ESG Report - Report - Page 75
STRATEGY
LOW-CARBON
ENVIRONMENT
SAFETY
COMMUNITY
PEOPLE
GOVERNANCE
Cybersecurity
All Valero employees are required to complete annual
computer-based cybersecurity and IT training. We
engage third-party experts regularly to conduct
cybersecurity and risk assessment testing, including
penetration testing, firewall reviews and PCI Data
Security Standard testing. In addition, we continue
taking steps to reduce our vulnerability to such attacks,
including through an ongoing cybersecurity awareness
program.
Information Security Governance - The Audit
Committee has formal oversight responsibilities
concerning Valero’s initiatives and strategies respecting
cybersecurity and IT risks. At least once annually,
heads of our Information Services and Internal
Audit teams provide a report to the Committee on
Valero’s information security operations, structure
and framework; various cyber and IT security metrics;
Valero’s cybersecurity management program,
improvement efforts and future projects; and Valero’s
governance and assessments related to cyber and IT
security.
As part of the ongoing process of educating
and training employees, Valero celebrates
National Cybersecurity Awareness Month
every year in October with training sessions,
videos, presentations and news reminders
to help employees to identify and prevent
potential information security issues at Valero.
Our Information Security Framework
Secure
Vigilant
Resilient
Controls that help build in
security and protect against
known threats
Controls that help maintain
security through continuous
monitoring
• Security awareness and
training
• Vulnerability management
• Resilience & recovery
• Cyber threat intelligence
• Risk & compliance
management
• Endpoint monitoring
• Incident response &
forensics
• Identity & access
management
Controls that provide the
capability to respond and
recover quickly
• Cybersecurity operations
• Data protection &
management
• Infrastructure security
• Application security &
secure development
• Asset & change
management
• Third-party risk
management
• Physical & environmental
security
Valero I/S professionals at company headquarters
in San Antonio, Texas.
ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT •
75
