our previous mistakes and ensure that Compliance as responsible mation conveyed in the training actual- we learn from these in order to build a leadership and some- ly means something for each and every stronger, more responsible and long- thing that is relevant one of us. In this report, we want to term sustainable company. for all employees and share how we aspire to integrate ethics I am excited about this first Ethics and compliance in everything we do, and Compliance report, I am proud of in every business how we work together with our leaders the work that we do and of each and transaction and to ensure that the right considerations every employee at Getinge who strives decision. are made early on, that we have the to make a difference. Each decision transparent discussions and dare to is important and will take us one step speak-up when something is not right.. closer towards becoming the most A recent Nordic survey (www.nor- trusted and respected company in the dicbusinessethics.com) indicate that a MedTech industry. majority of the employees working for Nordic companies who witness ethical misconduct, do not speak up. And Anna Romberg with sales in 125 countries, we have Executive Vice President to be mindful of cultural differences Legal, Compliance & Governance

4 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Our Governance GOVERNANCE MODEL

Model for Ethics Board of Directors and Compliance Audit Committee At Getinge the Ethics and Compliance (E&C) work is designed to ensure that it is a shared commit- Ethics ment across all levels in the organization. CEO Committee

The Global Legal, Compliance and adequately designed, that imple- Governance team consists of the mentation support is provided to the EVP Legal, Compliance Global Legal team, the Global Ethics & organization and that the implemen- & Governance Compliance (E&C) team and Corporate tation is followed up and reported to Internal Audit. Within the Global E&C the Audit Committee of the Board of team there is dedicated teams for Directors and Getinge Executive Team. operational support, internal inves- The Audit Committee receives updates tigations as well as data privacy and on the Ethics and Compliance work at digitalization. least once a quarter. The full Board of Global Legal Team Global E&C Team Corporate Internal Audit The operational Ethics and Com- Directors receives an Ethics and Com- pliance work is led by the VP Ethics pliance update, including update on & Compliance, who has the overall company risk profile, trends and ethics responsibility for ensuring that the and compliance program implementa- Ethics & Compliance programs are tion, at least once a year. The Head of Internal Investigations is responsible for ensuring that all responsible for monitoring remedia- each area, with Human Rights being a ensure that Responsible Leadership Internal Investigations reports of suspected Code of Conduct tion plans and for providing updates new area for 2021. Each program has a is a shared responsibility specific & Monitoring violations or non-compliance are prop- on these to the Ethics Committee and Global program lead, who is reporting parameters on Ethics and Compliance erly assessed, investigated and acted Audit Committee. to the VP E&C. During 2021 we are has been added to relevant bonus Getinge has an independent department for internal investigations and supervision upon. The overall governing body Getinge has identified seven main implementing a process, supported by plans. During 2021 we have developed that reports directly to the EVP Legal, for the Internal Investigations is the focus areas based on company a tool, for more systematic follow-up of a guideline for integration of ethics Compliance & Governance. Ethics Committee which is a sub-set risk profile: Antitrust, Anti-Bribery the implementation and effectiveness and compliance in the sales incentive The Getinge Ethics Committee is responsi- ble for supervising the Internal Investiga- to Getinge Executive Team, the Ethics Corruption, Business Partners, Data of the program. plans and has also defined criteria for tion Process and it determines if proposed Committee meets at least five times Privacy, Human Rights, Interaction Implementation support is provided assessing ethics and compliance as responses, remediation and disciplinary a year, prior to each Audit Committee with Health Care Professionals, and through Regional E&C officers, who part of the global short term incentive actions are appropriate and sufficient. The Ethics Committee is chaired by the CEO. meeting, and on a needs basis. The Trade Compliance. A risk based are supported by local E&C officers or program. Head of Internal Investigations is also compliance program is designed for legal counsels in specific countries. To

5 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

The Global Ethics & Compliance Team

At Getinge Ethics and Compliance is a shared responsibility, all 10,800 employees are expected to be responsible leaders. To support this work we have a global team Frida Berlin Vice President Global Ethics & Compliance, dedicated to supporting and overseeing the implementation. Gothenburg, Sweden

Elisa Castrolugo Johanna Persson Local support provided Head of Global Internal Investigations, Head of Global Data Privacy and Digitalization, through local E&C officers Copenhagen, Denmark Gothenburg, Sweden or the legal team

Santosh Kumar Singh Head of Global Trade Sanctions Program, Head of Legal and E&C MEA, Dubai, UAE

Alexis Wermuth Firuza Achilova Head of Global Health Care Compliance Program, Head of E&C CEE, Dushanbe, Head of E&C North America, Wayne, NJ, USA Tajikistan/ Istanbul, Turkey Anusuya Yogarajah Head of Ethcis & Compliance APAC Singapore

Bruno Ferraz de Camargo Babila Gippoini Magdalena Kucypera Head of Global Anti-Trust Program, Head of Global Anti-Bribery and Corruption Program, Head of Global Business Partner Risk Head of E&C LATAM, São Paulo, Brazil Head of E&C Europe, Zug, Swizerland Management, Kraków, Poland

6 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

PRESENTING THE ETHICS & COMPLIANCE LEADERSHIP TEAM AND THE DRIVING FORCE BEHIND THEIR INTEREST IN ETHICS & COMPLIANCE

I’m passionate about my I believe in human be- To be able to influence I strongly believe that Contributing to the work as it gives me the ings and in their ability to corporate citizenship to business ethics and com- community of like-minded opportunity to impact redeem themselves if they tackle issues such as unfair pliance are preconditions people to promote Business issues that are vital for the commit errors and have trade, corruption and fraud for running responsible Ethics globally for positive future. I strongly believe been ethically unaware. We as detractors of rightful business. Working in the changes. While working in that all employees can con- can support and help busi- living standards and human due diligence field and ver- development organizations, tribute not only to Getinge’s ness run more smoothly and rights. ifying third parties that our I realized the vulnerability strategic objectives, but in a proper way. company cooperates with, and poverty of people is not also to doing business the I am convinced that what only the lack of resources, right way. My colleagues I do matters and makes a but unethical decisions as and I can help to enable a difference for Getinge. regard to those resources. strong culture of business ethics trough responsible leadership.

Frida Berlin Babila Gipponi Bruno Ferraz de Camargo Magdalena Kucypera Firuza Achilova Vice President Global Ethics Head of Ethics and Compliance Europe Head of E&C LATAM and Global Lead Head of Business Partner Risk Central and Eastern Europe E&C Officer & Compliance – Global lead Anti Bribery Corruption Antitrust Management Location: Dushanbe, Tajikistan / Istanbul, Location: Gothenburg, Sweden Program Location: São Paulo, Brazil Location: Kraków, Poland Turkey Background: Bachelor in Business Ad- Location: Zug, Switzerland Background: Lawyer, post-graduated in In- Background: MA in Slavic Languages and Background: MBA in International ministration, with marketing focus. Over Background: Legal background, served in ternational Business Law and Business Ad- Human Resources Management. Interna- Management, Certified Compliance 10 years’ experience from creating and legal and compliance roles mainly in the ministration, over 25 years of experience in tional Diploma in Financial Crime Preven- and Ethics Professional - International, managing ethics and compliance programs health care sector in various multinational private practice and inhouse counsel in the tion. Over 10 years’ experience in research, Diploma of Professional Internal Auditor. in global companies including Elekta and companies, including GE and Zimmer global legal and ethics & compliance field. people management, due diligence and an- 18 years’ experience in management func- Volvo Cars. Biomet. ti-money laundering/know your customer. tions in international organizations and companies. E&C Manager and Internal Audit Director in a telecommunication company for seven years.

