PROTECTING RYDER AND CUSTOMER ASSETS
In today’s world, managing the potential risks that could negatively impact business operations—such as those related to criminal activity, natural disasters, data breaches, or the wrongful use of company assets—is more important than ever.
At Ryder, our highest priority is to mitigate these risks in order to provide safe and secure supply chain solutions for our customers. We can only execute this mission if we implement systems and procedures that protect our people and our assets, ensure our vehicles are used for lawful purposes only, and maintain business continuity for our business and our customers. By maintaining a robust security management system, we are better able to serve and protect our customers while ensuring the integrity of the Ryder brand.
We leverage a cross-functional and layered approach to manage operational risks. Individuals from Physical Security, Cybersecurity, Business Continuity, Legal, Compliance, and Corporate Communications collaborate to monitor and carry out our crisis management planning for our critical processes. Our Group Director of Global Security is responsible for our physical security strategy and ultimately reports to our Chief Legal Officer.
Our Vice President (VP) and Chief Information Security Officer (CISO) oversees our data security program. Our data security team partners closely with our risk, audit, compliance, and legal functions in creating and updating relevant policies, informing and training employees and leadership, and monitoring all data security-related risks. The VP and CISO reports to the Chief Information Officer, who regularly collaborates with other members of Ryder’s Leadership Team and updates the Audit Committee of the Board.
Cross-Functional and Hierarchal Approach
At Ryder, we understand that a chain is only as strong as its weakest link, which is why we regularly evaluate our security measures to identify and strengthen potential weak links. To maintain effective systems, our internal audit group tests our operating controls to support proper development and implementation of applications and to preserve the integrity of programs, data files, and computer operations. In addition, our information security systems are continually audited by third parties, including our customers. We also conduct periodic benchmarks of our security program maturity against the latest global, regional, and industry security standards.
We are recognized as a leader in supply chain security management by both our customers and government partners. U.S. Customs and Border Protection (CBP) randomly audits our various supply chain security certifications to validate that our written plans are being implemented at our global sites engaged in international logistics services. Over the last five years, CBP has conducted five site validations at Ryder locations throughout the world. Of the 350 security items validated at each location, Ryder has achieved an “in compliance” rating on all 350. In addition, CBP has identified and documented 20 industry best practices at Ryder’s facilities.
Crisis Management & Emergency Planning
We maintain business continuity by identifying our greatest risks, based on likelihood and severity of impact, and proactively mitigating potential impacts. To manage these risks, we have implemented emergency procedures and evacuation plans at every Ryder facility across the globe to protect our employees and prepare for any type of potential disruption, including natural disasters, epidemics, terrorist attacks, and/or data breaches. Each Ryder field location maintains a Business Continuity Plan (BCP) based on location, number of employees, and the type of operational processes used at the location. BCPs outline the specific security risks, procedures, resource needs, insurance plans, and network connectivity risks pertinent to the location. Our Field Operations team discusses and promotes these BCPs when leading regular meetings on disaster response. We thoroughly prepare for emergency situations, because the public depends on our ability to sustain a functional supply chain, especially during a crisis. In 2020, the COVID-19 pandemic tested our capabilities and emphasized the importance of a robust supply chain in times of emergency. We will continue to demonstrate resiliency and provide crucial supply chain services during the pandemic to support the well-being of our employees, customers, and communities.
Although we cannot control weather, we can prepare for it. Our position as a technology-driven company, with a focus on big data analytics, improves our readiness and response to sudden changes in weather. With operations across North America and the United Kingdom, our fleet, facilities, and customers are exposed to a variety of natural disasters, including hurricanes, tornados, earthquakes, floods, and blizzards. In addition to implementing emergency and evacuation procedures prior to an event, we leverage technology to inform our approach and enhance our communication before, during, and after an event. We utilize weather software to determine areas most likely to be impacted by a storm or disaster, and then we use this information to strategically and proactively communicate with high-risk facilities on what needs to be done to keep our employees, customers, and communities safe. For example, during hurricane season in Florida, we regularly engage with Miami-Dade Fire Rescue to share best practices and proactively identify how Ryder can support disaster response efforts in the affected areas.
Highlight Story: Response to Mega Disasters
In 2019-2020, there were continued catastrophic events that impacted the United States from coast to coast and other parts of the world. Flooding devastated a number of communities in the Midwest, wildfires continued to rage and destroy within a number of states, and Hurricane Dorian impacted the southeastern U.S. and the Bahamas. Ryder and its employees continue to find ways to coordinate efforts to help in response to these catastrophic events through our preparedness strategies and the funding priorities of the Ryder Charitable Foundation. The company is a Disaster Responder member of the Red Cross Annual Disaster Giving Program, a coordinated corporate giving network, which provides financial aid, supplies, and expertise to prepare and deliver critical aid to disaster sites. Ryder also partners with Feeding America affiliated food banks, local United Way chapters and other charitable organizations to provide aid to those in need.
