/ Company /
As the WM customer experience increasingly moves online, we recognize the need to enhance our internal training to protect IT resources from cyber threats. WM’s Digital department is constantly reviewing information on emerging threats while managing security systems that include spam management, a simple-to-access phishing alert and management tool, real-time response to potential threats and entity-wide training. We continually test our information security network with external audits by third-party experts, Mandiant Solutions and Optiv Security Inc. Our company-wide information security program is benchmarked against National Institute of Standards and Technology (NIST) standards and we have an information security insurance policy in place should an attack be successful.1
Employee education, training and coaching are an important element of data security. Our intranet provides a full-service resource for information on how to identify and resist social engineering attempts; tips on the latest phishing techniques and how to spot them; company policies and support on encryption; computer and data security; internal procedures and authorizations; and policies on use of mobile devices. In mid-2017, as part of an enhanced risk identification and management process, we began to include scenario planning for minor to severe cyber threats with an eye to improving system resilience. In 2019, we launched a comprehensive program to further enhance our cybersecurity profile.
Our employees are regularly educated on our information security program. This includes an initial training as part of our new hire process, and two annual trainings. Information security is included as part of a Company Information and Assets section in our Code of Conduct training, which is mandatory for all employees annually. We also mandate that all employees and contractors with access to WM computer resources take an annual Security Awareness Training.
The Audit Committee of WM’s Board of Directors has responsibility for oversight of information and cyber security and assessment of cyber threats and defenses. Our Audit Committee receives reports from senior executives in our Digital department, including our Senior Vice President and Chief Digital Officer, at least twice a year.
- WM is not audited to FedRamp or SOC 2 standards. Such standards apply to IT service providers and are not applicable to our business. WM does not currently have ISO 27001 certification, and we believe such certification is not commonly obtained for U.S. businesses similar to WM.