Governance

Governance

Ethics and Compliance

Conducting our work honestly, legally and in line with our core values is a top priority. Maxar’s Compliance Program promotes ethical business practices through communications, guidance, policies and training. The program, led by Maxar’s General Counsel, oversees several policies that are core to responsible business practices. Our Code of Ethics and Business Conduct serves as the foundation for guiding ethical behavior and extends to all Maxar team members and contractors. We also maintain numerous other policies, including Nondiscrimination and Anti-Harassment Policy and Anti-Bribery and Anti-Corruption, to further reinforce strong business practices.

Maxar’s operations are often conducted under licenses issued under the regulations of several agencies of the U.S. government, including the Directorate of Defense Trade Controls and the Bureau of Industry and Security. To maintain our licenses, we must adhere to strict export and trade requirements. Our Compliance Team enforces a Trade Compliance Policy to ensure that team members are knowledgeable of all applicable import and export regulations and laws, including International Traffic in Arms Regulations and Export Administration Regulations. Our Export Control Marking Procedure and Export Control Classification Procedure help reinforce sound operating practices for trade compliance and export controls.

We require team members to complete online training courses that promote a strong knowledge of our policies and procedures. We review training priorities annually to balance organization training with other business priorities. We require team members to complete online training courses that promote a strong knowledge of our policies and procedures. We review training priorities annually to balance organization training with other business priorities.

We encourage team members to ask questions and report any suspected conduct violations. Our Reporting Up Policy includes guidance on how to bring concerns to the company’s attention. We provide multiple mechanisms to facilitate reports of potential misconduct and whistleblowing, including both anonymous and identified methods. Our company Ethics Hotline is available 24 hours a day, 7 days a week. We are committed to protecting whistleblowers from retaliation and to promptly investigating all matters raised concerning ethical and appropriate conduct.

Information Security

Maxar is dedicated to protecting our network and systems from cyberthreats and the loss of customer, team member and corporate information. Our resilient security capabilities support the growth and velocity of the business while protecting the confidentiality, integrity and availability of our advanced space technology solutions, imagery data and proprietary analytics. Maxar manages information security across three distinct, integrated areas: cybersecurity, data privacy, and physical and personnel security.

Cybersecurity

Maxar is committed to continuous improvement and maturation in our customer information systems and network security capabilities. We aim to secure Maxar’s environment against evolving threats while protecting our critical business functions, brand and reputation. Maxar prioritizes identifying and addressing cybersecurity trends, advancements, threats and activities in a timely manner. We make significant investments in sophisticated technology and services that provide in-depth protection of our environment, including 24x7 cybersecurity monitoring. To protect against cybersecurity incidents and other tactical and emerging risks, we regularly conduct phishing tests and perform vulnerability assessments. We also test our incident response plan and perform penetration testing at least annually.

We have implemented the National Institute of Standards and Technology special publication 800-171 and Cybersecurity Maturity Model Certification (CMMC) framework as a key element of our program and as a focus area across our corporate infrastructure. This framework includes policies and standards that provide overarching governance of cybersecurity across our multiple environments, as well as ongoing compliance reviews and assessments, to include third-party risk reviews.

To institutionalize a risk-aware culture, we have mechanisms in place for reporting cybersecurity risks. We utilize enhanced and rigorous security platforms, meeting the demanding needs of our customers, including the U.S. government, as well as our own high standards for security. Maxar leads regular security awareness initiatives to educate our team members about cyber risks in their professional and personal lives. We also conduct training activities on a continuous basis that are aligned to the current cyberthreat landscape.

For information on managing cybersecurity within our supply chain, see Procurement and Supply Chain Management webpage.

Data Privacy

We value the privacy, security and confidentiality of team member and customer information. Maxar’s Data Privacy Officer oversees our companywide Data Privacy Compliance Program. This program addresses foreign and domestic privacy laws and which focuses on protecting and minimizing the amount of personal information stored. Maxar also maintains statements that advise various types of data subjects of Maxar’s related privacy practices. These include a Website and Visitors Privacy Statement and Employment Candidate Privacy Notice to guide collecting personal information during the application and recruitment process.

We conduct an annual review of all personal information holdings to ensure adequate balance between our justified business uses of personal information and the privacy interests of individuals. Maxar’s Data Privacy Compliance Program affords individuals all applicable rights under the European Union and United Kingdom General Data Protection Regulation, as well as U.S. state laws concerning notice, usage and deletion of personal information holdings within Maxar. Training on data privacy focuses on increasing the security of our internal and customer data. We educate our team members on the importance of data classification and on how to create, collect, use, share, store and dispose of personal information. Team members must review and acknowledge the Personal Information and Privacy Policy annually.

Physical and Personnel Security

Maxar prioritizes the physical safety and security of our people and assets. We have a physical protection standard to protect against the potential loss of intellectual property, other sensitive information and unauthorized access to assets. The measures we take are designed to protect information and provide a safe work environment.

A common denominator in upholding information security is people. Maxar’s human resources and security policies and activities strive to ensure our personnel meet our standards and minimize risk. We are committed to the protection of personnel, facilities, information, equipment, networks and systems from insider risks in compliance with the National Industrial Security Program. As a U.S. Department of Defense (DoD)-cleared defense contractor, Maxar maintains a mandatory Insider Risk Program designed to safeguard sensitive government information.

The Insider Risk Program applies to all Maxar team members, applicable contractors, projects, operations and other activities conducted on behalf of the company. We provide team members with an annual security refresher training, workplace safety training and insider risk awareness training. Additionally, all cleared Maxar team members undergo Security Education Awareness and Training in compliance with National Industrial Security Program requirements and other government customer unique requirements.