RESPECTING PERSONAL DATA
Learn more about Personal Data Protection.
MAKING SURE INFORMATION SYSTEM INFRASTRUCTURES ARE SECURE
Materion maintains a rigorous cybersecurity infrastructure to protect our company, customer and personal data within Materion's information systems. Our Information Systems (IS) policies and procedures are modeled against the ISO 27001 standard and NIST SP800-171. We are currently in the process of preparing for a Level 2 Cybersecurity Maturity Model Certification (CMMC). In the last two years, we engaged an external third party to audit our information security standards against CMMC requirements.
Our systems are protected by state-of-the-art products and we have a dedicated Cybersecurity Team overseeing the environment. We regularly perform testing to ensure that our controls are in place and effective. We utilize independent third-party services, to verify our security posture. We continuously maintain an advanced security scorecard rating, and we are ranked at the top amongst our peer group. We maintain system security and incident response plans to ensure we are up to date on current protocols and frameworks. Materion has an extensive backup and disaster recovery plan that is tested regularly.
PROTECTING COMPANY INFORMATION
The protection of Materion’s company information and assets is the responsibility of all directors, officers, employees and business partners with authorized access to our confidential information and assets. Materion has established a Global Cybersecurity Team The Global Cybersecurity Team's focus is to mitigate cyber risks by establishing and adhering to industry security standards across the business and apply stronger measure when necessary. As a result, Materion has not experienced a known information breach, financial penalties, or settlements associated with an information security breach within the last three years.
To support the Global Cybersecurity Team's initiatives, Materion has developed an Information Security training program to reinforce the importance of protecting company information and assets. The training program consists of monthly simulated email phishing exercises and quarterly online compliance training courses. In addition, the Audit and Risk Committee of Materion's Board of Directors receive quarterly reports from the Chief Information Officer on the Company's information technology and cyber risk profile, enterprise cyber program, and key enterprise cyber initiatives and significant updates on external audits of our information security program. At least annually, the full Board attends a cybersecurity training from external experts and review and discusses the Company's technology strategy with the Chief information Officer and approves the Company's technology strategic plan.
The responsibility and obligation to protect company information and assets is also reinforced within our Company Code of Conduct and Supplier Code of Conduct.