MESSAGE FROM ABOUT SUSTAINABILITY AT PRODUCTS WITH ENVIRONMENTAL SOCIAL GOVERNANCE AND GRI, SASB, AND TCFD OUR CEO HUBBELL HUBBELL IMPACT STEWARDSHIP RESPONSIBILITY ACCOUNTABILITY DISCLOSURES SAFEGUARDING OUR PRODUCTS We believe in fostering a mature privacy and security by design culture, as supported by our policy and guidelines, for the development of our connected products. Our Product Cybersecurity Council provides cyber awareness and collaboration with internal stakeholders, partnering with Hubbell’s SOC2 Engineering Council, to implement security protections and initiatives across the full lifecycle of our new product development process. The secure development process is designed to consider and holistically STRENGTHENING SOC2 address cybersecurity risk and data privacy during the design and In 2022 we initiated a process to integrate privacy trust development of connected products. By embedding these considerations service criteria into our SSAE 18 Systems and Organizations into our new products, we strengthen the software, sensors, and digital Controls (SOC) 2 audits, which are independent third-party o昀昀erings of our electrical and utility solutions, and ultimately, achieve our service level compliance reviews of selected connected customers’ expectations for strong data protection. products for our customers. MANAGING RISKS IN OUR SUPPLY CHAIN Our businesses have a strong supply chain risk management program in place with a proven policy and process for managing cybersecurity risks and safeguarding data in supplier engagements. When it comes to cybersecurity, we have a team of seasoned experts who are responsible for managing timely risk assessments, risk remediation plans, and a risk-based reassessment schedule. In addition to their focus on risk management, our cybersecurity team coordinates with our compliance team to promote MATURING OUR CYBERSECURITY PROCESSES security best practices throughout our value chain by performing audits of controls and ensuring compliance with applicable regulations. Over the In 2022, we continued to enhance our cybersecurity operational past couple of years, we have continuously strengthened our processes, process, risk register, and incident response procedures. To that including our assessment and monitoring of critical suppliers in our end, we benchmarked our internal risk assessment’s alignment with value chain. For those suppliers with access to personal data, we tighten the National Institute of Standards and Technology's Cybersecurity contractual obligations spanning our Data Processing Agreements and Framework, a leading standard for cybersecurity. Through our security standards. We have also implemented a new control in our SSAE 18 analysis, we identi昀椀ed and implemented prudent improvements that SOC 2 audits which requires our data privacy team to provide approval of strengthened our business security processes. data maps related to personal information obtained from customers. 61