Maxar’s Cybersecurity Program protects the assets, data and information of our team members, business, customers and partners on our network. We strive to educate our supply chain on the importance of adhering to cybersecurity controls and solicit questionnaire responses from our partners and subcontractors regarding their security posture.
Our Supplier Code of Conduct and contractual terms and conditions set clear expectations for suppliers to protect our confidential, proprietary and personal information. We prohibit suppliers from using Maxar information for any purpose beyond the scope and purpose of the parties’ supply agreement. Suppliers must also respect the rights of third parties, including third-party intellectual property. Third-party risk is assessed prior to a supplier processing, storing or transmitting Maxar information.
Maxar expects suppliers will implement practices and procedures to ensure the security of their supply chain. Suppliers and their upstream suppliers who either ship directly or package goods for shipment must comply with all requirements of SAFE Framework security programs of the destination country. Such programs include, for example, the Customs-Trade Partnership Against Terrorism Initiative of the U.S. Department of Homeland Security and other Authorized Economic Operator programs.
We also expect suppliers to develop, implement and maintain methods and processes appropriate to their products and services to minimize the risk of introducing counterfeit parts and materials into deliverable products. Effective processes should be in place to detect counterfeit parts and materials, as well as to mark parts obsolete as appropriate.
Maxar’s suppliers are responsible for safeguarding and protecting all information provided by Maxar, as well as information generated or developed in support of Maxar programs, from unauthorized access, destruction, use, modification or disclosure. Critical suppliers must have risk-based cybersecurity programs designed to mitigate threats to their information systems, products, services and supply chains and to comply with all applicable contractual and legal requirements. Maxar requires suppliers to self-certify their status related to recognized standards.
We protect human rights across our company, and we expect the same of our partners, vendors and suppliers. Maxar’s policies, practices and procedures reflect a strong commitment to human rights as set forth in the United Nations Universal Declaration of Human Rights. As communicated in our Anti-Human Trafficking and Slavery Statement as well as our Human Rights Statement, we prohibit harassment, bullying, discrimination, use of child or forced labor or trafficking in persons for any purpose.
Maxar will not tolerate human trafficking, child labor or slavery in any part of our global organization or that of our suppliers. Additionally, Maxar expects suppliers to provide a healthy, safe and productive workplace where their team members and representatives are treated with respect, appreciation and dignity.
Maxar monitors active third parties and suppliers to assess business risks, including the ability to comply with global anti-corruption and anti-bribery laws, such as the Foreign Corrupt Practices Act, the UK Bribery Act, Canada’s Corruption of Foreign Public Officials Act and the OECD Anti-Bribery Convention.Maxar conducts additional due diligence on suppliers that the business deems high-risk. During the screening process, high-risk third-parties are required to submit business information designed to better understand the potential risks associated with the supplier. For example, Maxar asks suppliers to identify if the organization conducts business in any countries that Maxar has determined to have heightened exposure to compliance, security and human rights risks.
Upon receipt of submitted responses, Maxar’s Compliance team will review a risk assessment report and apply risk-based criteria. Finally, the Compliance Office will advise of its recommended approval or denial based on risk. Due diligence renewals are based on risk. Due diligence renewals are based on risk; however, all third parties are continuously monitored for changes impacting their risk categorization. Higher-risk third parties should be reviewed annually while medium- to low-risk third parties should be reviewed prior to contract renewal.