7 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

PRESENTING THE ETHICS & COMPLIANCE LEADERSHIP TEAM AND THE DRIVING FORCE BEHIND THEIR INTEREST IN ETHICS & COMPLIANCE

I’ve grown up in a country Professionally, I want to be Human rights, finding Being able to combine my A lifelong commitment to where we always need a a driving force for positive pragmatic solutions, my business and legal knowl- doing the right thing and strong push to do things in change in the organization interest in combining tech edge with Getinge’s busi- serving a higher purpose. the right way. This prompt- and support Getinge in and law as well as working ness to find solutions that ed me to look for career becoming the world’s most with such wonderful will help our business grow. options where I can help ethical company. Personally, colleagues at Getinge. It’s like a mystery – trying to people to adopt E&C as a I want to use my knowl- piece together the different way of working. edge and education to help pieces and then come up creating a culture where with a win-win solution. everyone feels that they Doing business the right belong and that their voices way will ensure sustain­ are heard. ability – not only for the present but also for future generations.

Santosh Kumar Singh Alexis Wermuth Johanna Persson Anusuya Yogarajah Elisa Castrolugo Head of Legal and Ethics & Compliance, Head of Ethics & Compliance, North Head of Global Data Privacy Head of Ethcis & Compliance APAC Head of Internal Investigations (Global) MEA America & Digitalization Location: Singapore Location: Copenhagen, Denmark Location: Dubai, UAE Location: Wayne, NJ, USA Location: Gothenburg, Sweden Background: PhD in International Business Background: U.S.-trained & qualified attor- Background: Former law enforcement, Background: Bachelor of Science, Juris Background: Master of Laws, lawyer at two & Law, lawyer with over 20 years’ in-house ney, previously served in U.S. Department Bachelors of Law, Master of business Doctor (JD) / Relevant Experience: Before business law firms where she belonged to legal and compliance experience in insur- of Justice as federal criminal prosecutor for Administration and BTEC Level IV from coming to Getinge, I was the Ethics & the IP, Tech and Commercial team, as well ance and health care. Her expertise is in over 12 years. Edexcel in workplace investigation. Over 25 Compliance Officer for the Renal Therapies as to the Life Science team. She also has APAC, understanding the risks, cultural years in Legal and Compliance. Group of Fresenius Medical Care North experience from an in-house legal team at a nuances and business requirements in the America. medical device company in Taiwan. region.

8 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Global Trends in Ethics & Compliance

Employees The expectations on Social Interest Regulators business ethics and Groups responsible leadership­ is constantly evolving. Creditors Environment At Getinge we monitor (ESG) evolving expectations and risk to ensure that Societies Investors and we work proactively. (ESG) Getinge Individuals Three main trends, having significant impact on how work is conducted, are in- Increased stakeholder Cyber Security creased stakeholder expectations Regulation and Data Privacy expectations, cyber-­ Businesses are expected to incorporate In the wake of corporate scandals and ethical Germany’s Bundestag passed a law requiring Cyber security threats are a reality, and expectations on ethical business practices. shortcomings regulators respond with companies to report human rights and envi- during the last year several hospitals attacks and data privacy Business decisions are scrutinized, not only intensified regulation and renewed guidance ronmental abuses along their direct supply have been subject to attacks. The COVID as well as strengthened from a legal perspective, but from a wider for companies. The US Department of Justice chains. The focus on Human Rights abuses, pandemic has exponentially augmented stakeholder perspective. What is legal is not provides detailed guidance for how compa- and companies responsibility, is expected to the volume of transitioning patient data, regulations. always the right thing to do, and long term nies are expected to implement ethics and increase. We are responding by launching an which leaves more data exposed to attacks. consequences for the environment and so- compliance, and provide concrete questions updated Business Partner Code of Conduct Digitalization provides great opportunities, ciety at large are expected to be considered. to ask in terms of securing that the program and formalizing our work through a Human but every opportunity comes with a risk. New employees are increasingly looking is applied and effective, not only on paper Rights compliance program. The consequences may be severe both in to work for companies which have a clear terms of individual harm to patients and but also in practice. The EU Whistleblowing New regulation is also expected within the stance on environmental, ethical and social employees, damages to customer relations directive raise the bar for companies in terms field of Artificial Intelligence. Compliance risks issues. Investors and financiers are looking as well as costly penalties and fines. of securing confidential reporting channels regarding AI relate to data privacy, but also at how companies are managing ESG and non-retaliation for employees who report to areas such as anti-trust and competition We have rolled out an extensive Cyber matters and are asking for tangible data, concerns in good faith. and algorithms pricing. Our Data Privacy and security training programme to ensure evidence and impact. Increased stakeholder New regulation, on EU level, is also expected Anti-Trust programs are continuously updated awareness and vigilance, in addition we expectations, and a failure to meet these within the Human Rights field. In June 2021 to respond to new risks and regulation. conduct review of our connected products also lead to increased regulation. to secure privacy and security compliance. To respond to these expectations we are Already when we start designing a product conducting risk and impact assessments and at Getinge, safe ways of handling data is developing a comprehensive change man- built into the customer offering. agement program called #ItStartsWithMe. This program focus on developing responsi- ble leaders throughout the organization.

