Ensuring the protection of our information and systems and that of our customers and other stakeholders is of critical importance. We have stringent protocols and practices addressing both cybersecurity and data privacy.
Our cybersecurity program is designed to protect and preserve the confidentiality, integrity and continued availability of all information that we own or is in our care. Our program is compliant with applicable industry standards as well as standards from the International Organization for Standardization (ISO) and U.S. National Institute for Standards and Technology (NIST).
Our program includes a cyber incident response plan that provides controls and procedures for timely and accurate reporting of any material cybersecurity incident. For example, we provide our employees with easy-to-use tools to report potential phishing emails. Employees also receive annual security training, and we conduct periodic phishing testing to ensure our employees remain vigilant and compliant with our expectations.
Our vice president and chief information officer oversees our cybersecurity program. The PPG Board of Directors’ Audit Committee, which has oversight of cybersecurity risk, receives bi-annual reports from the vice president and chief information officer and also briefs the full board on these matters. In addition, the full board receives periodic briefings from the vice president and chief information officer on cyber threats and our cybersecurity program to enhance director literacy on cyber issues.
The full board and the Audit Committee also periodically receive updates about the results of exercises and response readiness assessments performed by outside advisors that provide a third-party independent assessment of our cybersecurity program and internal response preparedness.
We maintain insurance covering certain costs that we may incur in connection with cybersecurity incidents that we may experience.
Our data privacy program is designed to prevent unauthorized access to, and disclosure of, personal information using a range of operational and technological safeguards. We closely monitor evolving data privacy legislation around the world and update our policies and procedures to comply with current regulations.
Our privacy policies and statements outline how we collect, use and protect personal information provided to PPG. When personal information is no longer required, we destroy, anonymize or dispose of it using secure methods in accordance with applicable requirements.
Additional information on data privacy, including information regarding individual data rights requests, is available on our website.