Information security is a top priority.
Dril-Quip's Information Security Policies establish standards for securing our information assets and allows employees to understand their responsibilities. These policies safeguard our information assets against theft, misuse, and unauthorized disclosure. We have a responsibility to comply with our policies to keep our information assets secure. The appropriate policies, controls, and technology will be implemented to safeguard our information assets and to reduce the risk and the impact of potential threats to our business.
Security Monitoring and Response
We have 24/7 cyber security monitoring and response services to help ensure Dril‐Quip® stays secure. Our services monitor our environment to detect malicious activities, assist in protecting, and to perform threat hunting for proactive measures.
All employees are responsible for ensuring our computer systems and other technical resources are used appropriately. The computer systems provided by Dril-Quip are only intended to be used for the purpose of conducting business. We secure our employees' computers and our firewalls with threat prevention software and perform regular vulnerability scanning to remediate any weaknesses.
Dril-Quip routinely logs and monitors electronic activities of employees. We reserve the right, at our discretion, to review any employee’s electronic files and messages to the extent necessary to ensure electronic media and services are being used in accordance with company policy. This includes, but is not limited to, computers, firewalls, mobile devices, and industrial systems. Upon separation, an employee’s access is removed during the offboarding process.
All employees' internet browsing in the office is monitored for unauthorized use of company data. We follow security best practices around encryption to protect our data. Data stored and in transit is encrypted. All data on employee laptops are encrypted to prevent data loss in event of a laptop being stolen. All new employees are required to complete cybersecurity awareness training during the onboarding process. Regular trainings and awareness communications on email security and phishing are conducted with our user base.
All access to corporate systems, resources and applications is controlled through the Information Technology Department. Only access required to perform the employee's job is granted. Elevated access to computer systems or applications is extremely limited and only approved if absolutely required to support the business.
Employee remote access to Dril‐Quip® is secured and monitored to ensure we stay safe. Dril-Quip is utilizing Single Sign‐On to improve security and allow central management of user accounts. We secure its supply chain with a vendor management program that evaluates the security strategies of our vendors.