9 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

LESSONS LEARNED THE HARD WAY

Since 2017 Getinge has cooperated extensively with regulators to resolve allegations of misconduct in Brazil. In addition to cooperation with the regulators, we have taken action to secure that the misconduct will Operating with integrity and be prevented from occurring again. We are incorporating these lessons into our ethics and compliance work. with high standards creates value for customers and for the societies in which we In April 2017, the Brazilian Federal fraud in public bidding proceedings Timeline and our customers operate. Police launched Operation Compound involving third parties and commission Invoice. The investigation was based payments to health care professionals APRIL 2017 Mattias Perjos, President & CEO Getinge on allegations of a corruption, cartel for the use of products from Getinge. Launch of Operation Compound and bid rigging scheme, involving the The results of the internal investi- Invoice by the Brazilian Federal Police purchase of medical equipment by the gation indicated company involvment COMMENT FROM THE PRESIDENT AND CEO MAY 2017 Department of Health of the state of of some of Getinge’s employees in ille- Rio de Janeiro and the National Insti- gally modifying technical descriptions Getinge hires outside counsel for Doing the right thing when tute of Traumatology and Orthopedics. of public biddings proceedings and conducting the investigations Operation Compound Invoice involved presenting cover proposals in order to no one is watching MAY/JUNE 2017 Getinge’s commercial representative, steer them. It also indicated high com- in addition to several national and missions paid to Getinge’s commercial Beginning of internal investigation “As a MedTech company we have standards. During the last four multinational companies, including representative, who coordinated the a broad responsibility towards all years we have focused on doing Getinge do Brasil, named “Maquet do cartel and improper payments made by APRIL 2018 our stakeholders, to customers the right thing, cooperating with Brasil” at the time. Getinge to health care professionals. New Ethics & employees, authorities and the the authorities, changing local Considering the reference to In light of the findings uncovered Compliance head for Latin America wider society. To live up to the management and our operating Getinge in Operation Compound by the internal investigation, Getinge stakeholder expectations we model, terminating business MAY 2018 Invoice, the involvement of its former has implemented significant company focus on responsible leadership as partner relationships and invested commercial representative and the wide remediation measures. These Getinge signs a Leniency Agreement an integral part of our culture. But heavily in ethics and compliance, with the Brazilian Federal Prosecution not only in Brazil but globally. sales made, Getinge agreed to con- included terminating labor contracts Office responsible leadership is not only I am proud of what we have duct an internal investigation in Brazil, with involved employees and com- about fulfilling expectations, it is achieved and for what we will focused on the allegations. Outside mercial relationship with the com- SEPTEMBER 2018 about doing the right thing when continue to achieve. The business counsel conducted the internal panies involved. The measures also New Chief Ethics & Compliance no one is watching. Operating with landscape, stakeholder expecta- investigation, coordinating all of its included compliance trainings and Officer integrity and with high standards tions and risks are evolving and we procedures and interacting with the implementation of new policies and creates value for customers and SEPTEMBER – NOVEMBER 2019 are prepared to manage these in a Brazilian authorities. controls covered by Getinge’s Ethics for the societies in which we and proactive way. Responsible leader- During the internal investigation, and Compliance Program. Meanwhile, Getinge signs two Cease and Desist our customers operate. Agreements and one Leniency ship is about daily decisions, it is Unfortunately there have been new information about potential irreg- global and Latin American Compliance Agreement with the Administrative about ensuring that we consider ularities arose through interviews and Officers were appointed and cooper- Council for Economic Defense instances when we have failed to all stakeholders and a longer time document reviews. The original scope ation with Brazilian and non-Brazilian act with the highest standards of horizon in our business dealings. OCTOBER 2020 was then expanded to also investigate public authorities initiated. transparency and integrity. Some And it starts with me and all of our EVP Legal, Compliance and of our historical business dealings employees, every day.“ Governance appointed to Getinge in Brazil did not hold up to these Executive Team

10 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Responsible Business – Our Code of Conduct

Getinge’s Ethics & Compliance work is centered on Responsible Leadership. The main purpose is to enable and inspire all employees to demonstrate responsible leadership and to foster an open and transparent culture.

At the beginning of 2020, Getinge Both the regulatory landscape and real-life ethical dilemmas from the introduced a new Code of Conduct. It expectations from stakeholders are organization were presented to all non-­ sets down Getinge’s guiding principles constantly evolving. With the new Code production employees for discussion. for how professional interactions of Conduct, Getinge aims to provide a By the end of 2020, 8,896 employees, should be conducted, every day, inter- platform for change, rather than a stat- including managers, had completed nally and externally, with customers ic document. By showing colleagues the e-learning courses. The post train- and business partners. The new Code how the principles can apply to both ing evaluation score was 4.48/5. of Conduct is based on six principles: their everyday work, as well as to chal- Total of 868 employees in produc- lenging situations, everyone can learn tion have received a training on ethical Doing responsible business in all relations, in the company’s own organization and in external contexts, is a key part of Getinge’s strategy. 1 Always act with honesty, where it is possible to go above and dilemmas since first quarter of 2021. fairness and integrity beyond in their work commitment. In addition to the e-learning, training were held on topics such as 2 Stand up and speak up when Increased learning something isn’t right A Dilemma Game to raise Ethical Blindness, Lessons Learned, on-line awareness Anti-Trust, Anti-Bribery & Corruption, In 2020 Getinge increased 3 Act respectfully to protect Several training courses and activi- Data Privacy and Money laundering the use of on-line tools for training on ethical and confidentiality, privacy and ties were arranged throughout 2020 & fraud during the year. In 2020, 7,256 information compliance issues. This with the aim to increase awareness employees were trained both in face- resulted in more co-workers 4 Take care of each other about the new Code of Conduct, to-face and virtual workshops. being trained than ever be- since it is crucial that all employees fore and good post training 5 Take care of the world evaluation scores. should know and comply with all 6 Act together to protect policies. These included the e-learn- all stakeholders. ing Getinge Dilemma Game, in which

Access Getinge’s Code of Conduct at www.getinge.com/code-of-conduct/

11 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Our Ethics and Compliance Program

Getinge’s Ethics & Compliance Program is focused on the main risk areas that the company has identified with regard to business ethics.

Getinge has identified seven main adheres to applicable laws and compliance risk areas; Antitrust, regulations, as well as relevant ethical Anti-Bribery Corruption, Business Part- standards including the Getinge Code G ners, Data Privacy, Human Rights, Inter- of Conduct, as well as global policies g Continuous Risk o in improvement v action with Health Care Professionals, and directives. r assessments e o and reporting r t n and Trade Compliance. Separate i a programs have been implemented for Responsible leadership n n o c e five of the focus areas. The work with Responsible Leadership is at the core M Business Partners is integrated within of our program and means involving Third Parties Organization each relevant focus area and during all employees to set the standard and and M&A&D 2021 we have initiated work to design a act as role models for ethical behavior formal program for Human Rights. and professional integrity. Activities Responsible in this area provide the conditions and leadership Ethics & Compliance Program requirements for Getinge’s employees The Ethics & Compliance program to ensure business is conducted in an Remediation, consists of nine program steps, or ethical and responsible manner, in all Disciplinary Policies & steps, based on the model described internal and external contexts. and Corrective Procedures as ”effective compliance program” To clarify and deepen the meaning actions and ”adequate procedures” by Society of the term, Getinge is developing a of Corporate Compliance & Ethics, comprehensive change management Foreign Corrupt Practices Act, US Sen- program called #ItStartsWithMe. This Speak-Up and Training & tencing Guidelines and the UK Bribery program focus on developing respon- investigations Communication Act Guidance, for example. sible leaders throughout the organi- The Getinge Ethics & Compliance zation and aims to create interest and program serves as a method and tool personal engagement by providing for ensuring that adequate procedures insights and understanding of the I are in place to prevent Getinge from challenges and complexity of the mplementation taking part in any corrupt business subject. The Program will be launched practices, and that the company at the end of 2021.

