/ Company /
As the WM customer experience increasingly moves online, we recognize the need to enhance our internal training to protect IT resources from cyber threats. WM’s Digital department is constantly reviewing information on emerging threats while managing security systems that include spam management, a simple-to-access phishing alert and management tool, real-time response to potential threats and entity-wide training. We continually test our information security network with external audits by third-party experts. Our company-wide information security program is benchmarked against National Institute of Standards and Technology (NIST) standards, and we have an information security insurance policy in place should an attack be successful. 1
Employee education, training and coaching are an important element of data security. Our intranet provides a full-service resource for information on how to identify and resist social engineering attempts. Additionally, it provides tips on the latest phishing techniques and how to spot them, company policies and support on encryption, computer and data security, internal procedures and authorizations, and policies on use of mobile devices. As part of an enhanced risk identification and management process, we include scenario planning for minor to severe cyber threat to improve system resilience.
Our employees are regularly trained on our information security program, which includes an initial training as part of our new hire onboarding, and two annual trainings for all desk employees. Information security is included as part of a Company Information and Assets section in our Code of Conduct training, which is mandatory for all employees to complete annually. We also mandate that all employees and contractors with access to WM computer resources take an annual Security Awareness Training.
The Audit Committee of WM’s Board of Directors has responsibility for oversight of information and cybersecurity and assessment of cyber threats and defenses. Our Audit Committee receives reports from senior executives in our Digital department, including our Senior Vice President and Chief Digital Officer, at least twice a year.
- WM is not audited to FedRamp or SOC 2 standards. Such standards apply to IT service providers and are not applicable to our business. WM does not currently have ISO 27001 certification, and we believe such certification is not commonly obtained for U.S. businesses similar to WM.