People
Policies
Pactiv Evergreen has developed, implements, and maintains written information policies, processes, and controls to detect, respond to, mitigate, and recover from cybersecurity events that are not prevented. These technology and security policies and procedures set forth certain administrative, technical, and physical safeguards that are designed to protect the company’s information technology assets and data, and by which all employees are expected to abide.
Training
Pactiv Evergreen provides numerous training programs designed to mitigate risk by helping users understand the role they play to combat information security breaches and strengthen user knowledge on information security-related issues. Awareness trainings such as the monthly Cybersecurity newsletter publication, periodic simulations, and required training help users understand risks and identify potential attacks they may encounter as they receive email and use the internet.
Whistleblower Procedures
Pactiv Evergreen has a published Whistleblower policy for reporting concerns related to accounting, auditing, ethical violations or other concerns without fear of dismissal or retaliation of any kind. Included are established procedures for the receipt and handling of complaints, including those submitted by employees and other interested parties. Employees with concerns may report their concerns to their direct supervisor or the Chief Legal Officer, or on a confidential or anonymous basis to the Chief Legal Officer or to a hotline.
Security Roles and Responsibilities
A Cybersecurity Steering Committee exists to provide executive engagement, oversight and responsibility with respect to protecting Pactiv Evergreen’s information assets and operations. The focus of the Steering Committee is to assist Pactiv Evergreen’s Board in overseeing the protection of Pactiv Evergreen’s information assets and operations. The Steering Committee ensures the alignment of the information security strategies with the business objectives.
A Cybersecurity Working Group exists to support the implementation and rollout of cybersecurity programs and projects. The Working Group maintains the currency and compliance of policies and champions cyber awareness across the enterprise.
The Cybersecurity Team is staffed with appropriately skilled individuals across disciplines – Security Operations, Compliance and Architecture - and works in close collaboration with the business and IT departments.