Southwire 2021 Sustainability Report: Doing Right
Southwire 2021 Sustainability Report
Success in today’s business environment requires companies to act ethically, transparently and securely when preparing for and addressing risks related to cybersecurity, geopolitical disputes and supply chain issues. Utilizing responsible business practices guided by ethics, mutual respect, integrity and honesty allows Southwire to protect stakeholders while establishing trust. In addition, we understand that success built on responsible business practices also allows us to do right by those who matter most to our company when challenges arise.
CYBERSECURITY & DATA PRIVACY
Cybersecurity & Data Privacy is a critical element of Southwire culture and is vital to safeguarding customer, employee and supplier information. We are committed to maintaining secure information systems and protecting data confidentiality, integrity and availability
We invest significant resources into protecting against unauthorized information access, use or disclosure. Our Information Technology Services & Enterprise Information Security teams work diligently to educate employees and help ensure our systems are secure. As a result, our employees understand that they are the first line of defense in protecting company and customer information from unauthorized access, use or disclosure.
APPROACH
Southwire recognizes the evolving nature of the cyber-risk landscape, and we continuously enhance our data and information infrastructure security systems to prevent breakdown or security breaches of critical information. Southwire performs multiple information security assessments and penetration tests on a yearly basis. Heightened risks in 2021 included more sophisticated and targeted spear-phishing assaults and the rise of ransomware attacks on corporations.
END-USER TRAINING AND EDUCATION
In 2021, Southwire expanded end-user awareness training and increased the frequency of company-wide phishing assessments. We design our cybersecurity training, drills and governance programs to address identified risks and engage and educate employees. We also developed additional training for critical user roles, senior-level executives and employees who travel regularly. Employee training includes strategies to identify, avoid and effectively respond to potential threats inside and outside the workplace. In addition, we prioritize risk management by using actionable metrics, data and threat intelligence to monitor, protect and provide visibility into efforts. We also engage expert service providers as needed to develop additional threat responses and strengthen our efforts
SOUTHWIRE INFORMATION SECURITY PROGRAM COMPLIANCE AND GOVERNANCE
Our information security program complies with the National Institute of Standards and Technology (NIST) cybersecurity framework. The Vice President of Enterprise Information Security is responsible for leading the program and reporting updates and incidents to the Information Security Oversight Committee (ISOC), Executive Leadership Team and the Board of Directors Audit Committee. The ISOC includes Southwire executives from Operations, Legal, IT, People & Culture, Modernization, Physical Security and Corporate Communications. This broad group of executives is responsible for providing a business-wide risk and opportunity perspective.
Management of cyber-related risks includes governance guidelines for Compliance, People & Culture, Connected Factory, Finance and Internal Audit programs. In addition, to understand business needs, Southwire embeds information security considerations into business activities.
SECURITY AND THREAT DETECTION
In 2021, we expanded our security and threat detection capabilities by establishing a security operations center-asa-service that provides 24/7 firewall, network device, critical infrastructure monitoring and endpoint detection. The center is also optimizing Southwire’s vulnerability management program by regularly scanning websites and internal and external endpoints to rapidly identify critical vulnerabilities and establish rapid responses for risk mitigation. Additionally, we optimized our incident response procedures in 2021 by creating individual cyber-incident response playbooks for various incident types, and we established a cadence for regular tabletop response exercises.
PERFORMANCE
As global conditions have necessitated, Southwire has continued to mature our information security program and will continue to do so in the coming years. While established business objectives and information security will remain the top driver of our security program, regular assessments utilizing the NIST cybersecurity framework will also provide a roadmap for targeted efforts to mature our cybersecurity program. In 2021, 98% of employees completed annual cybersecurity training; this number is up 24% from 2020 and up 48% from 2019.
ETHICS, ANTI-CORRUPTION & TRANSPARENCY
Organizations that put ethics, anti-corruption and transparency at the forefront of their business practices are more likely to avoid costly compliance problems and gain significant reputational and business benefits. We believe that an ethical culture starts with strong leadership setting the tone for the entire organization. As part of our Doing Right tenet, we foster a culture guided by the ethics of mutual respect, integrity, and honesty. We are committed to supporting those values in every aspect of our business and working lives, and we promise transparency and responsiveness when challenges arise.
APPROACH
Southwire seeks to ensure the highest standard of ethical business practices within our operations and is committed to keeping stakeholders informed about our actions and impacts related to ESG issues. Our Code of Business Conduct – Doing Right, The Right Way (The Code) provides our fundamental guiding principles and policies necessary to ensure and promote ethical behavior. The Code, including localized and translated versions, applies to all employees, subsidiaries and other affiliates globally.
ETHICS AND COMPLIANCE PROGRAM CHARTER AND ADDITIONAL GOVERNANCE AND RESOURCES
In 2021, we further strengthened our ethics and compliance program by publishing and implementing our first Ethics and Compliance Program Charter (The Charter) as well as our Supplier Code of Conduct, our Board of Directors Code of Conduct and internal policy governance. These additions, along with existing program governance and policies, create a robust ethics and compliance system that allows Southwire to manage ethics, compliance and risk management goals responsibly.
Working hand-in-hand with our governance documents, the Southwire Doing Right Connection webpage and employee portal provide tools and resources to employees and third parties doing business with Southwire. To promote a Doing Right ethical culture, we focus heavily on awareness, risk mitigation and continuous program improvement. As a signatory to the United Nations Global Compact (UNGC), Southwire fully supports Principle 10 and fights all forms of corruption, including extortion and bribery. In addition, the Fair Competition and Conflicts of Interest sections of our Code – along with dedicated policies on anti-bribery, competition law, money laundering, human trafficking, conflict of interest, gifts and entertainment, whistleblower protection, and anti-retaliation – provide for ethical actions and for addressing corruption. Additionally, our Doing Right Helpline, which is managed by a third-party provider, is available 24/7, 365 days a year, for reporting violations of policies or the law, or other business concerns.
CODE OF CONDUCT AND ANTI-CORRUPTION TRAINING AND PREVENTION
We conduct annual training to ensure that all employees understand Southwire’s commitment to ethical practices and compliance with anti-corruption laws. In 2020 and 2021, we partnered with a leading eLearning firm to develop our new Code of Conduct and Anti-Corruption trainings. The new trainings allow Southwire to effectively scale training and provide analytical outputs on employee training comprehension and improvement areas. Although the pandemic restricted travel and in-person ethics and compliance training, our new eLearning platform allows us to provide and track the completion of training sessions in real time. In 2021, 97% of US and international employees participated in Code of Conduct training, and all assigned employees completed Anti-Corruption trainings. In addition, we partnered with a leading third-party compliance screening service provider to implement new due diligence capabilities applicable to potential third parties with whom Southwire is considering entering into a business relationship. This new platform provides enhanced screening capabilities and a robust audit trail.
PERFORMANCE
Southwire commits significant time and resources to the continuous assessment and improvement of our Ethics and Anti-Corruption program. We accomplish this in a number of ways, including benchmarking our program against other companies’ programs; having our program assessed by Ethisphere, a global leader in corporate ethical standards; and conducting an enterprise-wide Ethical Culture Survey.
We engaged Ethisphere to help us conduct our second company-wide Ethical Culture Survey. While we celebrated a 53% survey participation rate, which is seven points above the Ethisphere benchmark of peer companies, we are taking steps such as shifting the time of year when we conduct the survey to increase our employee participation rate. Our goal is to achieve recognition on Ethisphere’s World’s Most Ethical Companies list by 2025.