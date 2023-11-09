NORTHAMPTON, MA / ACCESSWIRE / November 9, 2023 / Quest Diagnostics

At Quest, we believe that strong corporate governance is essential for our success. Oversight of corporate responsibility and our ESG priorities starts at the top with our Board of Directors and executive leadership. We are committed to implementing policies and practices to achieve the highest standards of business ethics and integrity in our operations, including our supply chain.

This section outlines how we govern ESG and our approach to managing business fundamentals. These include ethics, compliance, data privacy, cybersecurity, enterprise risk management, and supply chain management, a priority material topic for Quest.

2025 GOALS

Supply chain management

Expand ESG risk assessments of key suppliers that comprise the majority of our total spend

Grow our spend with small and diverse suppliers in the United States

Governance

We are committed to operating with integrity. This is true for our test results, financial statements, public disclosures, internal controls, and the people who represent Quest.

Our executive leadership team-overseen by our Board-adopts and executes policies and procedures that promote ethical, transparent, and purposeful operating practices to enhance value for all stakeholders. Our leadership team provides regular updates to our Board on progress towards identified priorities and objectives.

The Board regularly reviews information regarding our business and industry through 5 committees:

Audit and Finance

Compensation and Leadership Development

Cybersecurity

Governance

Quality and Compliance

For specific details about each committee's responsibilities, please see our Corporate Governance documents.

Maintaining a diverse and highly skilled board

Quest's Board has 10 members, 6 men and 4 women

30% represent a diverse race or ethnicity

9 members are independent and bring a wide range of complementary skills, qualifications, and experience

Learn more about our Board of Directors and their breadth of experience

ESG governance

Founded in 2020 and expanded upon in 2022, Quest's ESG Leadership Council guides our ESG strategy and corporate responsibility initiatives. The Council collaborates with leaders from across the organization to inform and execute our strategy, drive alignment with business priorities, set goals and track targets, and embed ESG principles throughout our operations. The Council also keeps our Board informed about evolving ESG trends and stakeholder expectations.

"I am excited and proud to lead Quest's ESG efforts, partnering with colleagues to further integrate smart and sustainable business practices and drive progress on our goals." SAM A. SAMAD

EVP & Chief Financial Officer

Ethics and compliance

Our Code of Ethics (the Code) is an important part of our commitment to integrity. It sets out the principles and policies that apply to our employees, directors, executives, vendors, contractors, and business partners. The Code includes standards for responsible marketing, conflicts of interest, bribery and anticorruption, and political contributions and activity. We provide several pathways for reporting potential violations of the Code or other company policies, including an anonymous employee tip line which is operated by an independent third party.

"Core to Quest is our unwavering commitment to operating with strong ethics and integrity, being transparent, and putting our patients first. " KRISTIN L. WALLACE, SVP, Chief Compliance Officer

Enterprise risk management

Quest's Enterprise Risk Management (ERM) program, overseen by the Audit and Finance Committee of our Board of Directors and driven by our Executive Leadership, is integrated into the company's governance, performance management, and internal control frameworks. The program is designed to promote risk awareness throughout the company. Our formal and continuous risk assessment process enables us to identify, evaluate, mitigate, and manage both identified and emerging risks. These risks are influenced by both internal and external conditions that impact our business strategy and performance. We strive to continuously strengthen our program and have aligned it to our ESG strategy so that we may also effectively address ESG-related risks.

For additional details, visit our Enterprise Risk Management page.

Data privacy and cybersecurity

Safeguarding our patients' privacy and maintaining the security of their health information is Quest's highest priority.

We have a mature and effective privacy program which includes detailed privacy policies and procedures, training, auditing, and ongoing privacy awareness reminders. Our privacy policies and procedures address subjects including protected health information (PHI) disclosures, key privacy safeguards, and minimum necessary access to PHI. These policies are available to employees on our intranet site.

All employees are assigned a series of online training modules at new hire that include HIPAA and security awareness. Annual compliance training is required for all employees, includes privacy, and is monitored and tracked to ensure completion. For both new and existing employees, more specialized privacy training may be provided based on an employee's job function. Throughout the year, the Privacy team also partners with the Compliance Training team to provide ongoing education in the form of alerts, flyers, and quizzes, and collaborates with Legal to stay informed of the privacy landscape.

Our Cybersecurity team also maintains robust monitoring and training programs to protect data created and collected through our operations (including at third parties using our data). They engage with external partners to understand existing and emerging requirements and threats, and regularly evaluate innovations that may enhance the protection of patient and other confidential data.

The Cybersecurity Committee and the Quality and Compliance Committee of the Board of Directors provide oversight, in accordance with their charters. The Audit and Finance Committee also oversees risks related to these subjects.

For additional details, see our Data Privacy site and our 2021 Corporate Responsibility Report, pages 69-70.

