Data Security and Privacy

We maintain valuable information and technology assets – data, systems, and applications – that are critical to our operations and our success as an enterprise. Our business has both an increasing reliance on IT systems and an increasing digital footprint as a result of changing technologies, connected devices and digital offerings, as well as expanded remote work policies. We hold ourselves accountable for securing these assets and for continuing to build our resilience against possible cyber threats. We have the same expectations for our information technology service providers. We also prioritize data security and privacy in connection with our digital innovation efforts. Some of our products contain hardware and software that connect to the Internet or other networks or use analytics capabilities, and it is vital to maintaining customer trust that our digital products provide adequate data security and privacy protections.

Managing Risk

Our cybersecurity risk management practices are based on the widely recognized National Institute of Standards & Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Cybersecurity Framework). This voluntary guidance was developed with private sector input and provides a framework and a toolkit for organizations to manage cybersecurity risk. We regularly assess our threat landscape and monitor our systems and other technical security controls, maintain information security policies and procedures, including a breach response plan, ensure maintenance of backup and protective systems, and have a team of security personnel managing our efforts and initiatives. We regularly review our policies, practices and plans with assistance from experts and advisors. We make updates as needed as we seek to comply with applicable regulations. Further, our full Board of Directors is briefed on enterprise-wide cybersecurity risk management and our overall cybersecurity risk environment, oversees major tasks related to cybersecurity risk management, and periodically reviews our incident response capabilities.

From an operational perspective, we use vulnerability scanning tools to assess potential data security risks across our businesses. We correlate the results and prioritize any actions based on threat modeling analysis and monitor any actions in-progress with the system owners based on assigned timelines for remediation. In addition, our online employees participate in cyber, information security, and privacy training at least annually.

Product Data Security

Our businesses increasingly complement our component or equipment offerings with digital solutions (such as connected products, sensors and software). We recognize the various factors driving customer demand for strong product security, including: evolving regulatory requirements, customers cybersecurity requirements, industry specific guidance, business needs and the desire to manage supply chain. We believe that integrating security measures into our digital products and services helps to differentiate our product offerings and increase relevance with our customers.

Our product security efforts are based on industry security standards such as ISA 62443, UL 2000-1, and the NIST Cybersecurity Framework. As part of our efforts, we conduct ongoing risk assessments and prioritize security validation of our products. We conduct security testing and remediation on a prioritized basis prior to formal product general availability and then on an ongoing basis in an effort to discover potential issues in code, firmware, and protocols. We focus on training our engineers, software architects, technical support staff, and product owners to follow the security by design approach.

Additionally, certain of our new products that feature risk characteristics such as high connectivity, the potential for significant physical safety or business disruption impact, or use in critical infrastructure settings, undergo third party security validation or certification.

Upholding Data Privacy

Privacy and security go hand in hand. We strive to protect personal data through reasonable technical and organizational security measures including technical security tools, restrictions on access to data, and physical security measures to help prevent unauthorized or unlawful access, disclosure, loss, destruction, or damage. We access and use personal data for legitimate business purposes and maintain appropriate access controls and use limitations.

Our employees are required to follow all applicable privacy, information security, and data protection laws, including the EU General Data Protection Regulation and California Consumer Privacy Act, where applicable. With our advisors, we monitor regulatory developments concerning privacy globally, and we take steps to implement safeguards to move to compliance with those regulations. Our Global Data Privacy Policy sets forth the principles that govern our treatment of personal data, while our policy on the Acceptable Use of Dover Electronic Equipment, Systems, and Data governs the use and protection of information about our company and information that is stored on our computers and mobile devices. Our policies restrict individuals’ access to personal data to those that need access to accomplish a business objective and allow access only for so long as it is necessary.

We endeavor to follow data privacy best practices and have established specific governance structures to regularly reflect and improve upon our data privacy processes. In that regard, we leverage a cross-functional Data Privacy Council that meets regularly to discuss developments in global privacy law.

Our data privacy efforts extend to our products and our suppliers. We maintain an eye toward privacy by design: our innovation efforts take privacy considerations into account as part of the product development lifecycle. We also require that any supplier handling our data and the data of our employees and customers implement and comply with applicable regulations.