Our work to establish, maintain, and update robust and ethical corporate governance practices is guided by our Credo and our Aspirations.
We consider the topic of corporate governance to include a system of rules, procedures, practices, policies, and relationships by which Edwards is managed.
- GRI 2-9: Governance structure and composition
- GRI 2-10: Nomination and selection of the highest governance body
- GRI 2-11: Chair of the highest governance body
- GRI 2-12: Role of the highest governance body in overseeing the management of impacts
- GRI 2-13: Delegation of Responsibility for managing impacts
- GRI 2-20: Process to determine remuneration
- GRI 2-21: Annual total compensation ratio
Corporate governance at Edwards begins with the Board of Directors and the ELT; together, they establish Edwards’ governance structure, policies and procedures and strategy.
Our Board of Directors
Information about Edwards’ Board of Directors composition, responsibilities, and oversight can be found in the “Corporate Governance Policies and Practices” section of our 2023 Proxy Statement. Our Corporate Governance Guidelines are available on our website.
Governance for sustainability
The Compensation and Governance Committee of our Board maintains formal oversight responsibilities for our Sustainability program, with regular discussions on the topic at meetings of the full Board. The Vice President (VP) of Corporate Sustainability engages regularly throughout the year with the ELT, the Board of Directors, and its committees. More details on our governance for sustainability can be found in the 2023 Proxy Statement.
Enterprise risk management
Through our annual strategic planning process, we consider business risks and opportunities across a seven-year time horizon. We have an Enterprise Risk Council, composed of cross-functional members of management, which is responsible for assessing and prioritizing Edwards’ top risks on a quarterly basis. When conducting its risk analysis, the Council considers quantitative and qualitative inputs across multiple key dimensions, including:
- Patient safety
- Business and financial metrics
- Operational risks (disruptive events, including acute climate risks)
- Reputation and brand
- Legal and regulatory
- Talent and employee wellness
At least annually, in alignment with our strategic planning process, the Senior Vice President (SVP) of Enterprise Risk Management (ERM) reviews top risks and mitigation activities with the full Board to ensure robust risk management. The Enterprise Risk Dashboard is then presented at regularly scheduled Board meetings to update Directors on Edwards’ most current risks and how the company manages them. Additionally, as needed, the Audit Committee of the Board meets with members of management to consider various potential risks to the company, including those related to financial reporting, product development, continuity of operations, regulatory compliance, succession planning, physical facilities, and other topics.
An important part of our approach to managing enterprise risk at Edwards is our business continuity program. Through this program, we maintain standardized continuity plans across our global manufacturing sites, and we routinely run exercises to test our readiness for various scenarios. We have an agile crisis management process that leverages insight and leadership from an experienced and cohesive management team. Please see the Governance Map for more details.
At Edwards, we are aware that changing weather patterns may cause business interruptions. To best prepare for this unknown, we incorporate the potential impact of floods, wildfires and other weather events into our risk assessments. We take additional preventative measures including maintaining emergency response systems and business recovery processes, which we test regularly. We also collaborate with our insurance provider to ensure our global facilities have appropriate weather damage prevention features and resilient infrastructure. Incorporating sustainability factors, such as climate risk, into our assessments provides us with a more robust understanding of potential risks to the company. We continue to review and assess the risk factors outlined in the Task Force for Climate-related Financial Disclosures and, where needed, shape appropriate mitigation strategies. For more information, please see the Risk Factors section of our 2022 Annual Report and the Board Role in Risk Oversight section in our 2023 Proxy Statement.
We take measures to protect the data of our employees, customers, and patients, and to safeguard the intellectual property of the company. Our Chief Information Security Officer (CISO) oversees the information security team and is critical to helping management to address cybersecurity issues. The CISO provides regular updates to the ELT, including the CEO, and the Audit Committee of the Board on our cybersecurity program and potential security risks.
The Information Security team manages Edwards’ Information Security Program, which is focused on monitoring, mitigating and addressing cyber risk and information security. Our Information Security Program aligns with industry standards such as the National Institute of Standards and Technology Cybersecurity Framework, ISO 27002, Center for Internet Security Framework, SysAdmin Audit Network Security Top 20 Controls, and Open Web Application Security Project Top 10, among others. We leverage these frameworks to build security controls that are both specific to Edwards and also aligned with best practices. In addition to tracking best practice frameworks, we also work with trusted third parties to help us assess our cybersecurity program and continually enhance our processes.
We make the Edwards Information Security Policy available to all employees through the employee handbook and on our intranet. As part of an employee’s new hire orientation, we provide the policy to new employees, and we conduct regular cybersecurity awareness and training campaigns for existing employees. Internal and external stakeholders can access the Edwards Integrity Helpline 24 hours a day, 7 days a week online or by phone, to report any security incidents for escalation. We also disclose information about our product security and provide relevant contact information for our stakeholders to report any product vulnerabilities.
