Governance

Ethics, Policies and Practices

Kirby is committed to the highest ethical standards across the Company and its supply chain.

BUSINESS ETHICS GUIDELINES

9
Define Kirby’s commitment to doing business the right way, or “The Kirby Way”
9
Serve as a guide for employees, officers, directors, contractors, and suppliers to understand the type of behavior expected
9
Topics include: Equal Opportunity, Discrimination and Sexual Harassment, Respecting Human Rights, Anti-Corruption, Financial Accountability, Political Activities, Social Media, etc.
9
Kirby does not tolerate any retaliation against employees for reporting a violation of law, rule, regulation, or the Guidelines

VENDOR CODE OF CONDUCT

9
Corporate integrity, responsible product sourcing, and the safety and well-being of workers across the global supply chain are of paramount importance to Kirby
9
Establishes the minimum standards that must be met by any supplier that sells goods to or does business with Kirby regarding:

– Treatment of workers
– Workplace safety
– Impact on the environment
– Ethical business practices

HUMAN RIGHTS

9
Kirby is committed to ensuring a work environment that is free from:

– Human Trafficking
– Forced Labor
– Harmful Child Labor
– Discrimination and Harassment

9
Workers are to be adequately compensated and provided a safe and healthy working environment
9
Employees are to always respect the human rights of those with whom they work with and come into contact
9
Employees are to encourage partners, suppliers, and other third parties to adopt similar standards with respect to human rights

Cybersecurity and Data Privacy

GOVERNANCE

9
Steering Committee: Meets quarterly to discuss overall approach, manage priorities and ensure progress
9
Audit Committee: Receives a Cybersecurity update quarterly

PROACTIVE DEFENSE

9
Managed Detection and Response: Professional service to monitor the network and respond to intrusions on 24/7 basis
9
MultiFactor Authentication
9
Monthly vulnerability management program for critical and high security patching
9
Anti-phishing solution for emails

EMPLOYEE EDUCATION & TRAINING

9

Training: Security awareness program utilizing weekly tips and training

9
Testing: Perform monthly phishing scam tests with associated real-time training
9
Education: Cybersecurity Director speaks at monthly operations meetings to raise awareness and educate on current topics