Data Security and Privacy

We maintain valuable information and technology assets – data, systems, and applications – that are critical to our operations and our success as an enterprise. Our business has both an increasing reliance on IT systems and an increasing digital footprint as a result of changing technologies, connected devices and digital offerings, and remote work policies. We hold ourselves accountable for securing these assets and for continuing to build our resilience against possible cyber threats. We have the same expectations for our contractors and outside services companies, including our information technology service providers. We also prioritize data security and privacy in connection with our digital innovation efforts. Some of our products contain hardware and software that connect to the Internet or other networks or use analytics capabilities, and it is vital to maintaining customer trust that our digital products provide adequate data security and privacy protections.

Managing Risk

We regularly assess our threat landscape and monitor our systems and other technical security controls, maintain information security policies and procedures, including a breach response plan, ensure maintenance of backup and protective systems, and have a team of security personnel managing our efforts and initiatives. We regularly review our policies, practices, and plans with assistance from third-party experts and advisors managing our efforts and initiatives. We make updates as needed as we seek to comply with applicable regulations. Our Board has established a risk management process to identify and manage material risks at the enterprise level, including the potential impact of key cybersecurity threats. The full Board meets with the Senior Vice President & Chief Digital Officer (CDO) and our Chief Information Security Officer (CISO) on at least an annual basis to discuss our cybersecurity posture. The Board also periodically receives targeted briefings related to cybersecurity and reviews our incident response capabilities. The CDO is responsible for corporate-wide data security, and the CISO is responsible for developing, implementing and enforcing security policies to manage our overall cybersecurity risks.

From an operational perspective, we use vulnerability scanning tools to assess potential cyber security risks across our businesses. We correlate the results and prioritize any actions based on threat modeling analysis and monitor any actions in-progress with the system owners based on assigned timelines for remediation. However, patch and vulnerability management, including for products and information assets, remains a complex and key risk that can lead to exploits, security breaches and service disruption. In addition, our online employees participate in cyber, information security, and privacy training at least annually.

Digital Products and Services Security

Our businesses increasingly complement our product component or equipment offerings with digital solutions, such as connected products, sensors, and software. We recognize the various factors driving customer demand for strong product security, including evolving regulatory requirements, cybersecurity requirements, industry-specific guidance, business needs, and the desire to manage the supply chain. We believe that integrating security measures into our digital products and services can help to differentiate our product offerings and increase relevance with our customers.

Our product security efforts are informed in part by industry security standards such as ISA 62443, UL 2900-1, and certain standards from the National Institute of Standards & Technology. As part of our efforts, we conduct risk assessments and prioritize security validation of our products. For example, we conduct security testing and remediation on a risk-based prioritized basis prior to releasing certain products into the market, as well as periodically post-release to discover potential issues in code, firmware, and protocols and to consider potential security patches or future version updates. We have received System and Organization Controls 2 (SOC 2) certifications for some of our digital service offerings and continue to strive to meet similar requirements for other solutions.

Upholding Data Privacy

Privacy and security go hand in hand. We strive to protect personal data through reasonable technical and organizational security measures including technical security tools, restrictions on access to data, and physical security measures to help prevent unauthorized or unlawful access, disclosure, loss, destruction, or damage. We use personal data for legitimate business purposes, maintain appropriate access controls, and use limitations throughout our systems and products.

Our employees are required to follow applicable privacy, information security, and data protection laws, including the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), where applicable. With our advisors, we monitor regulatory developments concerning privacy globally, and we take steps to implement safeguards designed to comply with those regulations. Our Global Data Privacy Policy sets forth the principles that govern our treatment of personal data. Our policy on the Acceptable Use of Dover Electronic Equipment, Systems, and Data governs the use and protection of information about our company and information that is stored on our computers and mobile devices. Our policies restrict individuals’ access to personal data to those that need such access to accomplish a business objective and allow access only as necessary.

We endeavor to follow data privacy best practices and have established specific governance structures to help us reflect and improve upon our data privacy processes. In that regard, we leverage a cross-functional Data Privacy Council that meets to discuss developments in global privacy law and to implement changes as needed to facilitate regulatory compliance.

Our data privacy efforts extend to our products, our suppliers, and other third parties with whom we do business. We maintain an eye toward privacy by design: our innovation efforts aim to take privacy considerations into account as part of the product development lifecycle. We also require that any supplier or business partners handling our data and the data of our employees and customers to comply with applicable regulations.