Our Cybersecurity Team is dedicated to the protection of our network and systems from cyberthreats and data loss. We have created resilient security capabilities that enable the growth and velocity of the business while protecting the integrity and availability of our advanced space technology solutions, imagery data, and proprietary analytics. We also prioritize the privacy, security and confidentiality of team member and customer information. We have institutionalized a risk-aware culture and reporting structure as part of a continuous process for effective enterprise risk management. We carry out security awareness and training activities on a continuous basis and align them to the current cyberthreat landscape.Read the 2021 Environmental, Social, and Governance (ESG) Report (PDF)
Maxar is committed to continuous improvement and maturation in our cybersecurity capabilities. To timely identify and address cybersecurity trends, advancements, threats and activities, our Cybersecurity Team prioritizes coordination and collaboration with various external and internal resources. We have implemented the NIST SP 800-171/Cybersecurity Maturity Model Certification framework as a key element of our program, including policies and standards that provide overarching governance of cybersecurity across our multiple environments, as well as ongoing compliance reviews and assessments. To protect against cybersecurity incidents and other emerging risks, we have made a significant investment in sophisticated technology and services that provide in-depth protection of our environment, including 24x7 cybersecurity monitoring. We also support an active Insider Threat Program to protect against data loss and test our incident response plan at least annually. In 2021 we migrated to the Microsoft 365 Government Cloud environment, which allows us to benefit from an enhanced and rigorous security platform, meeting the demanding needs of our customers, including the U.S. government, and our own high standards for security.
Maxar’s Cybersecurity Program protects the assets, data and information of our team members, business, customers and partners on our network. We strive to educate our supply chain on the importance of adhering to cybersecurity controls and solicit questionnaire responses from our partners and subcontractors regarding their security posture. Our Supplier Code of Conduct sets clear expectations for suppliers to protect our confidential, proprietary and personal information. We prohibit suppliers from using Maxar information for any purpose beyond the scope and purpose of the parties’ supply agreement. Suppliers must also respect the rights of third parties, including third-party trademarks and copyrights. Third-party risk is assessed prior to a supplier processing, storing or transmitting Maxar information. related to our systems, team members or customers. Provisions regarding breach notification, security requirements and flow-down of cybersecurity clauses are included in contractual provisions with suppliers and within our supply chain.
Training on our Data Privacy Compliance Program focuses on increasing the security of our internal and customer data. We educate our team members on the importance of data classification, and on how to create, collect, use, share, store and dispose of data. We have regular security awareness initiatives in which we educate our team members about cyber risks in their professional and personal lives.