OPERATIONAL EXCELLENCE
CUSTOMER-CENTERED INNOVATION
DATA SUMMARY
GRI INDEX
INTRODUCTION
PEOPLE-FIRST CULTURE
GOVERNMENT RELATIONS AND ADVOCACY S&C’s government relations team monitors legislation and regulations affecting our industry, conducts policy analysis, and leads educational outreach to third-party stakeholders. Led by the government affairs vice president, the team monitors and engages in legislative and regulatory efforts at the federal, state, and local levels, including tracking federal funding initiatives for grid modernization. S&C maintains relationships with key advocacy groups to support our government relations efforts. These groups include: • Advanced Energy United (AEU) • American Public Power Association (APPA) • Edison Electric Institute (EEI) • Employee-Owned S Corporations of America (ESCA) • The ESOP Association (TEA) • GridWise Alliance • National Association of Manufacturers (NAM) • National Electrical Manufacturers Association (NEMA) • National Rural Electric Cooperative Association (NRECA) ENTERPRISE RISK MANAGEMENT Our Enterprise Risk Management (ERM) program identifies, assesses, and manages internal and external business risks to support effective decision-making and drive business performance. Cybersecurity risk is integrated into our broader ERM framework and subject to board-level oversight.
Executive Leadership Team Under the direction of the board, S&C’s executive leadership team sets and executes our corporate strategy to provide long-term value for our team members and customers. The executive leadership team creates the roadmap for innovation, accountability, and continuous improvement in line with business strategy and sustainability objectives.
CYBERSECURITY S&C’s cybersecurity program governs the handling, storage, and disposal of digital business information to protect our operations, sensitive data, and team member and customer information. The board reviews cybersecurity strategy and risk matters on a quarterly basis. The Corporate Cybersecurity Council, with senior leadership representation, meets monthly to evaluate our cybersecurity strategy, key risk indicators, and emerging threats. Our Information Technology Risk Management (ITRM) team oversees day-to-day cybersecurity. All team members are required to manage private and confidential information in accordance with our documented policies and applicable laws and regulations. Personal and sensitive data relating to S&C, our team members, customers, suppliers, and contractors must be safeguarded and used for authorized business purposes only. Those with internet and email access are required to complete cybersecurity awareness training, with additional role-based training provided as appropriate. In 2025, we obtained our International Organization for Standardization (ISO) 27001 certification, validating the maturity of our policies and information security management system (ISMS). We also significantly progressed our efforts in continuous improvement by enhancing key security controls and strengthening access governance through a privileged access management initiative for critical roles.
S&C’S GOVERNANCE POLICIES • Purpose, Vision, Mission, Values, and Guiding Principles • Required Ethical Standards, Code of Business Conduct • Supplier Code of Conduct • Quality Policy • Environmental Policy
S&C 2025 Sustainability Report 6
Made with FlippingBook - Online catalogs