Information Technology and Security

Range’s digital frameworks support a cohesive and collaborative environment across our business operations. This provides our employees a platform to efficiently work together to pursue Company goals while operating in a secure manner. As a result, protecting the Company from cybersecurity threats is of the utmost importance to Range.

Governance of IT & Cyber

While information technology and cybersecurity threats are always evolving, Range’s deep commitment to proactively managing these issues has not changed. At Range, adhering to best-in-class technology and cybersecurity practices is an effort that starts at the top of the organization and includes all employees. Cybersecurity governance is sustained by the Information Technology Department which includes certified security professionals and other seasoned security analysts ensuring proper alignment with business risks and opportunities. Range’s Information Technology Department works diligently to address risks and opportunities in these areas through collaboration with other departments and executive leaders. Formal reports are provided to the Board of Directors quarterly or more frequently as needed.

Multiple departments within Range have worked closely with our IT Department to enhance controls and procedures specific to their operations, improving efficiency and security. These include our Operations Department, Water Operations Department, Environmental Compliance Department, Planning Department, Community Relations Department, and more.

Beyond department specific efforts, employees at Range receive annual information security training to encourage regular reinforcement of threat identification techniques, reporting processes, and other security best practices. These training efforts are paired with regular awareness initiatives that the Company utilizes to keep our team informed on evolving cybersecurity threats and trends. Together, continual training and awareness initiatives better equip our employees to identify and report information security threats, embedding the importance of information technology into our culture.

Pandemic Preparedness

Despite the upheaval brought by the COVID-19 pandemic, Range’s employees were well-prepared for the challenges, allowing for a smooth transition to a remote work environment. Most of the technology and platforms needed to successfully work remotely were in place at Range well before the onset of the pandemic.

The majority of Range employees had Company-issued laptops and Company-issued cellphones prior to 2020, which meant we had enough resources for employees to make the shift to remote working immediately. Additionally, Range provided employees with hotspots or virtual desktops if they encountered bandwidth issues at their homes and allowed employees to take office equipment home if needed. Range also published information on the Company intranet to further help our employees in setting up their home offices.

Range’s existing structures and investments were also a catalyst to a successful remote working environment. Virtual Private Network (VPN), End Point Detection and Response, and Multi-Factor Authentication were all in place before the COVID-19 pandemic. Virtual collaboration systems were also an existing part of Range’s business ecosystem prior to the pandemic. This was a huge benefit for our employees, allowing continued collaboration and sustained business communications without in-person interaction.

Policies and Best Practices

When developing and assessing policies and procedures, Range conducts a multi-faceted review to facilitate strong compliance around information technology and cybersecurity. Range considers our Company-specific needs while leveraging best practices, participating in industry-specific cyber or information technology events, and engaging with stakeholders. This process guides the development of policies such as our IT Security Policy, Business Continuity Plan (BCP) Policy, IT Disaster Recovery Policy, IT Incident Response Policy, and IT Vulnerability Management Policy.

Range’s security framework is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), which allows benchmarking and regular measuring of our profile to focus on continuous improvement. Our ransomware attack prevention efforts adhere to best practices published by The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC). Beyond these efforts, we utilize multiple industry leading platforms for network and application security, incorporate best practices for Industrial Control Systems (ICS) security and segmentation, and use state-of-the-art technology to protect our information.

Quarterly, Range’s Information Technology Department conducts a full review of all security initiatives to assess the current state of our program and potential evolution based upon current business risks, and they report their findings to the Range leadership team and Board of Directors.

Audits and Compliance

Monitoring the status of our information security and cybersecurity program and ensuring compliance with our policies is a crucial step in Range’s commitment to risk management. We conduct penetration tests (pen tests) on our systems, review our entire information technology program, and internal audits on an annual basis. To date, Range has not experienced any breaches.

Additionally, an independent third party conducts an external review of our Incident Recovery (IR) Plan and runs an annual IR exercise with Range’s internal team to further ensure the preparedness of our Company and employees for potential situations that may arise.

These efforts reflect how Range’s commitment to managing information security is engrained into our culture and our daily operations.