Information Security Policy

PURPOSE AND SCOPE

At Danaos Corporation, along with its exclusive manager Danaos Shipping Ltd. (“Danaos” or the “Company”), we are committed to delivering safe, efficient, and cost-effective transportation services while safeguarding the confidentiality, integrity, and availability of the information we manage. This policy outlines our approach to cybersecurity, ensuring that our data, systems, and operations are protected against evolving threats, in line with global regulatory standards, including those in the United States and the European Union.

1. DATA PROTECTION AND INFORMATION SECURITY

Danaos takes a proactive approach to protecting our information assets, ensuring that all data is handled securely. Our strategy is built on the following principles:

  • Confidentiality: Ensuring that sensitive information is accessible only to authorized individuals.
  • Integrity: Maintaining the accuracy and reliability of data to protect it from unauthorized modifications.
  • Availability: Ensuring that information is readily accessible to authorized users when needed, minimizing potential disruptions.

We implement a range of security measures, including:

  • Encryption: Protecting data during transmission and storage using industry-standard encryption protocols.
  • Access Controls: Restricting access based on roles and responsibilities, ensuring that only authorized personnel can access specific information.
  • Monitoring, Detection, and Response: Continuous monitoring of our systems allows us to detect and respond to potential threats efficiently.

2. CYBERSECURITY INCIDENT MANAGEMENT

Danaos has implemented a structured approach to managing cybersecurity incidents, enabling swift detection, containment, and resolution of potential security issues. Key elements include:

  • Threat Detection: Continuous monitoring of systems to identify potential threats or suspicious activities.
  • Incident Reporting: Any incidents are reported to the (Chief) Information Security Officer, who coordinates the response.
  • Timely Resolution: Our incident management framework ensures that any disruptions are handled promptly, minimizing impact. For incidents that require public disclosure, we comply with relevant regulations to provide timely updates.

3. RISK MANAGEMENT AND CONTINUOUS IMPROVEMENT

Managing cybersecurity risks is an ongoing priority at Danaos. We regularly assess and address potential vulnerabilities to ensure that our systems remain resilient against threats.

  • Risk Assessments: Regular evaluations of our systems to identify potential risks and assess their impact.
  • Mitigation Measures: Based on assessments, we implement strategies to mitigate identified risks.
  • Audits and Testing: Regular internal and external audits, along with penetration testing, help validate the effectiveness of our security measures and identify areas for improvement.

This approach allows us to stay proactive in maintaining a secure environment.

4. GOVERNANCE AND OVERSIGHT

Cybersecurity is a key aspect of Danaos’ overall governance structure, with oversight and guidance provided at the highest levels of the organization.

  • Board Oversight: The board reviews cybersecurity policies and strategies to ensure they align with the company’s objectives and regulatory obligations.
  • Executive Leadership: Senior management is responsible for ensuring that cybersecurity measures are implemented effectively and that sufficient resources are allocated to maintaining a secure environment.

This structure ensures that cybersecurity is treated as a priority across all levels of the organization.

5. VENDOR AND THIRD-PARTY SECURITY

Danaos works with trusted vendors and service providers who adhere to our cybersecurity standards. We ensure that our vendors meet the necessary security requirements through:

  • Vendor Evaluation: Comprehensive assessments of vendors before engagement to ensure they meet our security criteria.
  • Ongoing Audits: Regular audits to ensure that vendors continue to comply with our security policies.
  • Contractual Security Requirements: Vendors are contractually obligated to follow Danaos' security standards, ensuring that our data remains secure throughout the supply chain.

6. COMPLIANCE WITH GLOBAL CYBERSECURITY REGULATIONS

Danaos complies with global regulatory frameworks, including those in the United States and the European Union, ensuring that our cybersecurity practices meet all legal requirements.

  • Transparent Disclosures: In line with regulatory requirements, we provide timely and transparent disclosures related to cybersecurity risks and incidents.
  • Compliance Audits: Regular audits are conducted to ensure that our practices comply with global data protection and cybersecurity regulations.

Our compliance with these standards reinforces our commitment to maintaining a secure and trustworthy operating environment.

7. DATA CLASSIFICATION AND HANDLING

To ensure that information is handled appropriately, Danaos employs a data classification system that protects information based on its sensitivity:

  • Public Information: Information intended for public release that requires minimal protection.
  • Internal Information: Data shared within the company, requiring controlled access.
  • Confidential Information: Sensitive information, such as proprietary data, restricted to authorized personnel only.

Our classification policies ensure that information is securely handled at all levels of the organization.

8. EMPLOYEE TRAINING AND AWARENESS

Cybersecurity awareness is a shared responsibility at Danaos. All employees are required to participate in ongoing training and awareness programs to ensure they are prepared to address potential threats.

  • Annual Training: All employees undergo annual cybersecurity training, focusing on current threats and best practices for protecting company data.
  • Phishing Simulations: Regular phishing simulations test employees’ ability to recognize and respond to phishing attempts.
  • Ongoing Awareness: Employees receive regular updates on cybersecurity risks and are encouraged to follow best practices to maintain a secure work environment.

By fostering a culture of security awareness, we ensure that all employees contribute to the protection of our information assets.

9. POLICY REVIEW AND UPDATES

Danaos regularly reviews and updates its Information Security Policy to ensure it remains effective in addressing current and emerging cybersecurity challenges.

  • Annual Review: Our policy is reviewed at least once a year, or as needed, to incorporate updates based on new regulations, threats, and feedback.
  • Continuous Improvement: We gather input from employees, stakeholders, and third parties to improve our security practices.
  • Regulatory Compliance: The policy is updated to reflect any changes in global cybersecurity and data protection regulations.

Significant updates are communicated to all employees and relevant partners to ensure consistent implementation.

10. COMMITMENT TO SECURITY

At Danaos, we are committed to protecting the data and systems that underpin our business operations. This policy reflects our dedication to ensuring the security of our information, systems, and stakeholders in an evolving digital landscape.

Contact us

Cyprus

3, Christaki Kombou Str.
3011 Limassol
Cyprus

T:+357 25 76 1250
F:+357 25 76 1251


Greece

14, Akti Kondyli Str.
18545 Piraeus
Greece

T:+30 210 419 6400
T:+30 213 017 6400
F:+30 210 422 0855


Ukraine

14, Deribasovskaya Str.
65026 Odessa
Ukraine

T: +380 482 348 078
F: +380 482 347 947



Apply for a position

Russia

30, Korablestroiteley Str.
Letter A, office 166 H,
1993972, St Petersburg
Russian Federation
T: +7 812 386 3801
F: +7 812 386 3802



Apply for a position