12 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

KEY DEVELOPMENTS DURING THE PAST YEARS

Over the last two years, Getinge has made significant investments and improvements to strengthen its Ethics & Compliance program. Key development areas include:

Risk Assessments Training & Communication Training KPI Continuous Improvement Third Parties and Mergers, During the last two years we have In 2020, one of Getinge’s main activities All employees should receive Business & Reporting Acquisitions & Divestitures initiated Anti Bribery and Corruption was to increase knowledge among em- Ethics related training at least once a In January 2020, Getinge launched (M&A&D) risk assessments in China, Germany, ployees in the area of Antitrust & Fair year. an all-employee Business Ethics To manage third party representative Italy, Mexico, Spain and the Middle East Competition. This included tailored Awareness survey to measure the risk, a mandatory third party engage- and Africa region. We have developed a training courses, which were rolled out organization’s perception of how well ment process was launched in March formal protocol for conducting the risk in all of the company’s sales regions. In 85.3% the company lives up to its values. In 2020. Since then, all new as well as assessments, and use forensic exper- total, 2,802 employees were engaged of all non-production-related 2021, the Business Ethics Survey was potential, distributors and agents, tise when assessed relevant. in interactive virtual workshops during personnel had completed Getinge completed for the second time. A total integrators (general contractors), the year. The Sales and Marketing Dilemma Game. of 4,496 employees from all over the public-private partnerships, as well Policies & Procedures Development program also included world participated in the survey, a ma- as GPOs (Group Purchasing Organi- In 2019, Getinge introduced a new a full Antitrust and Fair Competition Speak-Up and Investigations jor increase compared to the previous zations), IDNs (Integrated Delivery Global Policy framework consisting of workshop, specially designed to ad- Getinge is committed to open and year. A majority of the respondents, Networks), Clinical Service Providers 14 global policies and related direc- dress commercial issues and needs. At transparent communication, inter- 76%, felt that managers within Getinge – if acting in a distributor’s or agent’s tives. During the past year, the Global the beginning of 2021, the Antitrust and nally and externally. All employees are clearly communicate the meaning and capacity – must go through ta due Policies have been reviewed and the Fair Competition e-learning “Win Fair” encouraged to report any suspected importance of responsible leadership. diligence process. Simultaneously, following policies have been updated: was rolled out to all employees globally. or observed violations of the law or the screening of existing distributors and the Data Privacy Policy, Trade Com- So far, 6,871 employees have complet- corporate Code of Conduct. In 2020, 50 agents has been initiated, working pliance Policy, Financial Policy and ed the anti-trust e-learning program reports of suspected misconduct were 4,496 from region to region. To date, 251 Purchasing Policy. The Global Policies consisting of three modules. recorded and investigated by the Inter- Employees from all around the world new and 525 existing distributors and have been translated into twelve In addition to our virtual interactive nal Investigations team. 28 reports were participated in the Business Ethics Survey agents have been screened, of which languages and are available for all em- trainings, the virtual dilemma game received through Getinge’s reporting in 2021. 51 third parties were denied. ployees on the company’s intranet, as and anti-trust training we are devel- tool (Speak-Up Line), and 22 reports well as publically available on Getinge’s oping an e-learning training library for through other channels. After thorough 76% website. Check out Getinge’s Global Anti Bribery and Corruption and Inter- investigations, including interviews, of respondents felt that managers within 251 Policies on www.getinge.com/code-of- action with HCP. We are also rolling document reviews and an objective as- Getinge clearly communicate the meaning New business partners have been screened, and importance of responsible leadership conduct/policy-summaries/ out a dilemma game/ Code of Conduct sessment of facts, disciplinary actions whereof 20 were denied. training for production employees. were taken in eight cases. 525 14 Existing business partners have been Global policies were introduced 8,896 50 screened, whereof 31 were denied. by Getinge in 2019 Employees completed the virtual Dilemma Reports of suspected misconduct were Game e-learning in 2020. recorded and investigated by the Internal Investigations team in 2020. 9,991 Employees were trained in interactive face-to-face or virtual workshops during 2020 and 2021. 13 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Speak Up – We’re Listening At Getinge all employees are encouraged to report SPEAK UP. any suspected or observed violations of the law or the corporate Code of Conduct. During the last year we WE’RE LISTENING. have increased our efforts to create psychological safety where employees feel comfortable raising concerns.

HOW TO REPORT A CONCERN: Getinge Speak Up Line is an externally reports of suspected misconduct and hosted whistleblowing hotline. This Code of Conduct violations. Internal We all try to do the right thing, the right way. But the hardest part of this is speaking up tool enables anonymous reporting Investigations and Whistleblowing when things aren’t right. Sometimes that’s via a website or telephone in local cases, including remediation plans, are speaking up for Raise Your Concerns with than not, it’s standing up for others and Your Manager or Local HR languages. It is open for Getinge reported and monitored through the what is right. Getinge always listens when concerns are raised. OR employees as well as for suppliers, dis- Ethics Committee. tributors and other business partners. In 2020, the message that Getinge Our Speak Up line is available online or by your local telephone lines listed on Employees are encouraged to first should represent a ”speak up culture” the Speak Up site. Reports can be made anonymously and in your language. You seek to address the issue with their was conveyed globally throughout the can also use Speak Up to ask questions Raise Your Concerns manager or a local Human Resources company, via management communi- about the Code of Conduct. with Ethics & Compliance representative. If the employee for cations, such as e-mails and news­ OR some reason is uncomfortable with letters directed to all leaders. this, they can also contact another The Speak Up Line was updated manager, the Ethics & Compliance with additional languages and a Department, or the Legal Department. poster campaign on the theme “Speak Raise Your Concerns through the Getinge Speak-Up Line At Getinge we have implemented a Up We’re Listening” was rolled out web based reporting tool, that is avail- together with a guide for managers on able in 11 languages. We have a strict how to encourage an environment of policy for non-retaliation and provide openness and trust, where employees training to managers on our internal feel comfortable to speak up.

Free call: Speak Up Line: investigation process, lessons learned (ADD Local Number) www.getinge.ethicspoint.com Speak Up Line QR code and retaliation. Our Code of Conduct and Directive on Speak Up and Non Retaliation can be found on the intranet. The Speak Up Line can be found 11 on the Getinge Intranet as well as Number of language versions of Getinge’s on the Getinge website. The Ethics web based reporting tool for Whistlerblowing & Compliance team assesses all

14 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Anti-Bribery Responsible Leadership Corruption in Global Sales

