The Company is dependent on various information technologies to conduct its business, monitor the production of its generation facilities, the remote monitoring and controlling of its assets, communicating with regulatory agencies, energy markets and customers, financial management and human resource systems, amongst others. The Company mitigates Information Security & Cybersecurity risks by including third-party information security risk by selecting established and proven technology with reliable partners, working with external consultants to perform external assessments and implementing recommendations from assessments such as maturity analysis and penetration testing.
The Company has begun to align its practices to the National Institute of Standards and Technology?s Cybersecurity Framework. We continue to introduce policies and carry out training campaigns to ensure Information Security and Cybersecurity form part of our day-to-day work. In addition to frequent simulated phishing campaigns, the Company?s information security program includes a variety of relevant topics such as remote access security, ransomware/malware, etc. Polaris also creates awareness through campaigns communication via the internal bulletin, announcement boards, etc.
In the past three years, the Company has not experienced an information security breach and recognizes the need to continuously monitor and improve, reflecting the everchanging environment. The HR & ESG Committee in its oversight over the Corporation?s Information Security & Cybersecurity practices, receives quarterly updates on information security matters.
