Board Oversight of Strategy
The Board of Directors believes that it is important to be deeply involved in overseeing and reviewing Cienas short- and long-term strategy. The
Board oversees and reviews Cienas long-term strategic plan, annual operating plan, and strategy and approach toward ESG matters. Because employee engagement, development and retention are critical elements of our strategy, the Board annually
reviews our people strategy: a comprehensive overview of compensation, benefits, support for employees, growth and development opportunities, and inclusion and diversity. Strategy-related matters are discussed regularly at Board
meetings, as well as at the committee level when appropriate. Such matters include:
|
❖ |
Long-term financial targets |
|
❖ |
Three-year strategic plan |
|
❖ |
Annual financial and operating plan |
|
❖ |
Key functional strategic initiatives |
|
❖ |
Corporate development and strategic transactions |
|
❖ |
Alignment of executive compensation with strategic and operating goals |
|
❖ |
Human capital, talent management strategy and succession planning |
Board Oversight of Risk
The Board of Directors believes that risk management is an important part of establishing, updating and executing Cienas business strategy. The
Board, as a whole and at the committee level, has oversight responsibility relating to risks that could affect our corporate strategy, business objectives, compliance, operations and financial condition and performance. The Board focuses its
oversight on the most significant risks facing Ciena and on its processes to identify, prioritize, assess, manage and mitigate those risks.
Since
2020, the Board has played an important oversight role in Cienas business continuity planning, decision-making and execution in the face of the COVID-19 pandemic and its resulting impact on a wide range
of conditions affecting our industry, business and people. This has included overseeing the management by our executive team of risks relating to employees and benefits, health and safety, research and development, supply chain, services and
fulfillment, IT operations and financial controls.
The Board also annually reviews and considers Cienas long-term strategic plan, its annual
financial and operating plan, and its enterprise risk management program. The Board and its committees also receive regular reports from members of senior management on areas of material risk to Ciena, including strategic, operational, financial,
information security, legal and regulatory risks. While the Board has an oversight role, management is principally tasked with direct responsibility for management and assessment of risks and the implementation of processes and controls to mitigate
their effects on Ciena.
The Boards leadership structure, with a Lead Independent Director, separate Executive Chair and CEO, independent Board
committees with strong Chairs, the active participation of committees in the oversight of risk, and open communication with management, supports the risk oversight function of the Board. Each standing committee of the Board has risk oversight
responsibilities and provides regular reports to the Board on at least a quarterly basis, as more fully described below under Composition and Meetings of the Board of Directors and its Committees.
Cybersecurity and Data Privacy
As part of the
Boards oversight of risk management, the Board devotes time and attention to cybersecurity and data privacy related risks, with the Audit Committee responsible for overseeing cybersecurity, data privacy and information technology related
controls, policies and other efforts to mitigate such risks. As part of its standing agenda, the Audit Committee receives regular quarterly updates on information security risks and programming from members of senior management, including our Chief
Information Security Officer, who reports to our Chief Financial Officer. These updates have included reviews of our cybersecurity risk management efforts including the development of relevant processes and policies, the implementation of
technologies, systems or use of third party partners to safeguard our systems environment, the conduct of education and training initiatives with employees and business partners, and incident response preparedness, including simulations and tabletop
exercises. The Audit Committee regularly updates the Board on such matters, and the Board also receives updates, not less than annually, from our Chief Information Security Officer on information and cybersecurity risks and related programming. In
addition, we conduct employee security awareness training, including ongoing regular phishing detection exercises and awareness initiatives, throughout each year. We also maintain an information security risk insurance policy as part of our risk
management efforts, and regularly engage and collaborate with peers, industry groups and governments relating to cybersecurity risk management and the evolving threat environment.
|
|
|
24 |
|
2023 Proxy Statement |