Information Security Team Vulnerability Management and The Standard has an established information security Continuous Monitoring team and chief information security offcer dedicated We perform frequent security monitoring and testing to information security risk identifcation, assessment, of applications and systems as well as regularly scan education and advisory services for the organization. our environment for vulnerabilities. We also engage This team also coordinates companywide security and third-party resources for overall security assessments privacy incident response. at least annually. Network Protection Board of Directors The Standard uses frewalls and other mechanisms Educated, experienced and engaged directors are to restrict and control access between our network essential to the welfare of the company, employees and other networks including the internet. We use and and customers. Our board of directors serves as the maintain appropriate antivirus measures to protect foundation for responsible governance of networks, systems and all end-user devices as well as The Standard’s business operations, integrity, conduct intrusion testing regularly. We record all relevant reputation and fnancial strength. system activity and proactively monitor for unauthorized network intrusions and access attempts. The board is composed of a majority of independent directors with expertise and leadership acumen in Data Encryption disciplines that align with and complement The Standard follows data encryption best practices The Standard’s business strategies. With the including encryption for data at rest and in transit. company’s long-term strategies and sustainability at the forefront of decision-making, the board oversees Data Destruction the company’s governance, risk management, Before disposing of media that stores data, fnancial reporting, legal compliance, compensation The Standard follows media sanitization practices and performance management frameworks. including sanitizing server disks and shredding paper documents. Oversight of specifc risks and responsibilities are delegated to the board’s three committees: Third-Party Risk Management Nominating and Corporate Governance, Organization The Standard requires assessment of the information and Compensation and Audit. Each committee is security, business continuity and disaster recovery led by an independent director and reports to the full practices of all contractors, subcontractors and third- board on its area of responsibility. party providers involved in providing and/or supporting services for the company. 2022 Environmental, Social and Governance Report 25