How Sustainability is Managed

Oversight of the environmental, social and governance (ESG) issues reflected in this report is through the Executive Committee, the Corporate Governance & Social Responsibility Committee and the Board of Directors. The Corporate Governance & Social Responsibility Committee of the Board of Directors is briefed on all ESG issues on a quarterly basis. The three pillars — People, Planet and Products — are governed and managed at the senior levels of our company, with dedicated internal teams including three DE&I Councils, Sustainability Steering Committee, Regulatory Affairs Committee, and various Community Investment program teams. Our dedicated teams across all three pillars are responsible for developing and managing our ESG initiatives on a day-to-day basis. This includes identifying, monitoring and implementing initiatives to mitigate risk, deliver on our commitments, and report key metrics and progress against our goals. Our governance structure ensures strong oversight of our strategies, delivery of our actions and accountability in execution.

Governance
Structure of
ESG

Governance
Structure of
ESG

Border
diversity
Diversity, Equity & Inclusion Council; Sustainability Steering Committee
  • Cross-functional business leaders meet quarterly to advise on ESG strategies and initiatives
  • Advocate on ESG issues across business functions
Quarterly updates
Empire-Board-
Empire Board of Directors – Corporate
Governance & Social Responsibility Committee
  • Responsible for stewardship of the company
  • Provide oversight over ESG issues
Border
ceo-executive
CEO and Executive Committee
  • Provide strategic input on ESG issues
  • Oversee key initiatives
Border
Quarterly updates
senior-leader
Senior Leaders (Senior Vice-President/ Vice-Presidents across each pillar) 
  • Set strategic direction and goals
  • Enable dedicated teams to execute strategies and ensure regulatory compliance
Border
dedicated-teams
Dedicated teams across each pillar 
  • Day-to-day management of ESG
  • Report on progress against goals 

Codes of Conduct and Policies

Our Code of Business Conduct and Ethics (PDF 0.17MB) provides guidance to all employees (teammates) and reaffirms our commitment to the highest possible personal and corporate standards of business conduct. Directors and employees are required to acknowledge and agree to our code on a regular basis and we maintain an anonymous, confidential whistleblowing hotline.

Our range of policies that guide and govern our actions from our stores to our boardroom include:

Information Management, Cyber Security and Data Protection

The integrity, reliability and security of information in all its forms is critical to our company’s daily, strategic operations. Inaccurate, incomplete or unavailable information, external intrusions on information systems or inappropriate access to information damage and disrupt our business and have financial and reputation implications. Customers trust us with personal information so that we can meet their needs in different areas of our business such as in our pharmacies, through our e-commerce platforms and more. We also have an obligation to protect information entrusted to us by our teammates.

Information management risk is managed through a multi layered security approach involving cyber software tools-based controls, policies, standards and procedures pertaining to security access, system development, change management and problem and incident management. We place a strong focus on teammate awareness and training, and policies to govern the acceptable use of corporate devices and assets. Our Cyber Security Employee Awareness and Training program provides our team members with the knowledge to ensure they make informed decisions to protect our business from cyber related threats. Some of that training is through monthly targeted phishing campaigns, mandated training, regular teammate communications on relevant cyber security topics, and through digital signage. Throughout the pandemic, our IT teams worked tirelessly to support our work-from-home teammates to create cyber-secure workplaces at home.

We also operate extensive and complex information technology systems that are vital to the successful operation of our business and marketing strategies. We are committed to improving our operating systems, tools and procedures in order to become more efficient and effective. Our corporate privacy policy is available to the public on our corporate websites. It’s all part of our plan to protect our business and customers.

Enterprise Risk Management

As part of our Enterprise Risk Management process, every year we identify, assess, manage and report on key risks to the organization and our objectives. These risks are reported in Empire’s Annual Report (PDF 4.20MB), the Q4 F21 MD&A (PDF 0.48MB) and F21 Annual Information Form (PDF 0.59MB).