GovernanceResponsible governance is a cornerstone of our business. It starts with strong structural and oversight frameworks to guide sound policies and continues with engaged employees who embrace ethical practices.
Responsible governance is a cornerstone of our business. Good governance starts with strong structural and oversight frameworks at the Board and leadership levels to guide sound policies and continues with engaged employees who embrace ethical practices. In addition to business ethics, risk management, and responsible supply chain, we specifically focus on robust data security and privacy programs to ensure the integrity of our systems and our customers’ data.
We protect the confidentiality, integrity, and availability of DataBank and customer information and information systems. The DataBank security program, led by our Chief Information Security Officer (CISO) and implemented by our security and compliance teams, is designed to ensure that our company’s and customer information systems are reasonably protected from threats, intrusion, and disruption. We implement a standardized control framework (NIST SP800-53R5 and ISO27001:2022) of physical and cybersecurity that balances business and customer needs by advising our clients – both internal and external – on how to integrate security into every facet of their organizations, consenting to proper use of security controls, frameworks, and functions, and empowering each customer to implement effective, robust, and consumable security and compliance functions.
DataBank goes above and beyond standard cybersecurity practices to support the security and compliance needs of our customers through numerous certifications, authorizations, and accreditations, and industry leading published white papers, comments, webinars, and podcast appearances. We are annually recertified for major compliance frameworks, including: FedRAMP, FISMA, SSAE21 SOC, SOC2 and SOC3, ISO27001, HIPAA, PCI-DSS, NIST SP800-53R4, GLBA, CSA-STAR, and Privacy Shield – GDPR.
All employees and contractors are required to complete annual security training, and we report defined security or system disruption events quarterly to our Board of Directors and annually through our corporate responsibility report.
Fostering an ethical business culture and conducting our work honestly, legally, and in line with our values is a high priority at DataBank. The Board of Directors has direct oversight of our business ethics policies, and our HR and Compliance teams ensure implementation, training and compliance. We create a culture of ethical integrity through policy acknowledgement and on-line training programs around fraud, anti-corruption and anti-bribery, anti-harassment, human rights, EHS, inclusivity and unconscious bias, security and privacy, whistleblower, and other codes of conduct within our Employee Handbook. Further, we have dedicated a quarter to education and awareness around business ethics. Our publicly available policies can be found in the links below.
To maintain compliance with our policies, we encourage any of our stakeholders to submit concerns of violations anonymously through our whistleblower hotline. Employees are also welcome to submit concerns through their management or to HR directly. We are committed to protecting whistleblowers from retaliation and to promptly investigating any matters raised concerning ethical and appropriate conduct.
DataBank’s Board of Directors has been developed specifically with an eye toward sound and inclusive governance as well as board independence. We are committed to including traditionally underrepresented groups on the board and to delivering best-in-class board participation through our “shared governance” by ensuring:
• Diverse representation of both investors and CEO/management
• Equal vote for all board members with a majority required for all decisions
• Key decisions require a supermajority approval that includes certain major investors
DataBank seeks to identify, mitigate, and prepare for business impacts before they happen. We are aligned with the COSO internal Control Integrated Framework and implement comprehensive company-wide risk assessments to develop a strategic, risk-based annual internal audit plan. Remaining true to our proactive approach, we strive to anticipate, mitigate, and prepare for potential business impacts by identifying, assessing, and managing risks across all business areas including finance, operations, strategy, corporate responsibility, EHS, and information security.
We have put controls and plans in place to mitigate different risks. This includes industry standard controls across our financial systems and information, something beyond the normal course of business for a privately held company. We utilize robust security controls to minimize the risk of physical or cyber security impacts and ensure integrity in our financial statements. Additionally, we prepare for natural disasters and climate change risk through our standard building design which incorporates redundant power and cooling systems. We plan for the unexpected through Emergency Action Plans, Business Continuity Plans, and Disaster Preparedness. We site our facilities with risk assessment in mind and avoid building in 500-year flood plains. When we do build in areas with increased risk of natural disasters, we incorporate robust building standards to withstand floods, fires, earthquakes, and wind.
To protect the integrity of our business, DataBank engages in responsible supply chain practices. We verify suppliers during vendor onboarding and incorporate supply chain risks in our enterprise risk management practices. Additionally, DataBank suppliers are subject to the DataBank Supplier Code of Conduct and Environmental Health and Safety Policies.
Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.
