EnLink’s Enterprise Risk Management (ERM) program is an integral part of EnLink’s strategic plan. Each quarter, leaders throughout the business are engaged to identify and prioritize risks in their respective areas and update corresponding mitigation plans. A roundtable is held with EnLink leaders to discuss enterprise risks and determine prioritization. A wide range of risks are considered, including safety, environmental (including climate related), financial, social, governance, and reputational risks. Results are summarized, and top risks and risk management plans are discussed with the Audit Committee of the Board of Directors (Board).
The ERM program is also used as the basis for EnLink’s Internal Audit plan. Additional details on EnLink’s risks are included in our latest Annual Report on Form 10-K filed with the Securities and Exchange Commission in the section under Risk Factors, which can be found in the Annual Reports section of EnLink’s website.
EnLink maintains a companywide emergency response plan and action plans specific to each of our assets. These plans are available to all employees on our company intranet. In addition, EnLink has a scalable crisis management plan that guides the corporate response during an emergency.
The EnLink Cybersecurity Team has developed a robust information security program that leverages best-in-class tools and 24/7 event monitoring by trained security personnel. This program is a critical part of our ERM program, which is overseen by the Audit Committee.
The program’s toolset includes email protection, end point protection, multifactor verification, vulnerability scanning, and a continuous security analysis service to evaluate potential security threats. EnLink’s Cybersecurity Team maintains strict firewalls that block malicious domestic traffic. Risk assessments and penetration tests are conducted at least annually with remediation efforts implemented in a timely manner.
Cyber incident response plans with specialized playbooks are documented with drills performed annually to ensure key personnel keep current on their responsibilities. Similarly, technology disaster recovery plans are documented with drills performed annually to identify necessary updates and enhancement opportunities. EnLink continually monitors and follows cybersecurity recommendations from governmental agencies including the Federal Bureau of Investigation, Transportation Security Administration, and Cybersecurity & Infrastructure Security Agency.
EnLink maintains an employee education campaign for cybersecurity that includes monthly updates and timely tips on security topics such as avoiding phishing, creating strong passwords, and protecting company data. Employees are tested regularly with simulated phishing campaigns and are required to complete cybersecurity content training based on risks relevant to the organization annually. In 2022, 100% of EnLink employees completed this required training.
The information and data (collectively, “Information”) provided in EnLink’s 2022 Sustainability Report (“Report”) reflects content as of and for the period ending December 31, 2022, unless otherwise indicated. Such Information in this Report is for informational purposes only. EnLink does not make, and hereby expressly disclaims, any representation or warranty as to the accuracy or completeness of the Information contained herein. This Report is being published on August 1, 2023, and EnLink has no obligation or duty to (1) update or correct the Information, (2) provide additional details regarding the Information, or (3) continue to provide the Information, in any form, in the future. EnLink reserves the right, in its sole discretion, to modify, update, change, delete, or supplement the Information from time to time without notice. The Information should not be interpreted as any form of guaranty or assurance of future results or trends. EnLink is not expressly incorporating by reference any of the Information into any filing of EnLink made with the United States Securities and Exchange Commission or in any other filing, report, application, or statement made by EnLink to any federal, state, or local governmental authority. This Report contains information based upon EnLink’s role in the broader economy, environment, and society and for the purpose of responding to issues that are important to a wide range of interested parties. While events, scenarios, and efforts discussed in this report may be significant, any significance should not be read as necessarily rising to the level of materiality of the disclosures required under U.S. federal securities laws, which have distinct and specific concepts of materiality.