Protecting and Securing Our Assets
Protecting our people and securing our assets are the goals of our security and cybersecurity programs. We monitor our onsite locations and IT infrastructure and network systems consistently for safety and security across our assets.
Physical Security
Our on-site security personnel include Chesapeake employees as well as third-party partners, many of whom are off-duty law enforcement officers. These security team members have established relationships with local first responders, as well as state and federal officials, for a joint approach to keeping Chesapeake sites and surrounding communities safe. All employees and contract security personnel are bound by our Code and compliance to our Human Rights Policy.
Site personnel (whether employees or contractors) must abide by our policies governing health, environment, safety and human rights. These policies and procedures prohibit the possession or use of weapons, drugs or alcohol on company property and other undesirable or illegal workplace behaviors including money laundering and the financing of terrorism. Any employee or partner not following these policies, or otherwise threatening the safety of our operations, will be removed.
Our areas of operations are regulated by U.S. law, mitigating material risks related to security threats, terrorism or armed conflict, and company attacks.
Managing Cybersecurity Risks
Information technology touches all aspects of our operations and cybersecurity risks continue to evolve. We understand these risks and are proactive about the security of our assets and the welfare of our employees. Through a comprehensive protection and defense strategy, we continue to improve upon an extensive framework of controls to detect, identify and protect against potential cyberattacks.
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and information. We integrate our cybersecurity risk management program into our overall enterprise risk management program, and share common methodologies, reporting channels and governance processes that apply across other risk areas within our ERM program.
Our Board considers cybersecurity risk as a critical part of the enterprise and has delegated it to its Audit Committee. Our Audit Committee oversees management’s implementation of our cybersecurity risk management program and receives quarterly updates from management on cyber threats, potential vulnerabilities and the proactive security programs in place to protect our operations. In addition, management updates our Audit Committee, as necessary, regarding any material cybersecurity incidents.
Cybersecurity Protection Layers
Network and Application Security
Protecting company networks and applications from attack and inappropriate access
Data Protection
Preventing data breaches and ransomware attacks through security layers and threat hunting
Risk and Compliance
Managed as an enterprise risk, accountable to top company leadership
Identity and Access Management
Protecting the attributes of individual digital identities
Incident Response and Business Recovery
Cohesive planning to respond quickly and minimize impact
Cybersecurity Awareness
Training employees and contractors to help prevent cyber events
