Updated as of April 11, 2023
Environmental, Social, and Governance Highlights
Stewardship is at the core of our mission and values. Just as we serve as stewards for critical internet infrastructure – upon which billions of internet users depend – we are also committed to being responsible stewards of our environment, investing in our communities and our people, and evolving our corporate governance practices. This commitment is reflected in our Environmental, Social and Governance (“ESG”) priorities.
We believe that taking responsible actions in our priority ESG areas enhances our ability to perform our mission in the near and long term, which contributes to our business success. To help identity those priorities, we completed an ESG assessment that considered input from various internal and external stakeholders, including employees, stockholders and customers, and mapped their input against the Company’s assessment in alignment with the SASB Standards to develop priority topics of concern for our business. We have prioritized these topics in our ESG strategy to focus our resources and to develop our ESG related goals.
Our current ESG priority topics in alphabetical order are:
Board and Executive-level ESG Oversight and Management
- Verisign Cares is our philanthropic and charitable program through which we seek to make a positive and lasting impact on the communities where we live and work and support meaningful social action to address issues that confront the world.
- In 2022, Verisign made $1.35 million in direct charitable contributions. We supported food banks, community groups, and organizations providing relief efforts in response to the Ukrainian conflict, and we continued our support of social justice work with contributions to the Equal Justice Initiative and the Mid-Atlantic Innocence Project.
- We continued our support of Byte Back, NPower, Per Scholas and Virginia Ready, organizations that help to retrain individuals affected by economic challenges for in-demand jobs in high growth sectors such as technology.
- We match employee charitable contributions up to $3,000 to eligible organizations. In 2022, our employees supported approximately 200 unique organizations through the matching program.
- Our employees may volunteer one paid workday per quarter to support eligible local community organizations.
- 7 out of 8 directors are independent.
- 2 out of 8 directors are women.
- 2 self-identify as individuals from underrepresented communities (meaning, an individual who self-identifies as Black, African American, Hispanic, Latinx, Asian, Native American, Alaska Native, Native Hawaiian, or Pacific Islander, or who self-identifies as gay, lesbian, bisexual, or transgender).
- All directors are elected annually.
- To be elected in uncontested elections, each nominee for director must receive a majority of the votes cast.
- We have a lead independent director with robust responsibilities.
- We have an Audit Committee, Corporate Governance and Nominating Committee and Compensation Committee, each of which is composed entirely of independent directors.
- We have a Cybersecurity Committee to assist the Board with its oversight of the Company’s cybersecurity program and risks.
- Stockholders have proxy access rights.
- Stockholders owning together as few as 10% of outstanding common stock may call a special meeting of stockholders.
- Our common stock is the only class of voting shares outstanding.
- Each share of our common stock is entitled to one vote.
- The Board evaluates the Board leadership structure annually.
- The Board conducts an annual self-evaluation to determine whether it and its committees are functioning effectively.
- We do not have a stockholder rights plan, or “poison pill,” in place.
- Stockholders have the opportunity to annually ratify the Audit Committee’s selection of our independent registered public accounting firm annually.
- Directors and executives are subject to a stock retention policy.
- In response to stockholder feedback, we adopted our Political Contributions Policy, which formally established our general prohibition against direct political contributions by the Company to candidates, political parties, campaign committees, and political action committees.
- Verisign’s approach to cybersecurity is comprehensive, involving a multi-layered strategy where physical security, network infrastructure, software solutions, and security practices and procedures all play a key role reinforced by robust governance and oversight. We harden our infrastructure by leveraging overprovisioning and geographic redundancy.
- Overprovisioning means that we build our infrastructure so that it’s capable of handling substantially more traffic than the highest peak traffic load that we’ve ever experienced. This makes it more difficult to flood our system with bad traffic and block good traffic – for instance through a distributed denial of service (DDOS) attack – by ensuring that we consistently maintain far more capacity than is needed for normal operations.
- Geographic redundancy means that we maintain mission critical capabilities across multiple facilities across the globe, and we have built our infrastructure to be able to seamlessly shift demand from one location to another. The geographic redundancy of our infrastructure also makes it resilient against geopolitical and catastrophic events, helping Verisign to maintain its record of 25 years of uptime and availability for .com and .net DNS resolution.
