EnLink’s Enterprise Risk Management (ERM) program is an integral part of EnLink’s strategic plan. Each quarter, leaders throughout the business are engaged to identify and prioritize risks in their respective areas and update the corresponding mitigation plans. A roundtable is then held to discuss enterprise risks and determine prioritization, taking into consideration safety, environmental, financial, and reputational risks. Top risks and trends identified through this process are regularly reviewed by the Audit Committee of the Board of Directors (Board). The Audit Committee meets twice a year to review these risks in depth. Additionally, meetings are held with the Board to discuss selected top risks and risk management plans.

ERM is used as the basis for EnLink’s Internal Audit plan. Additional details on EnLink’s risks are included in our Annual Report on Form 10-K filed with the Securities and Exchange Commission in the section under Risk Factors.

EnLink maintains a companywide emergency response plan and action plans specific to each of our assets. These plans are available to all employees on our company intranet. In addition, EnLink has a scalable crisis management plan that dictates the required leadership personnel, communications protocols, and task considerations to be used to timely address the effects of various types of potential crises.

EnLink’s business continuity plan was proven to work well in 2020 during the COVID-19 pandemic. We were able to continue serving our customers effectively, safely, and reliably without interruptions due to the pandemic, while protecting the health and safety of our employees, business partners, and communities.

Cybersecurity

The EnLink Cybersecurity Team has developed a robust information security program that leverages best-in-class tools and 24/7 event monitoring by trained security personnel. Risk assessments and penetration tests are performed at least annually with remediation efforts implemented in a timely manner. Updates on cybersecurity risks and trends are presented to the Board quarterly.

Cyber incident response plans are documented with drills performed annually to ensure key individuals are trained on their responsibilities. Similarly, IT disaster recovery plans are documented with drills performed annually to identify necessary updates and other enhancements for the plans.

EnLink has an ongoing employee education campaign for cybersecurity that includes monthly updates and timely tips on security topics such as avoiding phishing, creating strong passwords, and protecting company data. Employees are tested regularly with simulated phishing campaigns and are required to annually complete cybersecurity content training based on risks relevant to the organization. In 2020, EnLink employees completed 100% of this required training.

PREVIOUS: Business Ethics

This webpage is part of EnLink's 2020 Sustainability Report, published May 4, 2021, and reflects content from and as of such date.