Security and cybersecurity

The security and protection of our people, assets, information and reputation are cornerstones of our business. While risk can never be eliminated, we continuously strive to mitigate it by prudently anticipating, preventing and responding to internal and external security threats.

As an operator of critical infrastructure and facilities in challenging locations worldwide, we work closely with governmental agencies, nongovernmental organizations, our peers and local communities on initiatives to identify, deter, prevent and mitigate a range of potential threats to company personnel, facilities and operations. We manage our facilities consistent with national and international security standards and regulations including:

• U.S. Customs-Trade Partnership Against Terrorism standards

• Department of Transportation

• Transportation Worker Identification Credential (TWIC)

• Hazmat Transportation Security requirements

• Chemical Facility Anti-Terrorism Standards

• International Ship and Port Facility Security Code

• Maritime Transportation Security Act

• Maritime Transport and Facilities Security Regulations (Australia)

• Bureau of Land Management

• Other applicable governmental security requirements

We maintain a “Tier III” status in the Customs-Trade Partnership Against Terrorism program by demonstrating effective security that exceeds the minimum program criteria. This effort is conducted through our partnership with U.S. Customs and Border Protection who assess the overall effectiveness of our security processes.

We remain an active, participating member of the U.S. State Department Overseas Security Advisory Council (OSAC), the Domestic Security Alliance Council (DSAC), Voluntary Principles on Security and Human Rights (VPSHR) and other national and international security organizations.

Cybersecurity

We take a multilayered approach to cybersecurity risk management and strategy. Our Information Technology (IT)/Operational Technology (OT) Security Program integrates administrative, technical, and physical controls against evolving cybersecurity threats, and includes enterprise IT and OT security architecture, cybersecurity operations, data privacy and governance, supply chain security, and governance, risk, and compliance. Additionally, it is designed to identify, assess, and manage cybersecurity risks and protect the confidentiality, integrity, and availability of our data, IT, and OT. Read more about cybersecurity risk management in our 10-K filing.