CSAA IG ESG Report 2022 - Flipbook - Page 34
Governance
2022
ESG Report
From Our CEO
In late March 2022, we held Lighten
Up Week, a records clean-up event
in the interest of lowering volume and
storage costs, reducing privacy risk
and supporting regulatory retention
requirements. It also helps reduce
our carbon footprint: Less data in the
cloud means fewer emissions.
Lighten Up Week
Data Protection Training
Data Classification
Standard Roadshow
Cyber Expo
Working Remotely
Compliance Course
We deployed new Data Protection
Training for the entire enterprise
highlighting how to classify and
BACK TO TOP
Environmental
Social
Governance
handle data appropriately. Reflecting
the importance of this sometimescomplicated issue, we launched
a Data Classification Standard
Roadshow, visiting virtual town
halls across CSAA to discuss the
importance of data classification as a
key risk-mitigation technique against
unauthorized access and disclosure
of confidential information.
2022 continued to present many
challenges, including moving to a
fully hybrid working environment,
which required ongoing ways for
our employees to work securely
from home on a temporary and/
or permanent basis. We introduced
a new Cyber Essentials: Working
Remotely compliance course, and
updated existing training courses,
policies, processes, standards, and
technologies. These efforts extend
throughout the organization, including
the CSAA Board of Directors.
During Cybersecurity Awareness
month in October, we launched a
month-long Cyber Expo, kicking off
with a fireside chat led by the Chief
Information Security Officer and
featuring a panel comprising our CEO,
CIO and a former U.S. Department
of Justice and Secret Service agent,
followed by sessions on phishing,
data protection, privacy and incident
response. In addition, we continue
to implement privacy and security
controls to reduce the likelihood of
loss, misuse, or other inappropriate
disclosure of personal information.
Examples include ongoing testing
and courses on email phishing
and security best practices, and
data classification and handling
applications, among other initiatives.
All employees and contingent
workers are required to comply with
the company’s privacy and security
notices, policies, processes, and
standards. In addition, we require
employees and contingent workers to
take an annual information security
awareness course, as well as other
role-based privacy and security
training courses.
