Issue link: https://read.uberflip.com/i/1472068
26 2021 ESG REPORT Information Security Customer Information Systems and Network Security Our Cybersecurity Team is dedicated to the protection of our network and systems from cyberthreats and data loss of customer, team member, and corporate information. We have created resilient security capabilities that enable the growth and velocity of the business while protecting the integrity and availability of our advanced space technology solutions, imagery data, and proprietary analytics. We also prioritize the privacy, security and confidentiality of team member and customer information. We have institutionalized Maxar is committed to continuous improvement and maturation in our cybersecurity capabilities. To timely identify and address cybersecurity trends, advancements, threats and activities, the Cybersecurity Team prioritizes coordination and collaboration with external and internal resources, including Internal Audit and Enterprise Risk Management, and regular communications with the Management Risk Committee and Board Risk Committee. We have implemented the NIST SP 800-171/Cybersecurity Maturity Model Certification (CMMC) framework as a key element of our program and as a focus area across our corporate infrastructure. This framework includes policies and standards that provide overarching governance of cybersecurity across our multiple environments, as well as ongoing compliance reviews and assessments. Additionally, to protect against cybersecurity incidents and other tactical and emerging risks, we have made a significant investment in sophisticated technology and services that provide in-depth protection of our environment, including 24x7 cybersecurity monitoring. We regularly conduct phishing tests and perform vulnerability assessments to determine risks. We also support an active Insider Threat Program to protect Data Privacy Compliance Program Maxar's Data Privacy Officer, who is a senior leader in the Legal and Compliance organization, oversees a companywide Data Privacy Compliance Program. This program includes the Maxar Personal Information and Privacy Policy, which addresses foreign and domestic privacy laws, and focuses on protecting and minimizing the amount of personal information stored. We conduct an annual review of all personal information holdings to ensure adequate balance between our justified business uses of personal information and the privacy interests of individuals. Maxar's privacy program affords individuals all applicable rights under the EU General Data Protection Regulation (GDPR) and UK GDPR, as well as state laws concerning notice, usage and deletion of personal information holdings within Maxar. a risk-aware culture as part of a continuous process for effective enterprise risk management. We carry out security awareness and training activities on a continuous basis and align them to the current cyberthreat landscape. The Chief Information Security Officer (CISO) reports to the Risk Committee of the Board of Directors at least quarterly and collaborates regularly with Maxar's Data Privacy Officer and senior leadership. against data loss and test our incident response plan at least annually. In 2021 we migrated to the Microso 365 Government Cloud environment, which allows us to benefit from an enhanced and rigorous security platform, meeting the demanding needs of our customers, including the U.S. government, and our own high standards for security.