For ESI, information security and privacy are more than just administrative and compliance functions—they serve to protect our data and to enable our innovation. We have established robust policies and procedures to manage cybersecurity defenses, controls and programs to safeguard our company, our business counterparties and our people.
Managing Security Risks
Our Information Technology (IT) team develops and oversees our information security program. To protect our business, they monitor our cybersecurity and information security risks, including the nature of threats, the state of our defense and detection capabilities, incident response plans and employee training activities, as applicable. We also have a dedicated global information security team that is part of our IT department. The team works within the organization as well as with expert cybersecurity firms and resources to identify, classify, prioritize, remediate, and mitigate cyber-related risks to our business.
In 2023, we continued to enhance our cyber security program with the assistance of a leading 24x7 managed detection and response (MDR) provider. We also enhanced the security of our global network backbone, cloud environment, and remote access capabilities by implementing a leading Secure Access Service Edge ("SASE") solution, which extends our IT controls for continuous coverage and protection. These improvements, along with periodic information security training of our employees, continue to improve the security and reliability of our IT environment.
In-Depth Defense
To protect our business against today’s increasing cybersecurity threats, we have developed a rigorous, multi-layered information security infrastructure to defend our data, network and employees. Our infrastructure is built with multiple enforcement mechanisms to guard against simple and complex attacks. These mechanisms include anti-malware, intrusion detection and prevention, multi-factor authentication, data loss prevention, security incident event management (SIEM), application and network layer vulnerability management, application control, advanced email security, integrity monitoring, and privileged access management, among others. These protections are tested by external Penetration Testing on an ongoing basis to assure their continued effectiveness.
Similarly, our Disaster Recovery (DR) program is designed to allow business continuity and stable IT operations in the event of a major outage caused by unplanned activity, such as a natural disaster or a material cyber incident.
To uphold privacy rights, our Website Privacy Policy and Data Protection and Privacy Policy are designed to ensure compliance with applicable privacy and data protection laws. These policies, which are applicable globally, protect the privacy of the personal data of our employees, customers and other business counterparties from whom we collect personal information.