To maintain trust with Equinix’s stakeholders, we know that it is critical to closely monitor and manage key business risks. We collaborate with both internal and external stakeholders on an ongoing basis to continuously improve our processes for identifying and mitigating risks.
Managing risks is critical to minimizing operational, financial, and reputational impacts when unexpected events such as cyberattacks, global pandemics, and natural disasters occur. Our holistic pandemic plan, which has been in use since January 2020, has allowed us to respond quickly in the face of constantly changing circumstances and regulations to keep our stakeholders safe and our business operating smoothly.
The Enterprise Risk Management (ERM) program at Equinix is designed to drive the identification, assessment, management, monitoring and reporting of key business risks, including ESG risks. Our ERM process incorporates guidelines and best practices from the ISO 31000 standard (Risk Management – Principles and Guidelines) and the COSO standard (Enterprise Risk Management – Integrating with Strategy and Performance).
Our Risk Management Practices are managed by our VP, Global Risk and Security with support from the VP, Business Assurance Services. Key risks are communicated to the Board and the Nominating and Governance Committee receives quarterly updates on key risk topics. Equinix’s risk reporting structure enables our internal teams to monitor the status of key risks and the effectiveness of our mitigation efforts.
Equinix uses a standard risk assessment template to assess key risks and controls applicable to each risk component. Key risk topics may include business continuity and disaster recovery planning, human capital challenges, cybersecurity, water-related emergencies, and regulatory compliance as appropriate.
We continue to look for opportunities to enhance our ERM process. To identify and assess emerging risks, we conduct surveys and interviews with key business process owners. We work diligently to discuss key risks with respective owners who embed the risk conversation throughout the organization. In 2021, we refreshed our risk list to capture issues that employees are concerned about. Our executive team reviewed the updated risks and shared with their respective teams.
Equinix aims to take appropriate precautions to detect and respond to incidents before they develop into unplanned interruptions. Equinix remains committed to ensuring a safe and secure environment for our employees, contractors, and visitors, while maintaining the continuity of our business operations. Our Business Continuity Program Office (BCPO) consists of four components:
The Business Continuity Program (BCP) is sponsored by the company’s EVP, Global Operations, and is governed by the BCP Executive Steering Committee, consisting of Equinix executives and subject matter experts who meet at least quarterly. The Executive Steering Committee maintains visibility over BCP activities, receives regular updates/reports regarding program progress and testing results, and provides program direction and support. BCP matters are further discussed at the Board Nominating and Governance Committee as needed.
As part of Equinix’s BCP, each IBX® data center has a documented Business Recovery Plan which contains site-specific information about how to manage identified risks and outlines response procedures, mitigation and recovery measures. These plans are tested, reviewed and signed off annually or more frequently as needed. Plans are developed on an as-need basis and include guidance on: Civil Unrest, Severe Injury or Death, and Severe Weather.
In 2021, Equinix obtained ISO 22301 Business Continuity Management Certification for all IBX® data centers globally.