In the United States, 25% of terrorist attack scenarios investigated by the Department of Homeland Security (DHS) employ trucks or vans as weapons. As an industry, it is paramount that we work together to protect rental assets from errant misuse or illegal activities, keep these assets out of the hands of those who would use them to do harm, and safeguard our neighbors and communities from senseless acts of violence and terrorism. To address these risks, we engage our peers, governments, and industry associations to continuously identify solutions that reduce the risk of illegal use of transportation vehicles across our industry.
We work closely with the Truck Renting and Leasing Association (TRALA) to develop and promote policies that keep our communities safer. TRALA represents the vast majority of truck rental and leasing providers in the United States with more than 500 member companies. Together, the industry purchases nearly 40% of all new commercial trucks in classes 3-8 manufactured in the United States and placed into commercial service. Through TRALA, we collaborate with peers and work continuously with local, regional, and federal law enforcement agencies—including the U.S. DOT, DHS, Transportation Security Administration, and Federal Bureau of Investigation (FBI)—to mitigate potential threats and improve public safety. We continue to adopt the latest safety and security protocols and train our employees on the best practices in asset security.
Supply Chain Security
Our success depends on the security of our own supply chain and our customers’ supply chains that we operate. The exploitation of global supply chains by illegitimate actors such as drug smugglers and human traffickers is not only a threat to the general public, but can also cause significant disruptions to legitimate trade and production. To ensure that these supply chains remain secure, we maintain an extensive supply chain security program across our operations that involve international movement of goods. The program leverages state of the art technologies, documented security policies and procedures, and numerous supply chain security best practices. Our supply chain operations are certified in the U.S. Customs-Trade Partnership Against Terrorism (C-TPAT), Canada’s Partners in Protection Program, and Mexico’s Authorized Economic Operator Program.
Training & Collaboration
Recognizing that our drivers are uniquely positioned to spot human trafficking on the nation’s roadways, Ryder partners with Truckers Against Trafficking (TAT) to provide funding for programs designed to protect victims and to prepare Ryder drivers to save lives. TAT trains all of our drivers to spot and report human trafficking. From 2019-2020, 22,234 Ryder employees have received TAT training, which includes drivers and technicians. In total, the organization has 1,014,367 individuals registered as TAT trained, which has resulted in 2,692 calls made into the national human trafficking hotline, 708 likely cases generated, and 1,296 victims identified. Additionally, Ryder has a representative that serves on TAT’s Board of Directors.
We also regularly meet with officials from CBP to discuss supply chain threats and strategies for mitigating these risks. In 2018, we participated in the Commercial Customs Operations Advisory Committee’s Trusted Trader Subcommittee to update and revise the C-TPAT minimum security requirements, which are now being phased in by CBP. By engaging in conversations related to security in global supply chains and certifying our program, we remain at the forefront of this issue and protect our customers from potential security issues.
It is important the data held by Ryder’s information systems—such as key financial and operations data, employee information, and customer data—remains confidential and secure. As the data use and privacy risk landscape evolves globally, we continue to adapt to rapidly changing regulations, policies, and best practices. We regularly monitor these trends and update our data privacy and information security initiatives, with a focus on threat identification, risk prevention, and employee education.
Our extensive set of policies covering security, privacy, and compliance risks are available electronically to all employees via the Ryder Policy Management System. We refresh these policies annually to ensure they are relevant, targeted to the correct audiences, and include critical components. Our Policy Management System enables us to easily track and verify that the required employees have read and signed off on relevant policies. Through R World, we publish Information Security articles which are accessible to all Ryder employees. Additionally, we conducted a company-wide simulated phishing exercise in 2020 that covered all 17,000 employees with company email.
Our IT Team also conducts assessments of the security systems of any vendor with access to confidential information from Ryder. Our contractual agreements with such vendors include heightened information security protocols and requirements for handling personally identifiable or other confidential information.
Employee education and security awareness are core components of our information security strategy. In 2019 and 2020, we rolled out online information security training to all of our employees worldwide. We plan to continue to roll out tailored information security training to the entire company in 2021, as well as engage employees informally through lunch and learns, company memos, internal articles, and intranet resources to provide employees with additional knowledge and awareness of data security trends and best practices.
Our security team engages with a number of external peer groups, including the FBI partnership group InfraGard. As members of InfraGard, our security team regularly engages in public-private collaboration with government which expedites the timely exchange of information including critical threat intelligence that helps to ensure Ryder stays prepared for and aware of emerging threats. Additionally, our VP and CISO is a member of the Florida CISO community regional governing body and is an active member of the CISO Coalition where Information Security executives from large enterprises collaborate frequently on new and ongoing information security threats. We collaborate regularly with our customers and third party partners at information sharing events, industry conferences, and customer advisory events to ensure alignment on information security threats, latest protection technologies, cybersecurity challenges, and to address information security-related needs and concerns.