Equinix leads the way with integrity and purpose because of our unwavering commitment to strong governance principles. To maintain trust with Equinix’s stakeholders, it is essential to closely monitor and manage key business risks. To enhance our procedures for identifying and mitigating risks, we have established ongoing processes that allow us to regularly collaborate with stakeholders from both within the company and outside.
The foundation of risk oversight at Equinix is our Governance, Risk and Compliance Committee (GRCC), led by our Chief Compliance Officer and overseen by the Nominating and Governance Committee of our Board. The GRCC is a global, cross-functional group currently composed of our most senior leaders across functions such as Legal, Compliance and Risk Management. The GRCC considers enterprise and emerging risks via Equinix’s Enterprise Risk Management (ERM) program). Our ERM program focuses on the identification, assessment, management, monitoring and reporting of key business risks. Risk identification involves periodic risk surveys and/or risk interviews with key business process owners and executives to identify key strategic, operational, financial, regulatory, compliance and external risks at the enterprise level. We completed a global risk assessment in 2023 to identify enterprise risks. In addition, the ERM program also includes an Emerging Risks Team of business leaders at Equinix; representing a majority of business functions, the team meets monthly to identify fast-moving, potentially impactful risks.
The GRCC prioritizes top enterprise and emerging risks for reporting to and dialoguing with our executive team at least quarterly, and from this discussion, risks are presented to the Nominating and Governance Committee to consider for further assessment and reporting either to a committee or the full Board, as appropriate.
The ERM program works with those responsible for a given area of risk to gather, evaluate and prioritize risk information for this assessment process through the use of an enterprise risk profile document. Top risks, including those related to ESG, are evaluated through a detailed risk assessment, and the risks are reexamined periodically as needed.
At our IBX® sites, we take a hands-on approach to risk management at individual locations. Our approach aims to ensure that locations establish consistent procedures for identifying local risk exposures and implementing protective measures for both teams and sites. All sites have incident response and business recovery plans in place to respond swiftly to shifting circumstances and unforeseen events.
Our Board and its committees oversee various aspects of the company’s risks, including operational, strategic, financial and regulatory risks. This oversight is essential to support Equinix in achieving its organizational and strategic objectives, protecting the company and enhancing shareholder value. The Nominating and Governance Committee oversees our GRCC program per its charter, reviewing and considering developments related to the GRCC program and reporting on its activities and recommendations to the full Board.
Our ERM process incorporates guidelines and best practices from the ISO 31000 standard (Risk Management – Principles and Guidelines) and the COSO standard (Enterprise Risk Management – Integrating with Strategy and Performance). As we grow and expand our operations, we have continued to look for opportunities to enhance our ERM processes and incorporate risks associated with the diverse geographic footprint in which we operate.
To stay informed and identify top risks, we periodically survey management-level employees. We also assess key risks and controls using a standard risk assessment template that covers topics such as business continuity and disaster recovery planning, human capital challenges, supply chain, data privacy, cybersecurity, water-related emergencies and regulatory compliance.
Equinix’s Annual Report on Form 10-K further details our company’s risks.
Equinix remains committed to ensuring a safe and secure environment for our employees, contractors and visitors while maintaining the continuity of our business operations. Equinix’s Business Continuity Program Office (BCPO) uses a standardized methodology to detect and respond to incidents to proactively respond to unplanned interruptions, cyber events and any other incident with the potential for severe business impact. The BCPO is continually evolving to incorporate more mature processes and integrate regional differences. Our BCPO has four components:
Guideline in place to respond and protect lives and facilities when a building is impacted
Strategies a management team can apply during a disaster to recover all components of the business
Plan for a specific department/IBX to recover its unique critical processes
Ability to recover technology infrastructure in the event of an IT failure or disruption
Sponsored by the EVP, Global Operations and governed by the BCP Executive Steering Committee, the Business Continuity Program Office (BCPO) consists of Equinix executives and subject matter experts who meet at least quarterly. The Executive Steering Committee maintains visibility over BCP activities; receives regular updates/reports regarding program progress and testing results; and provides program direction and support. BCP matters are further discussed at the Board Nominating and Governance Committee as needed.
We continue to enhance our response capabilities to address unforeseen interruptions or events. In 2023, we performed a cybersecurity incident response exercise with regional crisis management teams to practice our response and test our communication capabilities with customers and other stakeholders.
Case Study
Every IBX site has a documented Threat and Risk Assessment as well as a Business Recovery Plan that contains site-specific information for managing identified risks, including response procedures, mitigation strategies and recovery measures. These plans undergo annual testing, review and approval, with more frequent updates as necessary. We also monitor evolving circumstances and develop additional response processes as required.
In 2023, we took additional steps to improve site preparedness in response to the increased occurrence of civil unrest and severe weather. We developed specialized checklists to address the unique requirements of these two types of events. These checklists empower our site managers to prepare for such events beforehand and respond effectively during emergencies. We also performed site-specific tests of severe weather preparedness plans, using standardized exercises for the drill, trigger and output, allowing us to audit the results and extract valuable insights that can benefit all our global sites.
Equinix recognizes the importance of improving and elevating our climate risk management practices. Our Environmental Sustainability and Global Climate Change Policy details how we manage our environmental footprint, drive our climate strategy, pursue resource efficiency and report on progress toward our sustainability goals. Our goal is to embed climate change risk management into our business operations wherever possible and appropriate. We work with Accounting for Sustainability (A4S), an organization that aims to inspire the rapid integration of social and environmental considerations into business strategy and operations.
As part of our broader risk management strategy and business continuity program, we conduct threat and risk assessments at each of our IBX data centers. The assessment considers environmental events such as wildfires, flooding, high winds and drought, identifying corresponding mitigation strategies. We track the assessment results and refer any inadequately mitigated risks back to the site for additional work. We use a Global Design Standard to build in mitigation techniques during the construction process for sites exposed to flooding and wind events.
To thoroughly assess risks to our business and IBX data centers, we model physical and transition risks across multiple climate change scenarios and time horizons. This process helps us evaluate how risks may evolve and identify the onset of changes in risk. In 2023, we used the outcomes from our Task Force on Climate-Related Financial Disclosures (TCFD)-aligned climate risk scenario analysis to understand the future costs of carbon across our portfolio and to guide Equinix’s decarbonization strategy. In addition, we employed water risk metrics to identify the best cooling technologies to utilize in the design and build process for our IBX sites.
Alignment with TCFD
Equinix supports the aims of the TCFD to improve transparency concerning climate risks in financial reporting. We believe our current sustainability report aligns well with TCFD guidance and intend to continue building our strategy around, and reporting to, this framework.
Our full TCFD disclosure can be found HERE.