Choose a different country or region to see the content specific to your location
Current Region: Global (EN)
The Company has implemented controls based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and the Sarbanes-Oxley Act. Our Information Technology organization is led by the Chief Information Officr (“CIO”) who is responsible for cybersecurity risk management. The Audit Committee is tasked with oversight of cybersecurity and receives three updates per year with one full readout to the Board of Directors. Directors with experience in cybersecurity and technology play crucial oversight roles for our digital and cybersecurity strategies. The Board of Directors oversees and approves the Company’s cybersecurity program.
Our cybersecurity program is overseen by the Company’s Chief Information Security Officer (“CISO”) and is designed to protect and preserve the confidentiality, integrity, and availability of our information technology assets. Risks and controls are continuously monitored by the CISO which drives investments in our cybersecurity program. The CISO reports on the effectiveness of the Company’s cybersecurity program controls aligned to the NIST CSF framework. We periodically engage external subject matter experts who provide independent qualitative and quantitative assessments of the cybersecurity program maturity and response readiness. In addition, the Company has implemented monthly cybersecurity awareness training program for all employees that is further reinforced through bi-weekly phishing simulations.
Quarterly updates are provided to the Cybersecurity Governance Committee comprised of senior management regarding the effectiveness of cybersecurity program and its ability to appropriately mitigate relevant risks. Our cybersecurity program includes cyber liability insurance and a risk-based incident response plan that provides a documented framework for handling incidents including coordination across multiple parts of the Company.