Governance

Governance

Sustainability Governance

Every Maxar employee plays an important role in fulfilling our commitment to strong ESG performance. Maxar’s ESG strategy is led by our Senior Vice President and General Counsel with support from the Director of Sustainability. The Executive Leadership Team oversees and incorporates ESG initiatives throughout each leader’s respective organizations. With ESG elements rooted in every aspect of the business, functional leaders throughout the company are also accountable for supporting Maxar’s ESG strategy and performance, including through regular assessments and actions to address the risks and opportunities in their organizations that are relevant to the business.

To help guide Maxar’s sustainability strategy, we conduct a materiality assessment that aims to identify and prioritize the ESG topics of greatest importance to Maxar and our stakeholders. As part of the assessment, we survey and discuss ESG topics with various stakeholders, including our leadership, a diverse set of team members, select customers and major suppliers. We also consider ESG issues designated as material by ESG framework organizations and issues relevant to our regulators, industry, and peers. The results of the assessment inform our ESG work and ensure we deploy our efforts and resources where most needed.

Regulatory compliance impacts many areas of our organization, and we recognize that our industry could be affected by future ESG regulations. For example, Maxar could be impacted by proposed and future regulations imposed in response to concerns over climate change or other aspects of the environment and natural resources. We identify and assess regulatory risks to Maxar based on the probability of occurrence and the potential financial or reputational impact to the company. The Maxar Compliance Committee reviews Maxar’s key compliance initiatives and works to identify, prioritize and effectively mitigate key regulatory and ethical risks.

Maxar develops an annual sustainability report using both qualitative descriptions and quantitative metrics to showcase performance across our material ESG topics. This 2022 ESG Report covers Maxar’s operations from January 1 through December 31, 2022, unless otherwise indicated. The report reflects the most accurate information available at the time of publishing. We report data on an operational control basis in which Maxar has the authority to introduce and implement its processes and operating policies. Maxar’s sustainability data represents 75-100 percent of revenue coverage.

Ethics and Compliance

Conducting our work honestly, legally and in line with our core values is a top priority. Maxar’s Compliance Program promotes ethical business practices through communications, guidance, policies and training. The program, led by Maxar’s General Counsel, oversees several policies that are core to responsible business practices. Our Code of Ethics and Business Conduct serves as the foundation for guiding ethical behavior and extends to all Maxar team members and contractors. We also maintain numerous other policies, including Nondiscrimination and Anti-Harassment Policy and Anti-Bribery and Anti-Corruption, to further reinforce strong business practices.

Maxar’s operations are often conducted under licenses issued under the regulations of several agencies of the U.S. government, including the Directorate of Defense Trade Controls and the Bureau of Industry and Security. To maintain our licenses, we must adhere to strict export and trade requirements. Our Compliance Team enforces a Trade Compliance Policy to ensure that team members are knowledgeable of all applicable import and export regulations and laws, including International Traffic in Arms Regulations and Export Administration Regulations. Our Export Control Marking Procedure and Export Control Classification Procedure help reinforce sound operating practices for trade compliance and export controls.

We require team members to complete online training courses that promote a strong knowledge of our policies and procedures. We review training priorities annually to balance organization training with other business priorities. We require team members to complete online training courses that promote a strong knowledge of our policies and procedures. We review training priorities annually to balance organization training with other business priorities.

We encourage team members to ask questions and report any suspected conduct violations. Our Reporting Up Policy includes guidance on how to bring concerns to the company’s attention. We provide multiple mechanisms to facilitate reports of potential misconduct and whistleblowing, including both anonymous and identified methods. Our company Ethics Hotline is available 24 hours a day, 7 days a week. We are committed to protecting whistleblowers from retaliation and to promptly investigating all matters raised concerning ethical and appropriate conduct. Maxar’s Compliance Committee is responsible for the administration of Maxar’s ethics and compliance Hotline. The committee routinely reviews non-compliance events and refers matters to the Executive Leadership Team and Board of Directors as it deems appropriate.