To prepare for potential cybersecurity incidents, we maintain both a business continuity plan and cyber incident response plan with formalized workflows and playbooks. We periodically conduct simulation exercises involving employees at various levels of the organization, including the CEO. The Information Security team organizes engagements with external partners to conduct annual audits of our systems and test our IT infrastructure. Through these channels and others, we work to proactively identify potential vulnerabilities in our information security system.
As part of our efforts to track and shape industry best practices, the Information Security team is an affiliated member and active contributor of the following committees:
- National Health Information Sharing and Analysis Center (NH-ISAC)
- Medical Device Innovation, Safety and Security (MDISS)
- Advanced Med Tech (AdvaMed) Security Group
We respect the privacy rights of everyone who interacts with our business, including our employees, customers and patients, and we are committed to complying with all applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR). For more information, please see our Privacy Statement.
Approach to taxation
We are committed to responsible tax management and transparency across our operations. We sell products in approximately 100 countries, and our contributions have a significant impact on communities around the world.
We organize our tax management approach around three principles:
1) Compliance with local and international laws and regulations;
2) A commitment to business excellence that aims to maximize efficiencies and competitiveness; and
3) Consideration of the interests of multiple stakeholders, including governments and tax authorities, customers, shareholders, and the communities in which we operate.
For more information, please see our Position Statement on Tax.
On a regular basis, teams within Edwards review our governance structures to identify areas for improvement. We believe a strong corporate governance program is central to promoting business success and driving a culture of responsibility.
Engaging with our shareholders
Throughout 2022, we engaged with our shareholders through several modes to collect their feedback. Our CEO, CFO, and SVP of Investor Relations (IR) met with current and prospective stockholders to discuss Edwards’ strategy, business and financial results. Additionally, our CFO, Corporate Secretary, SVP of IR, and Lead Independent Director, when appropriate, engage stockholders to solicit their views and feedback on issues that matter most to our stockholders, including, among other things, corporate governance, compensation, sustainability, corporate social responsibility, human capital management, diversity, inclusion and belonging, succession planning, and other related matters. For more information on Edwards’ approach to engaging with shareholders, please see our 2023 Proxy Statement.
In 2022, approximately 92% of the target total direct compensation of our CEO, and an average of 80% of the target total direct compensation of our other Named Executive Officers, was performance-based. For more information on executive compensation, CEO pay ratio and short-term bonus, please see our Proxy Statement.
Enterprise risk management
The Edwards Board and ELT continually refine and strengthen our ERM process to improve identification of emerging risks to mitigate their impacts, aiming to better identify emerging risks so we may efficiently minimize their impacts. In 2022, we continued to integrate sustainability factors into our ERM process by incorporating ESG considerations into our Strategic Planning process, reviewing our climate risks, and refining our business continuity plans. Using the TCFD’s risk assessment framework, we continue to assess risks and determine appropriate mitigation approaches. Additionally, Edwards conducted multiple business continuity exercises in 2022, which focused on natural disaster risk, cyber disruption scenarios and other types of business disruption.
In 2022, the COVID-19 pandemic continued to be a significant risk that impacted companies and organizations around the world. At Edwards, we used dynamic protocols to manage the effects of the pandemic, protect our workforce and safeguard our ability to deliver lifesaving products. The ERM team and Employee Health team consolidated our COVID-19 response materials and refined our pandemic planning resources and frameworks.
For more information, please see the Risk Factors section of our 2022 Annual Report.
Edwards experienced no cyber breaches or incidents that had a material impact in 2022. Attempted cyber-attacks on our network were detected and responded to in a timely manner. We did not incur material expenses from information security breaches or security breach penalties or settlements in 2022.
In March 2022, we achieved UL 2900 certification for our new network-connectable medical device releases, such as our next-generation HemoSphere monitoring platform. Moving forward, our Information Security team will continue to implement strong administrative and technical safeguards to protect patient data collected and stored within our digital products. Another key priority for our program is further building cyber resiliency throughout our value chain. We are closely monitoring new and emerging cybersecurity regulations around the world, assessing their potential impacts to our business, and responding accordingly.
Edwards works to further strengthen our response and recovery mechanisms as a part of our cyber resiliency strategy. In 2022, we completed a cybersecurity tabletop exercise with senior leaders from Edwards. Also, the Information Security team implemented an enhanced recovery system to fortify our ability to restart operations in the event of a cyber attack.
Delivering exceptional shareholder value