63
POLICIES AND TRANSPARENT REPORTING
INTRODUCTION
SUSTAINABILITY OBJECTIVES AND STRATEGY
ENVIRONMENTAL
SOCIAL
APPENDICES
Ethics and Compliance ESRT’s Code of Business Conduct and Ethics applies to our board, directors, officers, and employees and is reviewed and overseen by our Nominating and Corporate Governance Committee. We train our employees on the Code on an annual basis and provide additional compliance training on key topics, which include insider trading, anti-harassment and discrimination and cybersecurity. All employees are required to reaffirm their compliance with the Code annually. ESRT is committed to provide a positive work environment and recognizes freedom of association and the right to collective bargaining. 64% of our employees are covered by a collective bargaining agreement.
annually and tested through tabletop exercises that involve management and other key personnel, the board, and outside experts. Department heads are required to consider key technology systems used by their respective teams and the impact to the company and other stakeholders in the event that such systems were compromised or unavailable as part of regular business continuing planning. Our Chief Technology Officer (CTO) is responsible to lead the assessment and management of cybersecurity risks and reports quarterly to the Audit Committee on technology-related programs, strategies, and risks, which include cybersecurity risks. Training All employees must complete mandatory training annually, which includes but is not limited to: • Sexual Harassment • Harassment and Discrimination • Ethics and Whistleblower Mechanism • Insider Trading • Corporate Compliance Manual • Cybersecurity Compliance • Employee Manual
organization) to influence a decision or obtain business. Our Code of Business Conduct and Ethics prohibits the use of company funds and assets for political contributions to any political party and states that no covered persons shall be directed, pressured, or coerced in any manner by a director, officer, or any individual to contribute to any political party, committee, or candidate for or holder of any government office. CYBERSECURITY We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities, and test those systems pursuant to our cybersecurity policies and procedures, which are integrated into the company’s overall risk management framework. To protect our information systems from cybersecurity threats, we use various security tools that help us identify, escalate, investigate, resolve, and recover from security incidents in a timely manner. We partner with third parties to assess the effectiveness of our cybersecurity prevention and response systems and processes, which include a Managed Security Services Provider (MSSP) that provides a 24x7x365 Security Operations Center (SOC), regular phishing tests, cybersecurity training, and an annual penetration test. Additionally, the management team of the company has developed a cyber incident response plan to deploy in the event of a cyber threat. This plan is reviewed and updated
The company actively monitors internal compliance with its Code of Business Conduct and Ethics. Employees are required to speak up about misconduct and report suspected or known Code violations. The Code prohibits retaliation against anyone who raises an issue or concern in good faith. Any waiver of the Code for our directors or executive officers may be made only by our board or one of our board committees. We intend to disclose on our website any amendment to or waiver of any provision of the Code that would be required to be disclosed under the rules of the U.S. Securities and Exchange Commission or the NYSE. ESRT adheres to the United States Foreign Corrupt Practices Act (the “FCPA”), which prohibits giving or promising money or items of value to any foreign official (foreign government official, political party or candidate, or public international
EMPIRE STATE REALTY TRUST: 2023 SUSTAINABILITY REPORT
Made with FlippingBook - Online magazine maker