Governance
Corporate Governance
As a leading, independent organization dedicated to facilitating standards and providing third-party testing and certification, we are in the business of creating trust amongst consumers, manufacturers and regulatory bodies. As such, integrity, ethics, and responsible management are core to NSF's management and leadership and codified in our practices through a variety of mechanisms:
NSF operates under the 503 (C)(3) IRS filing status, reflecting our nonprofit status and unique heritage as a public health organization. Our governance structure includes two independent boards that oversee our operations.
Our ESG Council drives awareness and accountability throughout our organization. This dynamic council plays a pivotal role in steering key initiatives and shaping strategic plans related to ESG.
NSF employs a Code of Ethics for Suppliers, upholding suppliers to high standards of ethics in every facet of our operations. We have a dedicated hotline to address ethical concerns.
Financial Controls and Compliance
NSF actively subjects financial processes and practices to independent audits and accreditations. We voluntarily participate in internal audits throughout the year under the supervision of the Audit and Finance Committee of our Board of Directors. Our annual audit of the consolidated financial statements is performed externally by Deloitte, ensuring the accuracy of our financial reporting mechanisms.
Supply Chain Security
NSF's information security program leverages policies, standards and cutting-edge tools to secure the confidentiality, integrity and availability of our information resources.
NSF obtained ISO/IEC 27001 certification in 2021, underscoring our commitment to best-in-class information security management within our supply chain. This internationally recognized certification demonstrates NSF's continued commitment to information security at every level, including that the security of data and information has been addressed, implemented and properly controlled in all areas of the organization.
Our Supplier Security Policy integrates information security requisites into contracts and statements of work. As part of our risk assessment process, we advocate for independent ISO 27001 certification or Service Organization Control (SOC) 2 Type 2 reports.