Governance and Reporting

Governance and Board

At the Board level, our Nominating and Corporate Governance Committee reviews and monitors the development and implementation of the company’s evolving ESG goals and provides guidance to the Board on such matters. Array Technologies, Inc. (ARRY) is listed on NASDAQ-GM and fulfills the exchange’s board diversity rule, which is designed to encourage a minimum board diversity objective for companies and provide stakeholders with consistent, comparable disclosures regarding a company’s current board composition. To learn more about our governance structure, please see our most recent Proxy Statement and our Governance Site.

ESG Governance and Oversight

Our ESG initiatives are overseen by two coordinated governance structures:

ESG Executive Steering Committee

Our ESG Executive Steering Committee meets quarterly and is responsible for:

  • Defining ESG priorities, objectives, and strategy with the goal of further integrating sustainability into the Company’s strategy and operations
  • Assisting the Nominating and Governance Committee of Board of Directors in fulfilling oversight responsibilities with respect to the Company’s ESG efforts
  • Delegating responsibilities to implement ESG strategy to appropriate members of their team
  • Regularly reviewing the company’s ESG performance and providing recommendations for improvement

ESG Working Group

Our ESG Working Group meets regularly and is responsible for:

  • Overseeing key programs or initiatives as directed by the ESG Executive Steering Committee and the appropriate executive sponsor
  • Developing action plans to achieve our 2025 ESG goals
  • Maintaining metrics, systems, and procedures, as deemed necessary and appropriate, to monitor and track ESG matters

Related Policies

This ESG Governance and Oversight structure allows us to consistently refine our internal operating standards, ensuring that they align with Array’s overall ESG strategy and reflect our corporate values. We also have several policies that provide strong governance over key areas of ESG strategy:

Related Policies

Environmental Policy

Array’s ESG Steering Committee oversees our Environmental Policy and ensures that we are demonstrating continuous improvement in meeting our environmental objectives, adhering to all applicable governmental and industry regulations, and protecting the environment through the prevention of pollution in air, waste, and water.

Related Policies

Supplier Code of Conduct

Our Supplier Code of Conduct ensures that all vendors comply with Array’s social and environmental standards and reserves the right to monitor and audit our suppliers’ compliance activities and performance. This document was strengthened in 2022 to include specific human rights and environmental requirements as part of our overall risk management strategy.

Related Policies

Code of Business Conduct

Our updated Code of Business Conduct describes specific programs and initiatives that allow for greater transparency and accountability around our ESG standards. This includes:

  • The trainings we have in place to ensure that all Array employees embody the high ethical standards of the company
  • Our approach to auditing our ethical standards
  • Our formal whistle-blower system, which reinforces our no-retaliation policy and is designed to allow employees to safely escalate questions or concerns.
Related Policies

Human Rights Policy

We updated our Human Rights Policy to strengthen our commitment to protecting human rights in accordance with the United Nations Guiding Principles on Business and Human Rights, and promoting employee health, safety, and security in the workplace and throughout our supply chain. This policy underscores our commitment to ensuring that our employees, workers within our supply chain, and individuals in communities affected by our activities are treated with dignity and respect and extend that respect to each other.

Related Policies

Cybersecurity

Array commits to the protection of corporate assets and personally sensitive information with which it is entrusted. This is a foundational enterprise principle that governs our actions and digital activities in how we innovate and build world-class solar solutions and how we protect our customers, our company, our people, and our business partners. We have a strong cybersecurity posture with a focus on protecting our most critical assets and preventing material breaches to our systems.

To date we have made the following enhancements to drive better oversight of our cybersecurity practices:

  • Formalized the responsibility of the IT Infrastructure Team to ensure key cybersecurity practices outlined in Array’s Cybersecurity Policy are enforced and followed
  • Established policy oversight by the Chief Information Officer at Array
  • Formalized a quarterly briefing schedule to the Audit Committee of the Board of Directors
  • Formalized cybersecurity trainings for all employees to ensure that everyone at Array is managing confidential information appropriately, and to mitigate the risk of cybersecurity attacks, including via mock phishing attacks to assess employee readiness
  • Engaged external firms to perform penetration testing to identify security vulnerabilities and remediated identified vulnerabilities
  • Performed external assessments to measure progress and build an achievable roadmap to continue to strive for improvements in Array’s cybersecurity maturity
  • Performed cybersecurity tabletop exercises to test readiness and identified opportunities to improve upon existing incident response policies and procedures
  • Obtained an information security risk insurance policy to provide Array and its customers with protection in the event of a cybersecurity breach. We believe that cybersecurity is a posture and a journey – not a destination – requiring continuous and consistent planning, strategic problem solving, operational efficiency, and education.

Our Cybersecurity Program continues to mature through calculated investments in people, process, technology, and strategic partnerships with business partners who understand our commitment to our customers, shareholders, and stakeholders. As cybersecurity threats continue to evolve and increasing digitalization of supply chains and business inter-connectivity continues to broaden the operational threat landscape for all companies, Array is committed to continuing to evolve and adapt our security architecture, resiliency, response, and recovery processes to effectively meet persistent and growing threats. From a privacy standpoint, Array is committed to meeting the regulatory requirements in the environments Array operates. This includes the European Union’s General Data Protection Regulation (GDPR), Brazil’s General Personal Data Protection Act (LGPD), and California’s Consumer Privacy Act (CCPA), among others. To that end, Array continues to build out its data privacy framework and intends to roll out an updated privacy policy and personal data protection framework in 2023. Array’s Data Protection Officer (DPO) has overall responsibility on the privacy policies and practices.

Our 2025 Governance Goals