Information Security

Maxar is dedicated to protecting our network and systems from cyberthreats and the loss of customer, team member and corporate information. Our resilient security capabilities support the growth and velocity of the business while protecting the confidentiality, integrity and availability of our advanced space technology solutions, imagery data and proprietary analytics. Maxar manages information security across three distinct, integrated areas: cybersecurity, data privacy, and physical and personnel security.

Cybersecurity

Maxar is committed to continuous improvement and maturation in our customer information systems and network security capabilities. We aim to secure Maxar’s environment against evolving threats while protecting our critical business functions, brand and reputation. Maxar prioritizes identifying and addressing cybersecurity trends, advancements, threats and activities in a timely manner. We make significant investments in sophisticated technology and services that provide in-depth protection of our environment, including 24x7 cybersecurity monitoring. To protect against cybersecurity incidents and other tactical and emerging risks, we regularly conduct phishing tests and perform vulnerability assessments. We also test our incident response plan and perform penetration testing at least annually.

We have implemented the National Institute of Standards and Technology special publication 800-171 and Cybersecurity Maturity Model Certification (CMMC) framework as a key element of our program and as a focus area across our corporate infrastructure. This framework includes policies and standards that provide overarching governance of cybersecurity across our multiple environments, as well as ongoing compliance reviews and assessments, to include third-party risk reviews.

To institutionalize a risk-aware culture, we have mechanisms in place for reporting cybersecurity risks. We utilize enhanced and rigorous security platforms, meeting the demanding needs of our customers, including the U.S. government, as well as our own high standards for security. Maxar leads regular security awareness initiatives to educate our team members about cyber risks in their professional and personal lives. We also conduct training activities on a continuous basis that are aligned to the current cyberthreat landscape.

For information on managing cybersecurity within our supply chain, see Procurement and Supply Chain Management webpage.

Data Privacy

We value the privacy, security and confidentiality of team member and customer information. Maxar’s Data Privacy Officer oversees our companywide Data Privacy Compliance Program. This program addresses foreign and domestic privacy laws and which focuses on protecting and minimizing the amount of personal information stored. Maxar also maintains statements that advise various types of data subjects of Maxar’s related privacy practices. These include a Website and Visitors Privacy Statement and Employment Candidate Privacy Notice to guide collecting personal information during the application and recruitment process.

We conduct an annual review of all personal information holdings to ensure adequate balance between our justified business uses of personal information and the privacy interests of individuals. Maxar’s Data Privacy Compliance Program affords individuals all applicable rights under the European Union and United Kingdom General Data Protection Regulation, as well as U.S. state laws concerning notice, usage and deletion of personal information holdings within Maxar. Training on data privacy focuses on increasing the security of our internal and customer data. We educate our team members on the importance of data classification and on how to create, collect, use, share, store and dispose of personal information. Team members must review and acknowledge the Personal Information and Privacy Policy annually.

Physical and Personnel Security

Maxar prioritizes the physical safety and security of our people and assets. We have a physical protection standard to protect against the potential loss of intellectual property, other sensitive information and unauthorized access to assets. The measures we take are designed to protect information and provide a safe work environment.

A common denominator in upholding information security is people. Maxar’s human resources and security policies and activities strive to ensure our personnel meet our standards and minimize risk. We are committed to the protection of personnel, facilities, information, equipment, networks and systems from insider risks in compliance with the National Industrial Security Program. As a U.S. Department of Defense (DoD)-cleared defense contractor, Maxar maintains a mandatory Insider Risk Program designed to safeguard sensitive government information.

The Insider Risk Program applies to all Maxar team members, applicable contractors, projects, operations and other activities conducted on behalf of the company. We provide team members with an annual security refresher training, workplace safety training and insider risk awareness training. Additionally, all cleared Maxar team members undergo Security Education Awareness and Training in compliance with National Industrial Security Program requirements and other government customer unique requirements.