Guidelines and policies for a plumbing company
Develop internal guidelines and policies for a plumbing company preparing to participate in a public tender for a municipal construction project.
Deliverables (document package)
- IT Acceptable Use Policy
- Code of Conduct including whistleblowing procedures
- Information Security Policy
- Travel and Environmental Policy
FjordRør AS is a plumbing company. The company provides HVAC services to both private and commercial clients and carries out work on construction sites. They are preparing to participate in a public tender for a new municipal building.
Public contracting authorities often require documentation that the supplier has established procedures for ethics, information security, HSE, and the environment. Without such documents, the company may appear less professional, score lower in the evaluation, or in the worst case be disqualified if the tender requirements mandate such documentation.
FjordRør operates in Norway within the construction and civil engineering sector, with public procurement as a key market.
Show relevant areas and requirements
| Area | What it means in practice | Typical sources/frameworks |
|---|---|---|
| Public procurement | Requirements for integrity, documentation, and compliance with contract terms. Common requirements for pay and working conditions, limitations in the supply chain, and payment via bank. | Public Procurement Act, Public Procurement Regulations, Regulations on Pay and Working Conditions in Public Contracts, etc., DFO/anskaffelser.no (the Norway Model). |
| Working life and HSE | Systematic HSE management, training, deviation handling, internal whistleblowing procedures (mandatory when 5 or more employees). Requirement for HSE cards at construction sites. | Working Environment Act, Internal Control Regulations, Construction Client Regulations, Regulations on HSE cards. |
| Anti-corruption and ethics | Prohibition of bribery/'undue advantages', particularly in contact with public contracting authorities. Clear rules for gifts and hospitality. | Penal Code (corruption), ISO 37001 (voluntary framework), government guidance on gifts/impartiality. |
| Data protection and information security | Protecting customer data and personal data. Access control, passwords/MFA, mobile use on assignments, incident management, and data processing agreements as needed. | Personal Data Act/GDPR, Data Protection Authority guidelines, NSM basic principles for ICT security, ISO/IEC 27001 (voluntary). |
| Building regulations and technical requirements | Work must comply with planning and building legislation and TEK17, including documentation and facilities management handover. | Planning and Building Act, Building Technical Regulations (TEK17), and guidance from DiBK. |
| External environment and waste | Handling of waste and potentially hazardous waste from projects, spills/leaks, chemicals, and correct sorting at construction sites. | Pollution Control Act, Waste Regulations, local requirements from client/municipality. |
- Clarify market, contract type, services, and expectations in the tender requirements.
- Identify which documents are typically requested in public tenders within construction and civil engineering.
- Assessment of activities, data types, subcontractors, and risk areas (HSE, data protection, security, integrity).
- Regulatory analysis: requirements from legislation/regulations + contract requirements (e.g., the Norway Model) + relevant standards/guidelines.
- Gap analysis: what already exists, what is missing, and what needs to be documented in writing.
- Draft policies in a standard structure (purpose, scope, requirements, responsibilities, deviations).
- Review with the managing director and safety representative/employee representative (especially whistleblowing procedures).
- Adaptation to the company's size and practices – documents that can actually be complied with.
- Internal publication.
- Annual review and updates as needed.
This is an illustrative work example. Documents must always be adapted to the company's actual circumstances, contract type, and risk profile before use.
Sources (extract)