Accountable Corporate Citizenship
Overview
Nextracker recognizes that ethical corporate governance practices are the foundation for responsible, sustainable companies.
Section Contents:
* Bolded items align to strategic framework
Related United Nations Sustainable Development Goal
ESG Governance
The Nominating, Governance and Public Responsibility Committee of our Board of Directors has ultimate oversight of the company’s environmental, social and corporate governance guidelines, policies, and procedures. The committee’s charter outlines key responsibilities, including:
- Review and make recommendations to the Board regarding, and approve company disclosures concerning, the corporate governance guidelines, policies, and procedures of the company
- Review and make recommendations to the Board regarding the company’s corporate responsibility and sustainability policies and programs, considering such matters as human rights, social issues, and environmental risks and opportunities
- Review and assess current and emerging environmental, social, and corporate governance issues, trends, regulatory developments, and best practices
- Monitor assessments of the company’s corporate governance program and applicable proxy advisory services policies and reports
- Review the company’s annual sustainability report
- Oversee the Company’s policies and practices regarding political expenditures, including an annual review of the Company’s corporate political contributions, lobbying activities, and trade association dues and payments
Our Director, ESG Strategy and Reporting is directly responsible for sustainability strategy. Sustainability is a group effort, and the ESG Team collaborates with leaders from operations, customer account management, and other regional departments. The team is responsible for developing and implementing corporate standards and tools, monitoring performance, capturing, and addressing ESG strategy and climate change initiatives.
Since becoming a fully independent company in January 2024, Nextracker established an Executive Council and a cross-functional working group within the company to drive progress on our sustainability strategy and initiatives. Our ESG Team meets every quarter with the Executive Leadership Team, Executive Council, and the working group to review progress on sustainability programs.
Board of Directors
OVERSIGHT
Nominating, Governance and Public Responsibility Committee
ESG Executive Council
EXECUTIVE SPONSOR
General Counsel
ESG Steering Committee
CHAIR
Director, ESG Strategy and Reporting
INCLUDES
Participation from Cross-Functional Teams
Board of Directors
The company seeks to achieve a balance and diversity of knowledge, experience, and capability with respect to the directors serving on the Board. The Board considers each candidate’s ability to contribute to the diversity of the Board, including diversity of experience, viewpoints, backgrounds, gender, race, and ethnicity.
Board Diversity
Self-identified diversity statics
A Board Diversity Matrix is available in our most recent Proxy filing.
Board Committees
The Nextracker Board of Directors conducts its business with three committees, each with responsibilities related to our sustainable strategy.
Nextracker maintains its committee charters on the Governance website page.
Audit Committee
Periodically reviews risk assessments from management with respect to cybersecurity, including assessments of the overall threat landscape and related strategies and investments.
Compensation and People Committee
Oversees the Company’s human capital management strategy, including corporate culture; diversity and inclusion; employee engagement, pay, and opportunity equity; social initiatives and results; and talent attraction, training, development, and retention programs and results.
Receives periodic updates at least twice annually.
Nominating, Governance and Public Responsibility Committee (NGPRC)
Maintains primary responsibility for the application of the Company’s environmental, social, and corporate governance guidelines, policies, and procedures.
Approves company disclosures concerning the corporate governance guidelines, policies, and procedures of the Company.
Reviews and makes recommendations to the Board regarding the Company’s corporate responsibility and sustainability policies, and programs, considering such matters as human rights, social issues, and environmental risks and opportunities.
Reviews and assesses current and emerging environmental, social, and corporate governance issues, trends, regulatory developments, and best practices.
Monitors assessments of the Company’s corporate governance program and applicable proxy advisory services policies and reports.
Reviews the Company’s annual sustainability report.
Oversees the Company’s policies and practices regarding political expenditures, including an annual review of the Company’s corporate political contributions, lobbying activities, and trade association dues and payments.
Business Ethics
Our Code of Business Conduct and Ethics (the Code) reflects our core values and is designed to identify and prevent violations of our Code, policies, and applicable laws.
Every Nextracker employee, officer, and director must know, understand, and comply with the Code and its procedures and related policies. All employees and the Board receive annual training on the Code and must certify their understanding. Our Head of Internal Audit periodically conducts enterprise risk assessments.
The Responsible Supply Chain Management section of this report includes how we hold our suppliers accountable to our ethical standards.
