Our commitment to corporate responsibility, including our core value of doing the right thing guides every business decision we make at Clorox. We maintain rigorous corporate governance practices and internal controls, with oversight by our board of directors, chairman and chief executive officer, chief financial officer, chief legal officer and the other members of our executive committee. These practices are enunciated in our governance guidelines and committee charters, and our commitment to inclusion & diversity at the director level is articulated in our Board Diversity Policy.
The Clorox Code of Conduct documents the ethical and legal standards of behavior and business practices that are required of all our directors, executives and employees around the world. We require all board members and employees complete training and certify compliance with our code.
Our commitment to treating people with dignity, respect and equal opportunity also extends to our business partners. All business partners must certify their compliance with Clorox’s Business Partner Code of Conduct, which specifically addresses practices of our direct suppliers of goods, service providers, consultants, distributors, licensees, joint ventures, contractors and temporary workers in the areas of human rights and labor, health and safety, the environment and business conduct and ethics.
This value of doing the right thing and our culture of corporate responsibility means we follow all local laws and requirements everywhere we do business, including but not limited to our tax policies, privacy policies and our political activities, which includes developing public policy and legislation that supports our business priorities.
Cybersecurity Risk Management and Preparedness
Clorox recognizes the risks and vulnerabilities that are inherent in digitally connected networks and systems, as well as the vulnerabilities presented by human error and technology. Clorox also recognizes that no counterthreat systems or training procedures are invulnerable to malware, ransomware or other risks caused by bad actors or ever-changing cyber landscape.
With that in mind, Clorox employs cyber protections by leveraging various frameworks from the National Institute of Standards and Technology (NIST) for managing cybersecurity risks. Additionally, the Clorox Internal Audit team performs a Cybersecurity Program Maturity Assessment every two years and conducts regular phishing and cyber hygiene training of all of its employees that have access to company email and connected devices.
Separately, Clorox’s Cyber-Preparedness team, led by our Chief Information & Enterprise Analytics Officer and overseen by our VP, Information Security Officer, seeks to employ cybersecurity best practices, including implementing new technologies to proactively monitor new vulnerabilities and reduce risk, enhancing governance, risk and compliance malmanagement, maintaining security policies and standards, continuously updating our response planning and protocols, and has in place cybersecurity insurance policy.
Additionally, Clorox’s senior leadership reports to the Clorox Audit Committee of the Board of Directors regularly, and at least quarterly on topics related to information security and cyber risks and readiness. Additional information security and cybersecurity risks are presented to the full board at least annually as part of the full board’s oversight of enterprise risk management. The Audit Committee is comprised of directors with knowledge, skills and experience in security, privacy, IT governance, and cyber risk and the board and management consult regularly with external specialists and advisors on enhancements and opportunities for regular and continued strengthening of our cyber practices and policies.