- We have adopted a rigorous governance framework for the oversight of cybersecurity risk, including a Board-level Cybersecurity Committee and a management-level Safety and Security Council chaired by the CEO, with the Chair of the Cybersecurity Committee appointed as the Board liaison.
- We have adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework and perform periodic assessments against this framework to measure cybersecurity program maturity. We also have adopted the Center for Internet Security Critical Security Controls (CIS Controls), a prioritized set of safeguards to mitigate the most prevalent cyberattacks.
- In addition to leveraging a broad array of industry frameworks and best practices applicable to our operating environments, our information security practices align with the AICPA, Trust Services Principles and Criteria (System and Organization Controls). On an annual basis, we obtain SOC 2 Type II and SOC 3 audit reports from an independent, external third-party accounting firm attesting to our system-level controls relating to the security, availability, and processing integrity of our systems.
- We maintain a security awareness program, which is required for all employees, that includes annual information security and compliance training, monthly information security training videos, and regular phishing awareness exercises.
Employee Engagement and Diversity, Equity, and Inclusion
- We are committed to attracting, developing, and retaining the best talent, and we monitor our progress in these areas through a variety of workforce metrics (e.g. workforce demographics, hiring, turnover, and promotion rates, including diversity characteristics for each of these metrics).
- We recognize the importance of talent and culture in driving an environment that fosters high performance, inclusion and integrity in all aspects of our work. We use employee feedback to monitor employee morale and engagement, including through employee surveys. Approximately 85% of our employees participated in our most recent survey in 2022.
- We have practices in place to deliver fair and equitable compensation for employees based on their contribution and performance.
- To support the continued development of our people, we employ talent reviews and succession planning, management training, and continuous skill development through various methods including our online learning and development platform.
- We are committed to diversity, equity, and inclusion in all aspects of our business. In 2022, with the assistance of outside advisors, we built on our strong foundation by holding comprehensive training on DEI principles to further emphasize the importance and advance employee understanding of a diverse and inclusive workplace. We provide DEI training for employees across all levels.
- We continue to focus on the hiring, retention, and advancement of women and underrepresented populations. As of December 31, 2022, approximately 28% of our global workforce was female, and approximately 43% of our U.S. employees were ethnically or racially diverse.
- Our employee resource groups, including Women in Technology, Young Professionals and Asian Pacific Islander Community, are employee led and support an inclusive workplace environment.
Employee Health and Safety
- Verisign is committed to maintaining a safe and healthy work environment. We take physical security and wellness seriously. We have policies prohibiting workplace violence, and our Physical Security Policy requires facilities to be secure from unauthorized individuals.
- We employ access requirements and intrusion detection systems at our facilities.
- To help protect physical health of employees and visitors, we have installed in our U.S. facilities UVC lights on our main air handling units and we use MERV 13 air filters, both of which help increase indoor air quality by eliminating certain particulates.
- Verisign offers a comprehensive package of employee benefits that support physical, financial and mental wellness, including comprehensive healthcare benefits, disability leave, family leave, parental leave, 401k employer match, and others. We also make available a wellness service that offers resources and tools to support the mental and emotional health of employees and their families.
- We engaged a third-party environmental expert to conduct a greenhouse gas emissions inventory and a Task Force on Climate-Related Financial Disclosures (TCFD) roadmap and qualitative analysis, which were both completed in Q1 2023.
- Our Reston corporate offices are LEED Gold certified for commercial interiors. Our approach to environmental management focuses on areas where we can have the greatest direct impact.
- We work actively to reduce our emissions and our reliance on fossil fuels in our data centers. For example, from 2020-2022, we have sourced at least 50% of the energy used to run our Delaware data center from renewable energy sources. We have implemented various process and system upgrades that help reduce the amount of energy needed to operate our data centers.
- In our offices, we seek to minimize our environmental impact by encouraging recycling, using products made from recycled materials, and leveraging sustainable products. We have also upgraded various components of our HVAC systems to more energy efficient components with lower energy usage.
Ethics and Compliance
- Our Audit Committee oversees the ethics and compliance program which is maintained by a Board-designated compliance officer. The compliance officer regularly updates the Audit Committee on program developments and related topics and meets with the Committee in executive session.