As a global medical tech- Getinge interacts with hospitals and life nology company we provide science institutions all over the globe. The equipment and systems company has a great responsibility both in terms of patient safety, but also in terms of within health care and life Carsten Blecker, Chief sciences to public and how public funds are spent in relation to Commercial Officer private customers in 125 its products and services. countries. We take part in Challenging Areas public tenders and collabo- rate with business partners Getinge’s Global Sales team works outsourced services to ensure timely We need to ensure that our wide such as distributors and continuously to ensure that ethics execution and support. “To appoint network of business partners comply with the same standards as internal and compliance as well as responsible a third party partner in the first place integrators. For us it is of ut- employees. We also want to find long most importance to manage leadership are integrated parts of there needs to be a sound business term partners to work with that are com- the risk for bribery and cor- Getinge’s commercial operations. With rationale; if the latter exists either our mitted to the same standards as us. ruption in all our business operations in 39 countries, Getinge is internal specialized team and/or exter- heavily reliant on business partners nally contracted specialized service transactions. Current Focus that can be trusted and that embrace providers will conduct a due diligence Getinge’s way of working. “We onboard process on our potential partners and In 2020, Getinge established a Business 776 our distributors and agents in the only if the outcome is satisfactory we Partner Due Diligence team as part of Business partners due diligence its Shared Services centre in Krakow. same way as we would onboard our will engage contractually. In higher risk screenings completed during Getinge also reinforced its escalation direct team members and we have situations we will redo such process on 2020 and 2021 processes for the onboarding of high- the same expectations from them to a reoccurring basis,” says Carsten. risk business partners. Since 2020 conduct business in an ethical and A set of minimum criteria, that must high risk business partners, such as compliant way,” says Carsten Blecker, be integrated in the regional sales in- agents and distributors, are onboarded according to the new process. We are Chief Commercial Officer. centive plans in relation to ethics and also conducting a review of all existing 793 To ensure that risks are managed compliance, have been implemented. business partners and are prioritising Business partners trained in high risk regions. in relation to an extensive network This way, Getinge wants to ensure the interactive face to face or virtual of sales related business partners, right behavior and show that ethics trainings during 2020 and 2021 Getinge has established a dedicated and compliance is not about saying, “Business Partner risk management but by doing. “We have reviewed and Looking Ahead team” as part of the company’s Shared adapted both sales incentives of direct Services in Krakow. The team consists employees and sales agent opting for During the upcoming period the focus is to roll out its business partner risk man- of 5 experts continuously supporting local best practices which take into agement program, including implemen- 100% the operations in terms of conducting consideration market ideosyncracies tation of a new contract management Global Sales employees completed business partner risk assessments but also avoid that variable compen- tool, renewal of contracts and implemen- Dilemma Game training in 2020 and due diligence. Getinge also uses sation would follow an exponential tation of monitoring processes.

15 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

unlimited curve; in some cases we What are your thoughts on strength- have increased base pay while reduc- ening a Responsible Leadership ing and / or capping or de-accelerating culture within Global Sales? variable compensation. In the case of “We must be aware that it will require our agent we also have defined clear a strong effort from both leaders and ranges of what we deem appropriate employees and we will not reach the to compensate our partners and ideal level at once. We need to have have defined a clear need to match a sense of urgency to continuously the latter with the specific services improve in this area in order to become rendered,” says Carsten. even more secure and sustainable as At the end of 2020, Ahmet Eke, Pres- fast as possible. We need to start now. INTERVIEW AHMET EKE, PRESIDENT ident Sales Region Central and Eastern Also, we need to keep in mind that E&C SALES REGION CENTRAL AND EASTERN Europe, was appointed as Global Sales EUROPE & GLOBAL SALES E&C is not something that you can delegate Ethics Ambassador as part of the AMBASSADOR or wait for another person to manage, Global Sales Management Team. instead of us.“ You were recently appointed Global Sales Ethics & Compliance How do you perceive Getinge’s (E&C). What have been the biggest corporate culture (locally or globally), learnings so far? which challenges and risk do you see “Biggest learning for me is that E&C from an E&C perspective? is like an ocean and there is no end “Getinge has been growing mainly by in learning and development. The mergers and acquisitions, so there are more we learn, the more we make our several different historical cultures in organizations and companies safe and the company. Also, we are conducting sustainable.“ business globally in several different geographies. Culture is a very import- Why is Responsible leadership ant element in the sense that it gives so important? direction to people’s actions – but it “Leadership is a responsibility. It can also create huge risks. We need As responsible leaders, means the actions that we take may to be aware that the medical industry we need to develop not have consequences not only for our- and markets are being more and more only ourselves, but also selves, but also for the people in and regulated every year and our cultural the people around us outside of our organization. And as re- moves cannot be excuses for any mis- and their teams. sponsible leaders, we need to develop conduct. We cannot choose to move not only ourselves, but also the people with cultural motives, if it is in conflict Ahmet Eke, President Central and Eastern Europe & Global Sales E&C around us and their teams.“ with ethical or legal rules.“ Ambassador

Image text explaboria sed ut fugiam nos estem solesenis sae voluptati ipitius dolupiet, id quo

16 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Antitrust Competing Fairly

Getinge operates on 125 Continuing saving lives, but only working with stakeholders countries, both through our operating according to the same ethical principles. This was own operations and through one important lesson learned for Getinge after experiencing an extensive network of competition turmoil in Brazil. distributors. We have learned the hard way how important it is to secure fair Marcio Mazon, Getinge’s Regional President for Bruno Ferraz de Camargo, Head of E&C LATAM competition and ensure Latin America and Global Lead Antitrust that hospitals, and tax­ payers do not suffer from unfair competition. “After being with Getinge for almost time for the first round of settlement compliance with local laws and with • The Commercial Management four years, I can proudly say our negotiations with the Brazilian authori- responsible leadership. I found an Development program adopted a executive team has walked the talk on ties, and it was clear from the start that immediate cultural fit! It became clear special chapter in its curriculum to their commitment and supported Latin the topics concerning fair competition to me that our priority was to continue ensure all commercial-connected America enormously in its journey were one of the most sensitive issues to saving lives involving only stakehold- employees indicated for this pro- towards ethical awareness,” Marcio be addressed by the Ethics & Compli- ers operating with the same ethical gram to receive targeted training. Mazon, Getinge’s Regional President ance program. During the initial risk principles,” he says. The approach used for Latin America, comments. Lessons assessments on global level, it was also for ensuring awareness and knowledge learned have resulted in increased clear that we needed to act fast, and establishment for the entire global global focus on ethical issues through- not only in Brazil, to provide education, organization was in brief: out the Getinge organization. awareness and remediation of certain The Global Antitrust & Fair Com- practices which we successfully imple- • Regional Ethics & Compliance It took courage, but was an petition Program is a specialized mented during the last years”, he says. Officers and legal counsels received easy decision after I met with subject matter within the Ethics & It was known in the local Brazilian several “Train the Trainer” sessions our executive team. They all Compliance Program and is designed medical device industry that Getinge, and a training package with presenta- transmitted confidence on in full adherence of the applicable and other market players, didn’t tions and speaker notes to deploy the their commitment to operate standards by regulators throughout operate with the highest standards content within their regions. Special in compliance with local laws the US, the EU and all competition and that as a consequence federal adjustments were done when a local and with responsible leader- authorities in countries where authorities probed such companies requirement demands, such as in ship. I found an immediate cul- Getinge operates. The program and some, including Getinge, agreed in China. tural fit! It became clear to me leader­ship has been assigned to leniency cooperation. Marcio Mazon Bruno Ferraz de Camargo, a lawyer joined Getinge as its Brazilian legal • An online “e-learning” was launched that our priority was to contin- qualified in Brazil and in the European representative during the turmoil. in April 2021, covering the basic ue saving lives involving only Union with substantial international “It took courage, but was an easy principles of competition law sent to stakeholders operating with legal & compliance expertise and decision after I met with our executive all Getinge’s employees, alongside the same ethical principles

exposure on competition law matters. team. They all transmitted confidence several face-to-face trainings target- Marcio Mazon, Getinge’s Regional President “I joined Getinge in early 2018, just in on their commitment to operate in ed to selected audiences. for Latin America

