Governance

Board of Directors

Ethics, Policies and Practices

Kirby is committed to the highest ethical standards across the Company and its supply chain.

BUSINESS ETHICS GUIDELINES

9

Kirby is committed to doing business
the right way or “The Kirby Way”

9

All Kirby directors, executives and
employees are required to sign and
uphold the Business Ethics Guidelines

9

Guideline topics include: Equal
Opportunity, Discrimination and Sexual Harassment, Respecting Human Rights, Anti-Corruption, Financial Accountability, Political Activities, Social Media, etc.

9

Kirby does not tolerate any retaliation against employees for reporting a violation of law, rule, regulation, or the Guidelines

9

More than 3,500 training courses
completed on Business Ethics and
Foreign Corrupt Practices Act in 2020

VENDOR CODE OF CONDUCT

9

In 2020, Kirby implemented stronger
guidelines for our suppliers which
were designed to help ensure
responsible product sourcing and the safety and well-being of workers
across the global supply chain

9
Establishes the minimum standards that must be met by any supplier that sells goods to or does business with Kirby regarding:

– Treatment of workers
– Workplace safety
– Impact on the environment
– Ethical business practices

HUMAN RIGHTS

9
Kirby is committed to ensuring a work environment that is free from:

– Human Trafficking
– Forced Labor
– Harmful Child Labor
– Discrimination and Harassment

9
Workers are to be adequately compensated and provided a safe and healthy working environment
9
Employees are to always respect the human rights of those with whom they work with and come into contact
9
Employees are to encourage partners, suppliers, and other third parties to adopt similar standards with respect to human rights

To learn more, please visit the Governance section of our website at investors.kirbycorp.com

Cybersecurity and Data Privacy

GOVERNANCE

9

Kirby senior management briefs the board quarterly on information security matters.
‒ Steering Committee: Meets at a minimum quarterly to discuss overall approach, manage priorities and ensure progress
‒ Audit Committee: Receives a Cybersecurity update quarterly

PROACTIVE DEFENSE

9
Managed Detection and Response: Professional service to monitor the network and respond to intrusions on 24/7 basis
9
MultiFactor Authentication
9
Monthly vulnerability management program for critical and high security patching
9
Anti-phishing solution for emails
9

The Company has not experienced an information security breach in the last three years.

EMPLOYEE EDUCATION & TRAINING

9

Training: Security awareness program utilizing weekly tips and training
‒ ~1,700 employees completed cybersecurity awareness training in 2020
‒ All employees will be required to complete annual cybersecurity training in 2021

9
Testing: Perform monthly phishing scam tests with associated real-time training
9
Education: Cybersecurity Director speaks at monthly operations meetings to raise awareness and educate on current topics

Stakeholder Engagement & Participation

The ESG Team actively engages with a variety of stakeholders to best understand and address the most pressing ESG matters. Some of the stakeholders are listed below.