Information Security

Our Cybersecurity Team is dedicated to the protection of our network and systems from cyberthreats and data loss. We have created resilient security capabilities that enable the growth and velocity of the business while protecting the integrity and availability of our advanced space technology solutions, imagery data, and proprietary analytics. We also prioritize the privacy, security and confidentiality of team member and customer information. We have institutionalized a risk-aware culture and reporting structure as part of a continuous process for effective enterprise risk management. We carry out security awareness and training activities on a continuous basis and align them to the current cyberthreat landscape.

Read the 2021 Environmental, Social, and Governance (ESG) Report (PDF)

Customer Information Security and Network Security

Maxar is committed to continuous improvement and maturation in our cybersecurity capabilities. To timely identify and address cybersecurity trends, advancements, threats and activities, our Cybersecurity Team prioritizes coordination and collaboration with various external and internal resources. We have implemented the NIST SP 800-171/Cybersecurity Maturity Model Certification framework as a key element of our program, including policies and standards that provide overarching governance of cybersecurity across our multiple environments, as well as ongoing compliance reviews and assessments. To protect against cybersecurity incidents and other emerging risks, we have made a significant investment in sophisticated technology and services that provide in-depth protection of our environment, including 24x7 cybersecurity monitoring. We also support an active Insider Threat Program to protect against data loss and test our incident response plan at least annually. In 2021 we migrated to the Microsoft 365 Government Cloud environment, which allows us to benefit from an enhanced and rigorous security platform, meeting the demanding needs of our customers, including the U.S. government, and our own high standards for security. 

Data Privacy Compliance Program

Maxar’s Data Privacy Officer, who is a senior leader in the Legal and Compliance organization, oversees a companywide Data Privacy Compliance Program. This program includes the Maxar Personal Information and Privacy Policy, which addresses foreign and domestic privacy laws, and focuses on protecting and minimizing the amount of personal information stored. We conduct an annual review of all personal information holdings to ensure adequate balance between our justified business uses of personal information and the privacy interests of individuals. Maxar’s privacy program affords individuals all applicable rights under the EU General Data Protection Regulation (GDPR) and UK GDPR, as well as state laws concerning notice, usage and deletion of personal information holdings within Maxar.

Supply Chain Security

Maxar’s Cybersecurity Program protects the assets, data and information of our team members, business, customers and partners on our network. We strive to educate our supply chain on the importance of adhering to cybersecurity controls and solicit questionnaire responses from our partners and subcontractors regarding their security posture. Our Supplier Code of Conduct sets clear expectations for suppliers to protect our confidential, proprietary and personal information. We prohibit suppliers from using Maxar information for any purpose beyond the scope and purpose of the parties’ supply agreement. Suppliers must also respect the rights of third parties, including third-party trademarks and copyrights. Third-party risk is assessed prior to a supplier processing, storing or transmitting Maxar information. related to our systems, team members or customers. Provisions regarding breach notification, security requirements and flow-down of cybersecurity clauses are included in contractual provisions with suppliers and within our supply chain.

Information Security Training

Training on our Data Privacy Compliance Program focuses on increasing the security of our internal and customer data. We educate our team members on the importance of data classification, and on how to create, collect, use, share, store and dispose of data. We have regular security awareness initiatives in which we educate our team members about cyber risks in their professional and personal lives.