17 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Among several positive impacts in the • Creation of a process within the global business organization, after M&A activities to ensure the avoid- the trainings have been deployed a ance of “Gun Jumping” in operations number of important lessons have that require prior authorization from been learned and currently are being the antitrust authorities concerned. addressed by the respective regions whenever conducting their regular • Getinge Financial Services have business affairs: adopted a self-assessment for cases where financial offers are made to • The contractual separation of sales provide combined offers of capital intermediaries such as distributors equipment and accessories to and agents and understanding selected customers. This measure that these two forms have distinct is important to mitigate risks of impact on antitrust regulations. New abusive conduct related to tying distribution agreement templates and bundling, which can be illegal in have been drafted and are in process some jurisdictions. Challenging Areas Current Focus of deployment. • As part of the remediation pro- In general, customers finance their In the last, few years, Getinge has in- • Risk mitigation to map and avoid cess in Brazil, a dedicated tender purchases of Getinge’s products and creased its focus on its global anti-trust abusive exploitation of a dominant department has been put in place services with tax money and through program. Training programs have been the fiscal budget, either directly or rolled out for both employees and busi- position. Examples of this measure to ensure exchanges of information indirectly. Health care is a vital part ness partners. A mandatory interactive have been a dedicated focus and for- among distributors, competitors of infrastructure in any society and training was held for all employees malization of processes of selection and public procurement is done Getinge has to ensure that competition during spring 2021. is fair. Working with sales intermediaries of distributors and pricing to avoid within the limits of what is permitted and distributors, the company must discriminatory practices whenev- by the applicable regulations. maintain high standards. er granting discounts or special conditions.

Looking Ahead

Getinge will continue to focus on 6,871 training its global sales organization in Employees completed anti-trust ethical issues and how to identify risk e-learning during 2021 areas. 793 Business partners have received interactive training in anti-trust matters during 2020 and 2021

18 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

BusinessFOCUS ON Partners

Getinge has recently revised its Supplier Code of

Conduct. The aim is to in- Tobias Dock, Senior Manager Purchasing Gustav Svensson, Head of Purchasing crease focus on responsible­ Development sourcing. The result is a new Business Partner Code of Conduct that has been Focus on a Sustainable extended to include all of Getinge’s business partners Supply Chain and has a renewed­ focus on Human Rights. Getinge’s Getinge has recently revised its Supplier Code of Conduct. purchasing function is The aim is to increase focus on sustainability and responsible responsible for implement- sourcing. The result is a new Business Partner Code of Conduct ing the new Code with that has been extended to include Getinge’s all business partners. support from the Ethics & Compliance team. Getinge’s purchasing function is qualification process and revised the responsible for implementing the Busi- purchasing policy in cooperation the ness Partner Code of Conduct and the Quality function. The supplier qualifi- Sustainable Sourcing Program, with cation process is based on applicable support from the Ethics & Compliance laws and regulations, ISO-certification team. “We believe, and see evidence etc. Meanwhile, the interaction with of, that long term supplier relations are suppliers in frequent and regular meet- key to adding unique value together ings are an essential part of driving with our suppliers,” says Tobias Dock, improvements and securing a long Senior Manager Purchasing Devel- term strategic fit. opment at Getinge. Together with The new Business Partner Code Gustav Svensson, Head of Purchasing, of Conduct aims at ensuring that he has managed the establishment Getinge’s suppliers act in compliance of the new Business Partner Code of with the company’s business principles Conduct for the company. and values. Getinge is selective and In 2020, the function for Purchasing focuses on so called Preferred Group Development at Getinge worked on Suppliers. New suppliers are selected improving the company’s supplier though a thorough review. “We start

19 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

with a global perspective and a detailed is a risk of losing crucial competive- Challenging Areas understanding of individual supplier ness if we fall behind in our work to capabilities,” says Gustav Svensson. address these challenges,” says Gustav Implementing a retroactive due diligence process for existing business “We connect this to our values and look Svensson. partners. for suppliers sharing those values as we find that this is the most efficient way To do right to secure compliance and joint value Getinge aims for an integrated Current Focus creation over time.” approach and that the processes, sys- tems and tools that the company cre- Roll-out of the business partner Code of Conduct, including a monitoring Increased expectations ate and establish should be relevant program. Continue to develop the M&A Getinge works hard to meet increased and support the organization in doing process to ensure systematic assess- expectations from external stake­ the right thing and being compliant. ment of E&C risk during both pre- and holder. “We try to integrate these Key is to make it as simple as possible post-aquisition phases. expectations in our day-to-day work in to act responsibly. a way that is natural and relevant to us. “From our Purchasing Policy all the Looking Ahead Our focus is on how we can live up to way down to operating procedures and the expectations. We call it Responsible systems or tools, we look for that con- New regulation on EU level with regards Sourcing,” says Tobias Dock. nection to our values. We see this start- to manadatory on Mandatory Human While the world is changing, Getinge ing with our revised Purchasing Policy Rights, Environmental and Good sees new challenges in increased mar- and in our new Business Partner Code of Governance Due Diligence (“MHRDD”) ket dynamics and geopolitical aspects. Conduct, which is being developed and is expected to be adopyed by the EU Parlament later this year. The German New regulation and higher stakeholder rolled out this year,” says Tobias Dock. Parliament (“Bundestag”) adopted demands on securing human rights the “Act on Corporate Due Diligence throughout the supply and value Personal ownership important in Supply Chains” (Supply Chain Due Diligence Act – “Act” or “LkSG”) on 11 chain demand increased efforts and a There are challenges with meeting June 2021. The Act imposes, for the first procative approach. The challenge is global rules and regulations regarding time, a binding obligation on companies to capture global opportunities, while purchasing. One is to put a global to establish, implement and update due facing these uncertainties. There is perspective on local dimensions and diligence procedures to improve compli- ance with specified core human rights also a transparency challenge, i.e. to translate the expectations into and, to a limited extent, environmental how to build necessary transparency concrete actions that makes a differ- protection in supply chains. in all dimensions and levels. “There ence. Another is the co-ordination and effective execution of those actions, both internally and externally. “Absolute key in making this work is personal ownership and a will to do the 547 Absolute key in making this Business Partners have received right thing. It’s about acting respon- work is personal ownership face-to-face or virtual training sibly on a personal level and that and a will to do the right thing. on E&C matters ownership is taken throughout the Gustav Svensson, Head of Purchasing company,” says Gustav Svensson.