- We regularly assess our ethics and compliance program through annual self-assessments and through periodic external assessments. In 2022, we commissioned an external assessment by compliance experts with deep experience assessing public company compliance programs, who found that our program is strong.
- Our Code of Conduct, which is applicable to directors, executive officers, and employees, was found by the external assessors in 2022 to include many best-practice features, such as user-friendly language, helpful Q&A, and strong sections on speaking up and raising complaints. The Code represents our mission and values and outlines our approach to ethical conduct and compliance with legal and regulatory requirements, including non-retaliation, anti-corruption, and others.
- Our directors and employees receive annual ethics and compliance training and certify their compliance with our Code of Conduct.
- We maintain an ethics and compliance helpline through which employees or others can seek guidance or raise a concern confidentially and anonymously if desired. All reported concerns are reviewed and, as appropriate, investigated. Verisign has a strict non-retaliation policy to protect those that report wrongdoing in good faith.
- Protecting the privacy of people who use our systems and technology is central to our role as stewards of critical internet infrastructure. We do not collect domain name registrants’ information in our .com and .net TLDs.
- Most of the queries to our DNS systems are from recursive servers and not from individual internet users, which greatly minimizes the amount of potential personal information (PI) we receive when resolving DNS queries. The limited amount of PI we receive is handled in line with our privacy commitments.
- Verisign does not monetize or share data of internet users, and we take steps to safeguard and limit any internet users’ data that comes into our possession.
- Our commitment to privacy is also exemplified in specific technology we use and develop to minimize the PI we receive, such as a technology called qname minimization that allows resolution of DNS queries with only a limited portion of the query information. When employed in our resolution services, qname minimization greatly reduces the amount of information, including potential PI, that we receive from internet users. Verisign pioneered the qname minimization technology and we have granted a royalty-free license to the DNS community for this technology. Due to this arrangement, a majority of all DNS queries benefit from this privacy enhancement.
- Our privacy program is led by our Global Privacy Officer. We have a public “Privacy Center” on our website where our Privacy Statement and related privacy commitments are located.
Responsible Sourcing and DNS Abuse Mitigation
- We have a Third-Party Code of Conduct which requires compliance with all laws, including anti-corruption, employment and labor laws (such as laws prohibiting discrimination, forced labor, unlawful child labor and other practices), and competition laws, among others.
- Our commitment to human rights is reflected in our Code of Conduct, which prohibits human rights abuses in our business, and also prohibits employees from working with any third party who engages in human rights abuses, such as forced labor, unlawful child labor, unlawful discrimination, and human trafficking, among others.
- We partner with governmental organizations such as Interpol, The U.S. Food and Drug Administration, and US Department of Justice and trusted organizations such as ICANN, the National Center for Missing and Exploited Children and the Internet Watch Foundation to address domain names known to be involved in DNS abuse and illegal activity, such as child sexual abuse material (CSAM), botnets, phishing, malware, illegal sale of opioids, and fraud.
- We play an active role in operational security forums and collaborations in the industry focusing on mitigating DNS abuse, including the ICANN Anti-Phishing Working Group and the Messaging, Malware and Mobile Anti-Abuse Working Group.
- The full Board of Directors is actively engaged in risk oversight for Verisign, including financial risks, enterprise risk management (ERM) and cybersecurity risks, among others.
- Our Board Committees have oversight of specific risks, as follows: the Audit Committee oversees the management of business and financial risk and compliance with laws and regulations; the Compensation Committee oversees risk management related to compensation programs and policies, and human capital management; the Cybersecurity Committee oversees risks related to the cybersecurity and privacy programs.
- Verisign manages readiness for various types of crises through our Crisis Management Program, which includes creating crisis management plans, conducting tabletop exercises simulating various crises, and briefing executives on crisis scenarios.
- Our Business Resilience team helps each business unit and department to create a tailored business resiliency plan and trains critical organizations to conduct their own tabletop exercises.
- Our Technology Resilience activities seek to avoid and recover from technological disruptions in order to mitigate associated risk. These initiatives have gained momentum in key areas that will carry over through 2023 and beyond.