Corporate Social Responsibility Statement

Updated October 26, 2022

Introduction

BitSight Technologies, Inc. and its wholly owned subsidiaries (collectively “BitSight”) provides actionable cybersecurity risk information and insights to companies, insurers, enterprises, and governments. Through that work and in addition to it, we believe that we have a responsibility to help the community, our employees, and the planet. For BitSight, corporate social responsibility means conducting business in an ethical manner, helping to protect the environment, supporting human rights, and respecting and learning from the communities in which we work.

BitSight, our employees, and those acting on our behalf should engage in the highest standards of ethical and transparent business practices and must comply with all applicable laws and regulations. In support of this, we have adopted the statement set forth below to assist employees, partners, and suppliers in driving compliance with our corporate social responsibility standards.

Business Practices & Ethics

BitSight is committed to following the highest standards of corporate practices and integrity in our operations, and we conduct business in an open, honest, and ethical manner. We engage all stakeholders, customers, employees, governments, and others clearly, honestly, and respectfully with timely and meaningful dialogue.

We comply with all applicable anti-bribery and anti-corruption laws. We do not provide business courtesies—such as gifts, entertainment, or other hospitality, or other things of value—to public officials or business contacts for the purpose of rewarding a person for performing a function or activity that he or she is otherwise required to perform, or for rewarding the improper performance of a function or activity.

Our Code of Conduct and Ethics and Vendor Code of Conduct outline our rigorous ethical expectations for our employees, contractors, vendors, and business partners.

Workforce Diversity/Equal Employment Opportunity

We are committed to a policy of equal employment opportunity and workforce diversity. We do not discriminate in employment on the basis of race, color, religion, sex, national origin, political affiliation, sexual orientation, gender identity, marital status, disability and genetic information, age, veteran status, membership in an employee organization, or other non-merit factors. We provide reasonable accommodation to applicants and colleagues with disabilities where appropriate (including within the application and hiring process). We take proactive steps to minimize unconscious bias in job interviews, and establish skill-based job qualifications whenever possible, in order to attract more diverse candidates.

In addition, BitSight encourages employees to learn about cultural diversity in the workplace through cultural and intelligence sessions that explore different cultural norms around the world.

Our suppliers are expected to likewise support a commitment to diversity and equal employment opportunity, to take steps to reduce harassment, and to support the engagement of diverse suppliers in the production of the products and services that BitSight purchases.

Labor Practices & Supply Chain

BitSight denounces all forms of forced labor including slavery and human trafficking. We will not tolerate the use of child or forced labor in any of its operations and facilities and forbid exploitative working conditions. We will not tolerate the exploitation of children, their engagement in unacceptably hazardous work, and the physical punishment, abuse, or involuntary servitude of any worker.

We comply with applicable age, hour, minimum wage, and overtime laws. We expect our suppliers to uphold these same standards and to conduct reasonable due diligence procedures for their own suppliers, subcontractors, and others in their supply chain, and promptly notify BitSight upon becoming aware of any actual or suspected breach of any slavery-related laws. If violations become known to BitSight and are not promptly corrected, BitSight will discontinue the business relationship.

In addition, BitSight is establishing a diverse supplier program in the United States to provide greater opportunity to minority and women owned businesses.

Charitable Giving and Volunteering in the Community

BitSight has a corporate social responsibility program called BitSight Cares. BitSight Cares is dedicated to organizing activities that support local communities and the world at large. These activities include fundraising efforts, volunteering, teaching, and spreading awareness. BitSight Cares supports a variety of organizations and causes within three pillars: Education & Digital Literacy, Environment & Animals, and Human Services.

In addition, BitSight is committed to helping developing economies and humanitarian organizations by offering free cybersecurity products and services to economically challenged countries and charitable organizations. BitSight’s platform gives developing countries insight into current cybersecurity challenges and can help identify what interventions to prioritize for maximum impact. Our suppliers are likewise encouraged to commit to give back to their local communities and the world at large.

Location Independence & Employee Health

To reduce our environmental impact relating to commuting, and to allow a more flexible work environment for employees, BitSight allows remote work. BitSight is also committed to providing a safe and healthy working environment to all employees who choose to come to an office.

In addition, BitSight is committed to supporting access to safe and high-quality healthcare for employees and their families for both physical and mental health. BitSight offers regular “My Days,” which are days off to allow employees to rest, relax, and care for themselves. BitSight also offers a stipend for employees to spend on wellness and mental health care.

Sustainable Procurement and Environmental Footprint

We are proud to be a technology firm that advances environmental sustainability by embracing the use of cloud computing for efficient data processing and scalable data storage, and by distributing our SaaS offerings and intelligence products almost exclusively in electronic format.

Our company headquarters in Boston is located in a LEED Gold certified office building. Further, we offer a recycling and composting program (minimal waste is delivered to landfills from our headquarters) and automatically turn off workstations and lights after business hours. In our kitchens, we use reusable cups and mugs, to avoid the use of single-use paper and plastic products.

We also offer an e-Waste collection program where employees can dispose of the electronic products they no longer use and they will be reused, refurbished, or recycled. BitSight endeavors to donate obsolete computers and other technology to schools or other organizations that can use them, keeping them out of landfill.

In our facilities, we strive to use sustainable construction materials and products. We expect our suppliers to also be committed to measuring, managing and reducing the environmental impact of their operations, as well as to sustainable practices.

Data Privacy & Information Security

Protecting our customers’, employees’, partners’, and our own valuable information is key to our business. BitSight’s security practices are designed to protect that data.

BitSight performs data shredding to delete obsolete data, both to allow our computer systems to work more efficiently, and to adhere to the privacy principle of data minimization by only storing data necessary for business purposes.

BitSight likewise employs stringent information security measures to avoid misuse or disclosure of personal data received from customers, vendors, contractors, and other third parties. These include obtaining a SOC 2 certification for its own business systems, being a member of the EU-U.S. Privacy Shield program, adhering to GDPR with respect to personal data collected from European Economic Area residents, and receiving and maintaining APEC CBPR and APEC PRP certifications. We expect our suppliers to likewise adhere to high standards of data protection and privacy.

BitSight also conducts rigorous information security vetting prior to entering a business relationship with an entity that may have access to BitSight’s or its customers’ confidential information, including personal data. We likewise expect our suppliers and all business partners to protect BitSight’s confidential information, use confidential information solely for the purposes for which it is provided under the relevant agreement, and notify us of any improper disclosure of confidential information of which they become aware. Disclosure of BitSight’s confidential information is strictly prohibited.