20 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Data Digitalization Adds Value to The beauty of digitalization Privacy the Health Care Industry is that there is a potential for improvements for all stake- Maintaining customer Digitalization is paramount to deliver more and better health holders, if the proper tools trust in the security of care to an aging population. Getinge is continuously adding are properly implemented. nd safety of its products is new functions to its software solutions, is offering an increasing number of hospitals around the world the advantages of Charlotte Enlund, Vice President critical for Getinge. In addi- Integrated Workflow Solutions tion, the importance of data digital technology. privacy and the integrity of personal data is a constantly increasing. Meanwhile, the Better working conditions, reduced there is a potential for improvements A healthy skepticism we are doing everything we can to company needs to protect administration and less stress are all for all stakeholders, if the proper tools During the early stages of digitaliza- meet the challenges,” says Charlotte its most valuable assets crucial parts of improving working are properly implemented. These tion, hospitals faced challenges with Enlund. against cyber threats. conditions for health care workers. include economic benefits for society, solutions not realizing the claimed To secure data privacy Getinge simplifies processes in better financials for the hospital, benefits. “This has resulted in a healthy Increased focus on data privacy and security we have hospitals, reducing the training need, improved working conditions for the skepticism towards digitalization. Data privacy is a topic which has formalized our related enabling overview, supporting coordi- staff and better patient care. It can also Immature solutions, with unproven evolved quickly over the last decade. nation and reducing administration. lead to economic benefits for Getinge, benefits, can result in frustration Both awareness and regulations have programs throughout­ the “This means, on top of improved enabling us to invest further in our and wasted time, instead of expect- developed. Getinge’s solutions are organization. employee satisfaction, that the solutions to widen their scope and ed improvements. There is always designed to ensure information is only hospital’s resources can be optimized provide even better functionality to a risk when a new digital solution is accessible for the right staff at the right ensuring that more patients get the all,” says Charlotte Enlund. implemented that it doesn’t live up to time. There are restrictions regarding best treatment,” says Charlotte Enlund, Getinge has long experience of expectations and instead becomes who can access what information and Vice President Integrated Workflow working together with its customers counter-productive,” says Charlotte. the hospitals can check which staff Solutions at Getinge. within intensive care, cardiovascular Cyber security threats constitute member viewed certain information. procedure, operating rooms, sterile re- another risk. “Almost all hospitals “In health care big data, that is Benefits all parties processing and life sciences, with the and companies around the world are interpreting large volumes of data An organized work environment, in aim to improve clinical and economic subject to threats of being attacked. to understand patterns and find root which the whole team is encouraged results. Cyber attacks are increasingly causes, actually saves lives. I believe to work together, provides the right “Our operating room management pinpointed at loopholes in the least the upside of digitizing the health care prerequisites for a calm and sooth- and sterile supply management solu- expected areas. Hospitals, however, in industry far overweigh the potential ing experience for the patient. This tions have been developed over the last general have high security standards, drawbacks. Having said that, we work could include elective surgeries being 25 years, so digital solutions are not new regulations are constantly evolving, to reduce the risks every day,” says performed on time, or the alarms in to us, but rather continuously evolving and well-­established software is Charlotte Enlund. intensive care units being silenced by and improving. Lately, we have incorpo- continuously developed to fence off the bedside and instead immediately rated a machine learning functionality to attacks.“ notifying the right care giver. ensure even better performance results,” “We are developing our cyber secu- “The beauty of digitalization is that says Charlotte Enlund. rity protection day by day to ensure

21 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Increasing Efforts to Ensure Cyber Security

Maintaining customer trust in the security and safety of its products is becoming increasingly vital to ensure the future Christoffer Åkesson, Ludovic Batal, Chief success of Getinge. Meanwhile, the company needs to protect Chief Information Information Officer its most valuable assets against cyber threats. To enhance its Security Officer focus on cyber ­security, Getinge has decided to formalize cyber security procedures throughout the organization.

Cyber security is centered on protecting espionage and disruptions to safe- are as important as ever, but they need electronic data found in computers, guard our investments in innovation to be balanced with emerging threat servers, networks, mobile devices, etc. and intellectual property.“ management. We need to spend wisely from being compromised or attacked. Christoffer Åkesson adds that solv- on controls and technology to detect It is an evolving discipline, and some- ing cyber security issues if, and when, modern threats. We must also get thing that requires good planning, they arise will save Getinge time and governance right – making security a governance and sustainable processes costs. “It is also competitive tool; trust leadership, business and board-level to protect the business from active can create a competitive advantage priority,“ he adds. threats today and in the future. It has for the company,“ he says. To date, Getinge is currently implementing also gained increased relevance as Getinge has not had any security a new governance model and a new cyber attacks are becoming more and breach that affected business. cyber security foundation. In case more common on sensitive targets, in- of data leaks, Getinge has a security cluding hospitals. The COVID crisis has Governance is vital incident response plan and privacy exponentially augmented the volume Cyber attacks are inevitable as society breach plans. One of the key success of transiting patient data, which has re- becomes more and more digitalized. factors of these measures is having a sulted in an increasing number of cyber Getinge’s focus is on solutions that clear governance structure and model, Security is a business attacks, targeting this valuable data. anticipate, detect and respond to according to Christoffer Åkesson. imperative. To protect Christoffer Åkesson, Chief Infor- threats, using the most effective Information security matters are part Getinge’s information, mation Security Officer at Getinge, means of protection for the informa- of risk committee presentation to the extensive collaboration says that this is one of reasons why tion most at risk. Getinge Board of Directors. In addition, is needed across business the company has decided to step up “Security is a business imperative. the Group Chief Information Officer units and functions. its efforts to increase cyber security To protect Getinge’s information, Ludovic Batal reports at least annually measures. extensive collaboration is needed on information security to Getinge Christoffer Åkesson, Chief Information Security Officer “Ultimately, it’s about ensuring across business units and functions,“ Audit Committee overseeing the infor- future growth and innovative strength. Christoffer Åkesson says. mation security matters. We need to protect our business from “Compliance and the fundamentals

22 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Securing products and protecting information Challenging Areas Current Focus In order to secure that Getinge’s Data Privacy and Digitalization is at the products are safe the company never During 2020 company expanded the core of our strategy. Connected prod- focus on IT security by appointing a compromises with security rules. ucts and digitalization has the possibil- Head of Data Privacy and Digitalization, “We use the most advanced technol- ity to increase productivity, decrease as part of the Legal, Compliance and cost and improve patient outcomes. In ogies and adhere the strictest regula- Governance team, to lead the global this respect it is crucial that we have data privacy work closely with Infor- tions when we develop and connect our robust policies and processes in place mation Security team. The team has products. Those rules are implemented to secure data privacy and integrity of been expanded to include Data Privacy thanks to close collaboration between patient data. officers in key jurisdictions, in addition different key Getinge departments, relevant documents have been updat- ed and information about data privacy including E&C, R&D, Production, IT and matters have been improved. We have Global Sales,“ says Ludovic Batal, Chief Looking Ahead also initiated a legal review of all of our Information Officer at Getinge. connected products. Getinge provides “When it comes to securing sen- We are focusing on “privacy per design” information security training to all em- and want to ensure that data privacy is ployees and has during spring launched sitive information, the best way is to considered already at the R&D stage. We an extensive e-learning program. begin by limiting the transport, storage want our customers, and ultimately the and use of those. Only necessary data patients, to feel safe and secure when should be transited – and not on stan- our products are used. Our Head of Data Privacy and Digitalization is an integral dard media. This is done with highly part of Getinge’s digitalization strategy secured and encrypted technologies, and work. Getinge is currently preparing 15 the storage is then assured by fully to certify Integrated Workflow Solutions Priority products identified for further legal & data privacy GDPR compliant suppliers,“ he adds. and Acute Care Therapy on ISO 27001 information security. assessment. Getinge is tracking all type of sys- tems and assets containing sensitive information. These are analyzed with “One Trust” in order to take relevant actions to mitigate identified informa- tion security risks. Information security is also subject We use the most advanced to risk based assurance from internal technologies and adhere the and external auditors. strictest regulations when we develop and connect our products.

