Pioneer’s Emergency and Crisis Management program prepares our employees to mitigate, respond to and recover from emergencies and disasters. Pioneer employs an Incident Command System (ICS) designed to enable effective and efficient domestic incident management by integrating a combination of facilities, equipment, personnel, procedures and communications operating within a common organizational structure.
ICS is a key feature of the National Incident Management System (NIMS) and used by all levels of government – federal, state, local and tribal – as well as by many private-sector and nongovernmental organizations. Our management system is used to organize both near-term and long-term field and office operations for a broad spectrum of emergencies, from small to complex incidents, both natural and man-made.
Potential Risks Requiring Emergency Response:
|
Image
 |
Image
 |
Image
 |
|
Image
 |
Image
 |
Image
 |
|
Image
 |
Image
 |
Image
 |
|
Image
 |
Image
 |
Image
 |
Our Emergency and Crisis Management Plan, led by executive management and supported by functional leaders, extensively outlines Pioneer protocol for crisis management, roles and responsibilities of Pioneer personnel and management, and governance of our management system and Emergency Operations Center (EOC).
At ground level, our employees are trained to refer to site-specific Emergency Action Plans in the case of an emergency.
Emergency Action Plans
- Our various Emergency Action Plans are customized by facility and region, companywide
- Each Emergency Action Plan contains a “responders list” with names and contact information for Pioneer’s site-specific emergency response teams plus external contacts, such as local hospitals, police departments and fire stations, that employees can contact in case of emergency
- Pioneer operations are entirely within areas of 24-hour coverage by public, regional or local emergency response organizations
- Pioneer conducts annual training and updates of our Emergency Action Plans.
As outlined in our Emergency and Crisis Management Plan, Pioneer protocol for communicating with external stakeholders stipulates that, in the event of an incident that immediately threatens the safety of people, Pioneer employees are delegated authority to communicate warnings to everyone at potential risk.
COVID-19 Response
COVID-19 tested the effectiveness of our Emergency and Crisis Management program and our business continuity plans, performing extraordinarily well under these challenging circumstances. Our primary concern, as always, was the health and safety of our employees, contractors and their families. During 2022 and the first half of 2023, the majority of our office employees were back in the office through a disciplined workplace re-entry program. Pioneer continues to monitor and respond to issues as needed.
Cybersecurity
Information security is the responsibility of our Technology Solutions team and is managed by our Chief Information Security Officer. The Executive Committee and Cybersecurity Steering Committee are engaged in information security/cybersecurity strategies and, along with our Board, provide the associated oversight. Our Chief Information Security Officer provides regular updates to the Board and committees on company practices and mitigation strategies.
The Audit Committee provides oversight of the company’s cybersecurity risks as they relate to financial risk exposure and the security of the company’s data and information technology systems.
The HSE Committee provides oversight concerning operational technology cybersecurity risks and threats (i.e., field systems and related automation projects).
Pioneer’s Information Security team is comprised of highly trained security professionals who work with external partners in federal and local law enforcement and utilize expert cybersecurity firms and resources, all of which allow Pioneer to actively evaluate cyber threats and the ever-changing threat landscape.
Policies, procedures, and communication and training campaigns inform employees of the importance of information security and cybersecurity, potential threats, and appropriate preventive actions. Our Corporate Computing Policy is available to all employees, and they are required to acknowledge and observe the policy. Violation of this policy can result in disciplinary consequences, including termination. Responsible use of Pioneer information systems and data is also described in our Code of Business Conduct and Ethics. Cybersecurity awareness training is required of all employees and contractors, with specific training for teams that have access to sensitive data. Additionally, we frequently communicate with our employees and contractors about cybersecurity best practices.
We mitigate our cybersecurity risks by aligning our cybersecurity program governance to the National Institute of Standards and Technology Special Publication 800-171. Pioneer performs regular cybersecurity incident response training and Disaster Recovery testing. Third-party assessments are conducted on our business and operational technology environments and our internal controls over financial reporting that are audited annually. Vulnerability analysis performed against these systems includes simulated hacker attacks. In 2022, Pioneer had no material financial or data losses from a cybersecurity incident.