EnLink’s Enterprise Risk Management (ERM) program is an integral part of our strategic plan. Each quarter, leaders throughout the business are engaged to identify and prioritize risks in their respective areas and update corresponding mitigation plans. A roundtable is held with company leaders to discuss changes to the risk universe and new and emerging enterprise risks. A wide range of risks are considered, including safety, environmental (including climate related), financial, social, operational, governance, and reputational risks. Results are summarized, and top risks and risk management plans are discussed with the Audit Committee of the Board of Directors, which is responsible for risk management oversight.
Enterprise risks are considered during the development of our Internal Audit plan. Additional details on risks are included in our Annual Reports on Form 10-K filed with the Securities and Exchange Commission, in the section under Risk Factors, and can be found in the Annual Reports section of EnLink’s Investor Relations website.
We maintain a companywide emergency response plan and action plans specific to each of our assets. These plans are available to all employees on our company intranet. In addition, we have a scalable crisis management plan to guide the corporate response in the event of an emergency.
Cybersecurity
Our Cybersecurity Team has developed an information security program that leverages best-in-class tools and 24/7 event monitoring by trained security personnel. This program is a critical part of our ERM program, which is overseen by the Audit Committee.
The program’s toolset supports. an in-depth defense strategy and includes tools and policies for email protection, end-point protection, multifactor authentication, vulnerability scanning, and a continuous security analysis service to evaluate potential security threats. Our Cybersecurity Team maintains firewalls to block malicious traffic. USB drives are also blocked by default companywide. Risk assessments and penetration tests are conducted at least annually with remediation efforts implemented in a timely manner.
We maintain cyber incident response plans with specialized playbooks that are practiced annually via performance drills to help key personnel remain current on their responsibilities. Similarly, technology disaster recovery plans include annual drills to identify necessary updates and enhancement opportunities.
We continually monitor and follow cybersecurity recommendations from governmental agencies including the Federal Bureau of Investigation, Transportation Security Administration (TSA), and U.S. Cybersecurity and Infrastructure Security Agency (CISA). We follow the TSA Security Directives for Surface Operations and Pipeline Owner/Operators. These directives require us to establish and annually maintain a Cybersecurity Implementation Plan and Cybersecurity Assessment Plan. Our cybersecurity program also aligns with common frameworks and recommendations such as those of the National Institute of Standards and Technology and CISA.
We maintain an employee education campaign for cybersecurity that includes monthly updates and timely tips on security topics such as avoiding phishing, creating strong passwords, and protecting company data. Employees are tested regularly with simulated phishing campaigns and are required to complete annual cybersecurity training based on risks relevant to the organization annually. In 2023, 100% of employees completed this required training.
Additionally, we maintain several Information Technology policies to which our employees are required to adhere, including a formal Password Construction and Protection Policy, Acceptable Use Policy, Operational Technology Password Policy, and Secure Computing Environment Policy, among others. These policies are reviewed and updated annually or as required by new cybersecurity guidelines from the TSA and others.
More in the "Corporate Governance" section:
Other sections:
The information and data (collectively, “Information”) provided in EnLink’s 2023 Sustainability Report (“Report”) reflects content as of and for the period ending December 31, 2023, unless otherwise indicated. Such Information in this Report is for informational purposes only. EnLink does not make, and hereby expressly disclaims, any representation or warranty as to the accuracy or completeness of the Information contained herein. This Report is being published on August 6, 2024, and EnLink undertakes no obligation or duty to (1) update or correct the Information, (2) provide additional details regarding the Information, or (3) continue to provide the Information, in any form, in the future. EnLink reserves the right, in its sole discretion, to modify, update, change, delete, or supplement the Information from time to time without notice. The Information should not be interpreted as any form of guaranty or assurance of future results or trends. EnLink is expressly not incorporating by reference any of the Information into any filing of EnLink made with the United States Securities and Exchange Commission or in any other filing, report, application, or statement made by EnLink to any federal, state, or local governmental authority. This Report contains information based upon EnLink’s role in the broader economy, environment, and society and is presented for the purpose of responding to issues that are important to a wide range of interested parties. While events, scenarios, and efforts discussed in this report may be significant, any significance should not be read as necessarily rising to the level of materiality pertaining to disclosures required under U.S. federal securities laws, which have distinct and specific concepts of materiality.