We know the reputation of our company and our services is critical to our success. Stem is committed to always acting with integrity in every facet of our operations.
Our company leadership drives our sustainability programs and goals, with all employees playing a critical role in developing and achieving our environmental and social ambitions. The Nominating, Governance, and Sustainability Committee of our Board of Directors, as stated in its charter, oversees and makes recommendations to the Board regarding sustainability matters relevant to our business, including policies, activities, and opportunities.
We are guided by our Code of Business Conduct and Ethics that applies to our company and our subsidiaries. Our Board of Directors has ultimate oversight for our business ethics and compliance programs, with our Compliance Officer holding day-to-day responsibility for administering our compliance programs. We use technology and automated tools to monitor and report on compliance matters. All employees receive training on our ethics and anti-corruption policies and programs when they join the company and receive regular continuous training on our anti-corruption policies and must certify annual compliance with our Code of Business Conduct and Ethics.
To help promote compliance, we maintain a whistleblower program. It offers anonymous, 24/7 reporting of any ethical concern directly to the Audit Committee of our Board of Directors, with information and contact details provided in our Code and on our company intranet. All reported incidents are tracked in a database and investigated until resolved.
The security and privacy of our partners, customers, and products is paramount. Throughout the entire product lifecycle, from design to customer use, Stem’s team of engineers, specialists, and partners strive to make the most secure products possible. Stem applies a zero-trust network access (ZTNA) where access is granted on a tightly defined, “need-to-know” basis. We utilize third-party managed detection and response solutions that give us a 360-degree view of the security of our energy storage systems and provide 24/7 real-time monitoring.
Stem has implemented a Cybersecurity Risk Management Program that’s grounded in National Institute of Standards and Technology (NIST) Best Practices and Guidelines and overseen by our board and executive team. We practice what’s called “defense in depth,” using various layers of protection to maintain data security. We use a leading third party to provide comprehensive, independent, and layered security audit and compliance functions on an annual basis.
Stem has attained the Association of International Certified Professional Accountants (AICPA) System and Organization Controls 2 (SOC2) for achieving compliance of suitably designed and operating system controls and assurance. We also constantly track developments like the cybersecurity framework guidelines from the International Standards Organization (ISO), International Electrotechnical Commission (IEC), and Cybersecurity Maturity Model Certification (CMMC) from the U.S. Department of Defense.
All employees receive continuous training on cybersecurity and privacy, with supplemental micro-training targeted to employees in specific roles.
Q&A with Stem’s Head of Cloud Operations & Security, Parminder Sahi
Stem’s Continued Commitment to Equality