CMC 2024 Sustainability Report
  1. Governance
  2. Our Governance Structure
  3. Data Privacy & Security
Data Privacy and Security

Data Privacy & Security

  • 2-23 Policy commitments
  • 2-24 Embedding policy commitments
  • 2-25 Processes to remediate negative impacts

We are committed to protecting the company’s information systems from cybersecurity threats to ensure the safety and privacy of proprietary data and information involving our business, employees, vendors and customers. CMC complies with all applicable regulations regarding data privacy and security in the countries where we operate, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and similar federal and state regulations.

Our cross-functional information security team is responsible for data protection policy development, including our Cyber Security Policy, as well as threat monitoring and auditing. Our data protection roadmap, which aligns with the Center for Internet Security’s Top 18 Critical Security Controls and additional frameworks including the National Institute of Standards and Technology (NIST), includes procedures such as multi-factor authentication and security vulnerability management. To protect against emerging threats, we regularly engage third-party experts to assess our cybersecurity controls and vulnerabilities and upgrade our systems and controls as appropriate.

Information security metrics are tracked monthly and reported to the chief information officer and others, as appropriate. Our information security team provides quarterly cybersecurity briefings to the Board’s Audit Committee and briefs the full Board annually. Our employees receive regular training on avoiding and mitigating information security risks including phishing, malware, viruses and hacking, and protecting sensitive data from breaches or cyber incidents.