Whistleblower Reporting
We expect and encourage our employees to speak up and ask questions or report their concerns. Nextracker maintains an ethics hotline to allow employees, officers, directors, and business partners to voice their concerns without fear of retaliation. The ethics hotline, which is available by phone, website, and app, is available 24 hours a day, 7 days a week, with translation services available. Reporters may remain anonymous.
Nextracker takes all allegations seriously and reviews and investigates each matter as appropriate. Our Chief Ethics and Compliance Officer and General Counsel oversee our compliance program and support Nextracker’s compliance with our Code, all applicable laws, and our own policies and procedures. The Chief Compliance Officer reports periodically to the Audit Committee on the compliance program and significant related matters.
Our Whistleblower Policy is internal. Additional information on the ethics hotline can be found in Nextracker’s Code of Business Conduct and Ethics.
Enterprise Risk Management
Enterprise risk management (ERM) encompasses all levels of the organization. Our Board of Directors has oversight responsibility for our overall enterprise risk management and our head of Internal Audit leads our ERM process and facilitates a team of cross-functional leaders representing the full organization.
Each of these functional leaders is considered a risk owner. Collectively, risk owners meet quarterly to discuss and assess potential changes in corporate risks. The team analyzes and maps each newly identified or changing risk according to Nextracker’s risk threshold. Risk owners oversee functional leaders and policy owners, process owners, and control operators to manage the risks within their functional purview. The team shares the results of each quarterly ERM review with the Audit Committee of the Board of Directors.
Cybersecurity
Oversight
Nextracker takes cybersecurity threats seriously and works diligently to manage associated risks. Our cybersecurity risk management program contributes to the ERM process and is thoughtfully designed to identify, assess, and proactively manage material risks.
Our Board of Directors oversees the overall enterprise risk management program and has delegated cybersecurity risk management oversight to the Audit Committee. The Audit Committee meets regularly to review internal risk assessments regarding cybersecurity, including assessments of the overall threat landscape and related strategies and investments.
Management is responsible for day-to-day risk management activities, including identifying and assessing cybersecurity risks, establishing processes to ensure that potential cybersecurity risk exposures are monitored, implementing appropriate mitigation or remediation measures, and maintaining cybersecurity programs. Our cybersecurity programs fall under the direction of our security leader. The cybersecurity leader chairs the Cybersecurity Council, a cross-functional committee that includes members of our Cyber, IT, Risk Management, Legal, Engineering, and management teams. The Cybersecurity Council reports to the Audit committee that in turn reports to our Board of Directors on cybersecurity matters as needed.
Risk Management and Strategy
We designed our cybersecurity program to identify, assess, and proactively manage material risks. Our approach to cybersecurity is an ongoing process. We use monitoring, risk assessments, and robust security measures to protect the confidentiality, integrity, and availability of our information systems, including critical computer networks, hosted services, communication systems, hardware, and software. Above all, we aim to fully protect critical employee, customer, and company data.
We address cybersecurity challenges and enhance our overall risk management efforts by integrating recognized best practices, standards, and controls such as the CIS 18 Critical Security Controls and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). We are vigilant about monitoring the threat environment for potential risks, and we employ various methods including automated detection tools, environment scans, and investigations of potential threats and reports.
Key components of our cybersecurity program include:
- Security leader who oversees our day-to-day programs, specializing in cybersecurity and governance
- Cybersecurity Council comprised of a cross-section of management with oversight over our program
- Threat intelligence feeds and vulnerability databases to monitor our systems
- Incident response processes designed to ensure swift action
- Ongoing security awareness training, including required robust cybersecurity training during the onboarding process and annual cybersecurity training for all employees
- Monthly newsletter offering best practice reminders on cybersecurity awareness
Within our program, we conduct internal and external security-based activities, including reviews and assessments of our third-party service providers and vendors. Some of our activities include:
- Information security assessments in collaboration with internal and external partners to evaluate our security
- Vulnerability scanning and penetration testing via third-party service providers to assess external and internal vulnerabilities and potential threats
- Internal cyber risk register reviews to stay vigilant against potential and identified risks
- Risk prioritization to address key risks through our dedicated cybersecurity risk management program and the Cybersecurity Council
We have not experienced any cybersecurity threats or incidents that have materially affected or are reasonably expected to materially affect our business. However, we acknowledge the evolving nature of cybersecurity threats and remain committed to enhancing our protective measures as needed. For more detailed information about our company’s specific cybersecurity risks, please refer to our most recent Form 10-K.
Contact Us
San Francisco Bay Area
6200 Paseo Padre Pkwy Fremont, CA USA
+1 (510) 270-2500
