The Enterprise Risk Management (ERM) Program at Equinix is designed to drive the identification, assessment, management, monitoring and reporting of key business risks, including ESG risks. Our ERM process incorporates guidelines and best practices from the ISO 31000 standard (Risk Management – Principles and Guidelines) and the COSO standard (Enterprise Risk Management – Integrating with Strategy and Performance).
Our Risk Management Practices are managed by our VP, Global Risk and Security with support from the VP, Business Assurance Services.
To identify and assess emerging risks, we conduct periodic surveys and interviews with key business process owners. While sustainability impacts have not yet been identified as a key ERM risk, the outcomes of our sustainability materiality assessment are another input in our overall risk assessment processes. Equinix uses a standard risk assessment template to assess key risks and controls applicable to each risk component. Key risks are communicated to the Board and the Governance Committee receives quarterly updates on the identified key risk topics. Key risk topics may include business continuity and disaster recovery planning, human capital challenges, cybersecurity and regulatory compliance as appropriate. Equinix’s risk reporting structure enables our internal teams to maintain ongoing monitoring of the status of key risks and mitigation effectiveness.
Equinix aims to take reasonable/appropriate precautions to detect and respond to incidents before they develop into unplanned interruptions. Equinix remains committed to ensuring a safe and secure environment for our employees, contractors and visitors, while maintaining the continuity of our business operations. Our Business Continuity Program Office (BCPO) consists of four components:
The BCP is sponsored by the company’s Chief Financial Officer and is governed by the BCP Executive Steering Committee, consisting of Equinix executives and subject matter experts who meet at least quarterly. The Executive Steering Committee maintains visibility over BCP activities, receives regular updates/reports regarding program progress and testing results, and provides program direction and support. BCP matters are further discussed at the Board Governance Committee as needed.
As part of Equinix’s BCP, each IBX® data center has a documented Business Recovery Plan which contains site-specific information about how to manage identified risks and outlines response procedures, mitigation and recovery measures. These plans are tested, reviewed and signed off annually or more frequently as needed.
Equinix has obtained ISO 22301 Business Continuity Management Certification for our EMEA and Brazil operations and plans to obtain this certification for our global operations in the next year. We believe that our BCP is critical to minimizing operational, financial and reputational impacts when unexpected events such as cyberattacks, global pandemics and natural disasters occur. The events of 2020 further highlighted the importance and the strength of our robust BCP as Equinix was able to use the BCP as one of many tools to help address impacts to the company that resulted from the COVID-19 pandemic.