Ludovic Batal, Chief Information Officer

23 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Interaction Operating with Karolinska University with Health Hospital to Reduce Risks for Patients Care Profes- Undergoing Surgery sionals Karolinska Anaesthesia Research group for major surgery has been cooperating with Caroline Hällsjö Håkan Björne, MD, Magnus Hallbäck, Sander, MD, PhD, PhD, Head of Medical Research Engineer, Getinge product unit in a transparent way for many years with the aim to develop a Head of Medical Unit Unit Perioperative Getinge Acute Care Getinge interacts with new method for advanced monitoring of heart and lungs in anaesthetized patients Perioperative­ Medicine Medicine Huddinge, Therapies Solna, Karolinska Karolinska University hospitals and life science during surgery. As today’s methods are unreliable and/or complicated and increase University Hospital Hospital institutions all over the patient risks, there is a great need for a new, simple and reliable monitoring system. globe. The company has a great responsibility both in terms of patient safety, In Sweden, some 600,000 patients are In order to be able to use a method on patient trials have confirmed that the operated on every year. Meanwhile, the severely ill patients, it must be reliable method works for measuring both but also in terms of how number of elderly and sick people who even if major changes of the patient’s circulation and lungs during surgery. Our driving force is to reduce public funds are spent in undergo major surgery increases. Up to condition, such as major haemorrhage ”The method was developed and the amount of complications relation to its products and 50 per cent of these patients suffer from or heavy blood pressure fall, occur. tested in our technical lab as far as and suffering of patients services. Securing integrity post-operative complications brought This means that initial studies must be possible, but the question was how we under­going surgery and we and transparency when on by imbalances of the circulatory performed in animal testing before the would be able to assess the practical see that the capno method interacting with health care system or lungs. This causes suffering, method can be tested on patients. performance and usability? For this has the potential to contribute professionals and health longer care and increased fatality risk. “A basic requirement was to find a purpose it should be assessed by to this. That’s why our ambi- care organizations is a top The problems could be reduced with way of cooperating that would ensure medical personnel in a clinical setting. tion is to continue to cooper- priority. better control of the blood circulation the independence of our research Establishing a cooperation with a well- and lung volume during surgery. team and that cooperating with a com- known medical research institute was ate with Getinge to develop “That’s why we, as anaesthesia mercial company wouldn’t restrict us key,” says Magnus Hallbäck. the method until it’s integrated specialists and researchers in charge from publishing results of our research, “Our driving force is to reduce the in the anaesthesia machines. of high-risk surgery at Karolinska, even if it would affect the company amount of complications and suffering Dr. Björne and Dr. Hällsjö Sander became very interested when we were adversely. But together we have found of patients undergoing surgery and we contacted by Getinge about starting a way of writing the agreement that see that the capno method has the a joint project around a new method makes us feel ethically safe,“ says potential to contribute to this. That’s – the capno method – for heart and Dr. Håkan Björne. why our ambition is to continue to lung monitoring. The method is based The research team challenged the cooperate with Getinge to develop the on measuring the carbon dioxide in capno method in clinically relevant method until it’s integrated in the an- the respiratory gases. It’s integrated testing in several animal tests, in which aesthesia machines. We also see that in the ventilator that controls the pa- the new method was compared to it has a potential to monitor the func- tient’s breathing, which means that it gold standard reference methods. The tions of the heart and lungs of patients doesn’t require any extra equipment,“ results of these trials turned out really in intensive care, if it’s integrated in says Dr. Caroline Hällsjö Sander at well, which meant that the method the intensive care ventilators,“ says Karolinska. could then be tested on patients. Initial Dr. Björne and Dr. Hällsjö Sander.

24 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Challenging Areas Current Focus Looking Ahead

Collaboration with doctors, physicians Establishing a new medical affairs func- Developing standard operating proce- and researchers is key for the develop-­ tion, implementation of a new directive dures to support day to day activities ment of Getinge’s products and services. for Interaction with Health Care Profes- and decision making, implementation In addition, public hospitals and pur­ sionals and Health Care Organizations of a new process for grants, extensive chasing organizations are important including a new tool for transparency training program including e-learning customers. reporting. Meanwhile, a directive for in- and interactive workshops. teraction with health care professionals and organizations, requiring scrutiny and diligence over related relationships and collaborations, was implemented.

25 Intro The Team Business Context Governance Focus Areas Ethics & Compliance Report

Trade Special screening processes for Compliance sanctioned and risk countries

Our life saving products are Getinge conducts business globally, including sanctioned Challenging Areas sold globally and in some countries which may be in great need of health care products extent also to sanctioned to save human lives. This, however, requires special sanction Trade Sanctions are an area which countries. We do however screening for end-­customer/end-user in every transaction needs to be constantly monitored. Working with several business partners never compromise with laws before Getinge confirms any sales orders. we also need to secure that we have and regulations and have Salah Malek, President Sales Region Middle a good understanding of whole value implemented processes to East & Africa (MEA). chains and possible changes both in terms of ownership structures and the secure compliance and sanctions regime. integrity when selling to high risk countries. Global Trade Compliance Policy re- may form an entity in Dubai as a means process. Our passion for life fuels our quires all Getinge entities that engage of disguising the true beneficiary of a efforts. The biggest challenge we face Current Focus in exports directly or indirectly with a transaction). is that the sanctions and their rules are Continue to implement the business country on the List of Risk Countries, “Generally, sanctions are meant dynamic and do change frequently. So partner risk management process and and in particular high-risk countries, to penalize political regimes and, in we need to remain alert and updated trade sanctions policy and directive. to implement a so called screening essence, avoid hurting people. More with all alterations to ensure the best procedure. Before confirming any often than not, health care products adherence to the stringent regulations sales orders, Getinge has therefore are exempted from sanctions and we put on ourselves to meet all legal Looking Ahead implemented sanction screening for usually are allowed into the sanctioned and compliance requirements,” he Getinge will focus on assessing its end-customer/end-user in every trans- countries, while observing some rules. continues. export compliance program, not only action on this list. We at Getinge feel compelled to help Getinge is a global company and its focusing on trade compliance but Risk countries are those subject to the dis-privileged people of the sanc- products are sold and traded world- export compliance topics more broadly. insignificant risk level due to sanc- tioned countries, and we do double up wide. Therefore, Getinge is committed tions, as well as countries not subject on our efforts to meet all the exemp- to complying with all applicable and to sanctions, but associated with risk tion requirements,” says Salah Malek, relevant laws in the countries in which of circumvention attempts or tranship- President Sales Region Middle East & it operates. Getinge’s products are 1,618 ment. For example, The United Arab Africa (MEA). subject to various countries’ trade Counterparties screened Emirates is not itself a sanctions tar- “We have worked tirelessly to under- laws, including customs, sanctions and during 2020 and 2021 get, but is frequently used by Iran and stand the global conditions, plan the export control laws. other sanctions targets to conduct goods flow, plan the money flow, and business (for example, an Iranian entity screen all the parties involved in the 613 Sanction screening requests completed during 2020 and 2021

26 Getinge AB Lindholmspiren 7A P.O. Box 8861 SE-402 72 Gothenburg Sweden

Tel: +46 (0)10 335 00 00 E-mail: [email protected] www.getinge.com