As a global organization, CMC prioritizes data security and privacy. We annually benchmark our BitSight Security Rating and maintain a top score of 810-820.
We remain diligent in our efforts to protect proprietary data and sensitive information relating to our business, employees, vendors and customers. We comply with important and rigorous local and international standards related to data use, including the EU General Data Protection Regulation, the California Consumer Privacy Act and the Sarbanes-Oxley Act.
A cross-functional team of representatives from Information Technology, Information Security, Internal Audit, Legal, Human Resources and other business departments is responsible for data-related policy development, monitoring and auditing. Our data protection tactics include document retention, multi-factor authentication and security vulnerability management. These are outlined in our Cyber Security Policy which is reviewed and updated regularly to stay ahead of the ever-changing digital security environment. Our security risk profile and security roadmap align with the Center for Internet Security’s Top 18 Critical Security Controls and the NIST framework .
We regularly engage third-party experts to assess our cybersecurity controls and vulnerabilities and upgrade our systems and controls as appropriate. We test and update our Cyber Incident Response Plan annually. Each month, we track security metrics and report findings to the chief information officer and others as appropriate. We continue to train our employees throughout the year about malware, viruses, hacking, phishing and other information security risks, including how to avoid and mitigate them and how to protect our sensitive data from failures, breaches or cyber incidents.
As a result of our robust data and systems security practices, we did not have a material security breach during the reporting period.