Cybersecurity is essential to Ingersoll Rand for protecting network integrity, intellectual property, customer data, and the smooth operation of our locations. It serves as a vital defense against disruptions and data breaches, supporting trust, and competitiveness in the digital age. Cybersecurity program oversight and controls
Our cybersecurity program is overseen by our chief information security officer (CISO) and is designed to protect and preserve the confidentiality, integrity, and availability of our information technology (IT) assets. Risks and controls are monitored by the CISO and chief information officer (CIO) and their evaluation of our overall program drives the nature and scope of our cybersecurity investments. Our CISO reports directly to the CIO and has 20 years of IT experience including leadership roles at various companies with enterprise responsibility for IT audit, IT infrastructure, and cybersecurity. The CISO reports to the Audit Committee on the effectiveness of the company’s cybersecurity program controls aligned to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). We have implemented controls based on the NIST CSF and the SarbanesOxley Act of 2002. Our IT organization is led by the CIO who is responsible for cybersecurity risk management. The Audit Committee is tasked with oversight of our overall ERM, including cybersecurity, and receives recurring cybersecurity updates throughout the year with at least two full cybersecurity reports to the Board of Directors each year. Directors with experience in cybersecurity and technology play crucial oversight roles for our digital and cybersecurity strategies.
To reduce the likelihood of negative consequences from an attempted cybersecurity attack, all employees, contractors, and partners are required to comply with the Ingersoll Rand IT Acceptable Use and Security Policy that details our information security requirements. All employees are also required to take monthly security awareness training that includes current security challenges and aligns with the company’s risk management objectives. This training is updated dynamically based upon employee results of bimonthly phishing simulations. This helps educate our user base on the various cybersecurity risks faced by Ingersoll Rand. These risks include disruptive cyber-attacks, fines and injunctions, unauthorized access to sensitive information, and fraud. To ensure our cyber training program is robust, we identify functions that exhibit higher potential risk, including operations, engineering, and sales. We then develop and deliver additional focused training to these functions designed to bolster their cybersecurity awareness and reduce cyber risk.
The Audit Committee oversees our general risk management strategy, including its technology security program, and guidelines and policies relating to risk assessment and risk management; management's plan and execution of appropriate risk mitigation and strategies, which include risk monitoring and controls. We periodically engage external subject matter experts who provide independent qualitative and quantitative assessments of the cybersecurity program maturity and response readiness. We also use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems.
