We recognize that cyberattacks represent a potentially significant risk to our company and industry. Cybersecurity is overseen by Cheniere’s Vice President and Chief Information Officer, who manages the technology security team. This team is responsible for maintaining our technology defense posture and program, educating and informing Cheniere’s users about information security risks and how best to avoid them, and developing end-to-end incident response and recovery plans throughout the company. The Board is updated quarterly on the progress made against the cybersecurity road map, our current defense posture and assessments, cybersecurity issues or events, and pertinent industry events related to cybersecurity.
Cheniere’s Information Technology Security Policy follows an “identify, assess and mitigate” approach to cybersecurity, in alignment with the National Institute of Standards and Technology’s Cybersecurity Framework and principles. Through participation with various industry organizations, our staff helps shape cybersecurity guidance and regulation. Our people, processes and technology are continually assessed by industry experts and adjustments made to the overall program to adapt to the ever-evolving cyber and geopolitical landscapes. We also address business continuity to ensure critical systems are available to support operations in the instance of a disruptive event.
We conduct regular internal audits, cross-functional risk mitigation exercises and risk strategy sessions to assess cybersecurity risks, applicable regulatory requirements and industry standards. To support these efforts, we contract with third parties to perform facility and system penetration tests, compromise assessments and security maturity assessments of both our corporate and operational networks. Cheniere also maintains a comprehensive cybersecurity training program to proactively help our personnel identify and assist in mitigating cybersecurity and data security risks. At a minimum, all employees, contractors and Board members participate in annual training with additional issue-specific training as needed.