For ESI, information security and privacy are more than just administrative and compliance functions—they serve to protect our data and to enable our innovation. We have established robust policies and procedures to manage cybersecurity defenses, controls and programs to safeguard our company, our business counterparties and our people.

Managing Security Risks

Our Information Technology (IT) team develops and oversees our information security program. To protect our business, they monitor our cybersecurity and information security risks, including the nature of threats, the state of our defense and detection capabilities, incident response plans and employee training activities, as applicable. We also have a dedicated global information security team that is part of our IT department. The team works within the organization as well as with expert cybersecurity firms and resources to identify, classify, prioritize, remediate, and mitigate cyber-related risks to our business.

We are committed to continually improve our IT security systems. In 2022, we continued to enhance our cyber security program with the assistance of a leading 24x7 managed detection and response (MDR) provider. We also implemented an advanced email protection solution and cloud security software as a service (SaaS). These improvements, along with periodic information security training of our employees, continue to improve the security and reliability of our IT environment.

In-Depth Defense

To protect our business against today’s increasing cybersecurity threats, we have developed a rigorous, multi-layered information security infrastructure to defend our data, network and employees. Our infrastructure is built with multiple enforcement mechanisms to guard against simple and complex attacks. These mechanisms include anti-malware, intrusion detection and prevention, multi-factor authentication, data loss prevention, security incident event management (SIEM), application and network layer vulnerability management, application control, advanced email security, integrity monitoring, and privileged access management, among others. These protections are tested by external Penetration Testing on an ongoing basis to assure their continued effectiveness.

Similarly, our Disaster Recovery (DR) program is designed to allow business continuity and stable IT operations in the event of a major outage caused by unplanned activity, such as a natural disaster or a material cyber incident.

To uphold privacy rights, our Website Privacy Policy and Data Protection and Privacy Policy are designed to ensure compliance with applicable privacy and data protection laws. These policies, which are applicable globally, protect the privacy of the personal data of our employees, customers and other business counterparties from whom we collect personal information.