Data Security and Privacy

We maintain valuable information and technology assets – data, systems, and applications – that are critical to our operations and our success as an enterprise. We hold ourselves accountable for securing these assets and for continuing to build our resilience against possible cyber threats. We have the same expectations for our information technology service providers. We also prioritize data security and privacy in connection with our digital innovation efforts. Some of our products contain hardware and software that connect to the Internet or other networks or use analytics capabilities, and it is vital to maintaining customer trust that our digital products provide adequate data security and privacy protections.

Managing Data Security Risk

We employ the widely recognized National Institute of Standards & Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Cybersecurity Framework) to manage cybersecurity risk. This voluntary guidance was developed with private sector input and provides a framework and a toolkit for organizations to manage cybersecurity risk. We regularly assess our threat landscape and monitor our systems and other technical security controls, maintain information security policies and procedures, including a breach response plan, ensure maintenance of backup and protective systems, and have a team of security personnel managing our efforts and initiatives. Further, our full Board of Directors is briefed on enterprise-wide cybersecurity risk management and our overall cybersecurity risk environment, oversees major tasks related to cybersecurity risk management, and periodically reviews our incident response capabilities.

From an operational perspective, we use vulnerability scanning tools to assess potential data security risks across our businesses. We correlate the results and prioritize any actions based on threat modeling analysis and monitor any actions in-progress with the system owners based on assigned timelines for remediation. In addition, our online employees participate in cyber, information security, and privacy training at least annually.

Product Data Security

Our businesses increasingly complement our component or equipment offerings with digital solutions (such as connected products, sensors and software). We recognize the pressures – such as evolving regulatory requirements, industry specific guidance, business needs, the desire to manage supply chain and other risks – driving customer demand for strong product security. We believe that integrating security measures into our digital products and services helps to differentiate our product offerings and increase relevance with our customers.

We focus on training our engineers, software architects, technical support staff, and product owners to follow the security by design approach. We conduct ongoing risk assessments and prioritize security validation of our products. We follow Industry Security Standards such as ISA 62443, UL 2000-1, and the NIST Cybersecurity Framework. We conduct security testing and remediation on a prioritized basis prior to formal product general availability and then on an ongoing basis in an effort to discover potential issues in code, firmware, and protocols.

Additionally, certain of our new products that feature risk characteristics such as high connectivity, the potential for significant physical safety or business disruption impact, or use in critical infrastructure settings, undergo third party security validation or certification.

Upholding Data Privacy

Privacy and security go hand in hand. We strive to protect personal data through reasonable technical and organizational security measures including technical security tools, restrictions on access to data, and physical security measures to help prevent unauthorized or unlawful access, disclosure, loss, destruction, or damage. We access and use personal data for legitimate business purposes and maintain appropriate access controls and use limitations.

Our employees are required to follow all applicable privacy, information security, and data protection laws, including the EU General Data Protection Regulation and California Consumer Privacy Act, where applicable. Our Global Data Privacy Policy sets forth the principles that govern our treatment of personal data, while our policy on the Acceptable Use of Dover Electronic Equipment, Systems, and Data governs the use and protection of information about our company and information that is stored on our computers and mobile devices. Our policies restrict individuals’ access to personal data to those that need access to accomplish a business objective and allow access only for so long as it is necessary.

We endeavor to follow data privacy best practices and have established specific governance structures to regularly reflect and improve upon our data privacy processes. In that regard, we leverage a cross-functional Data Privacy Council that meets regularly to discuss developments in global privacy law.

We also maintain an eye toward privacy by design and our innovation efforts take privacy considerations into account as part of the product development lifecycle.