Security, cybersecurity, and privacy

We are committed to protecting our people, workplaces, and operations, and respecting communities globally through intelligence-based risk mitigation measures. The Baker Hughes security team is horizontally structured to support product companies, functions, and regions, in accordance with global risk and operational structure.

签署《联合国全球契约》(UN Global Compact),贝克拥抱hes also aligns with the principles outlined in the Voluntary Principles on Security and Human Rights. Internal training and awareness resources were developed in 2021 to further embed these principles into our operations. Starting in 2022, security personnel are now required to complete related training and monthly employee and contractor awareness sessions delivered by the Security Team also include elements on principles on security and human rights.

100% of Baker Hughes Security personnel, including embedded Security contractors, have completed training on principles on security and human rights, and annual refresher training will be required going forward. Our security vendors are expected to adhere to the Baker Hughes Supplier Integrity Guide, which includes guidelines on Human Rights. We are also working to incorporate principles on security and human rights into future requests for proposals and tenders to ensure all security suppliers and contractors understand and adhere to our commitments to ethical business conduct going forward.

Throughout 2021, the Security Team also remained focused on protecting the safety and security of our employees, supporting the company's ongoing COVID-19 response, and increasing preparedness for other potential unplanned situations. This includes supporting the ERM program and security risk associated with a response to a significant disruption event.

Baker Hughes takes cybersecurity and data privacy very seriously. We are committed to individual's rights to data protection and privacy, building digital trust through sound oversight of cybersecurity and data privacy protections, the responsible use of data and technology. We protect our digital systems and data through a comprehensive cybersecurity management program and we operate a comprehensive Cyber Fusion Center to coordinate resources, reduce incident response time, and shift toward a proactive cyber-defense model.

Oversight responsibilities for our cybersecurity and privacy programs and risks lie with the Audit Committee of our Board of Directors. The Board appreciates the rapidly evolving nature of cyber threats and is committed to the prevention, timely detection, and mitigation of the effects of any such incidents on the Company and our stakeholders. Our Board is actively engaged in the oversight of our cybersecurity program. Our Audit Committee receives reports on the Company's cybersecurity program and developments from our Chief Information Officer and Chief Information Security Officer at each of our regular Board meetings. These reports include analyses of recent cybersecurity threats and incidents across the industry, as well as a review of our own security controls, assessments and program maturity, and risk mitigation status.

At the operational level, we take a cross-functional and collaborative approach to address and mitigate cybersecurity and privacy risks, with the Chief Information Security Officer and Cyber Fusion Team working with legal, Privacy Office, controllership, and the internal audit functions.

Image

We leverage the National Institute of Standards and Technology (NIST) cybersecurity framework to drive strategic direction and maturity improvement. We also engage third party security experts for risk assessments and program enhancements, including ransomware vulnerability assessments, cybersecurity tabletop exercises and internal phishing awareness campaigns. We also maintain information security risk insurance coverage. The Company has not experienced a material cybersecurity breach to date.

We also include multi-domain cybersecurity training as part of our required annual training program. In addition, training and awareness is integrated and continues throughout the year, utilizing various delivery methods such as phishing campaigns, live training sessions, and informational articles.

亚博竞彩App贝克休斯全球数据隐私保护程序place which is designed to ensure that personal data will be protected and handled in accordance with applicable law, Baker Hughes policies, and applicable contractual obligations. The mandate and goal of our Global Data Privacy Program is to mitigate risks and create a global framework for data privacy-compliant business operations. We drive accountability for responsible use of data and technology through our Company's Values, our Code of Conduct, and our compliance and integrity programs. We have mandatory cybersecurity and privacy trainings and ongoing awareness campaigns for our employees to understand Baker Hughes policies and compliance requirements relevant to their functions. This helps to build our employees' capacity to handle data correctly and with clear accountability and it safeguards our Company by providing data privacy risk assurance.

Cornerstones: people, process, and technology. It is based on international standards, regulations and industry best practices, such as:

• NIST Cybersecurity Framework -Framework for management of cybersecurity risks
• ISO 27001 - Information technology - Security techniques
• IEC-62443 suite - Industrial Network and System Security

This holistic approach seeks to ensure that organizational and technical security measures are integrated into the product development lifecycle at all stages, from requirements specification, to design, implementation, operation and maintenance. Methods and tools commonly accepted by both the security and industry communities are used to ship products free of known vulnerabilities. Baker Hughes serves as a trusted partner to energy-related operators willing to keep or improve their operational security posture.