The Committee receives quarterly reports from management on our cybersecurity risks, and also receives, at least annually, a detailed briefing from management on our cyber risk management program’s status including all strategic initiatives. In addition, management updates the Committee, as necessary, regarding potentially significant cybersecurity incidents consistent with written escalation protocols, as well as incidents with lesser potential impact. The Committee members also receive presentations on cybersecurity topics from our Chief Information Officer (“CIO”), who also serves as our Chief Information Technology Architect & Chief Information Security Officer (“CISO”), internal security staff or external experts as part of the Board’s continuing education on topics that impact public companies. The Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cyber risk management program.

Our cybersecurity management team, lead by our CIO, supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and reports produced by security tools deployed in the IT environment. Our CIO reports to the Company’s Chief Executive Officer, as well as to the Board and Audit Committee. The CIO has served as our CISO for four years and has more than 20 years of experience in various roles involving managing cybersecurity functions, developing strategies to protect privacy, customer safety and intellectual property, and developing