GEO has a firm commitment to the health and safety of our employees and those in our care, as well as contractors, medical providers and visitors at all our facilities. Our responsibilities in these areas, along with those of our employees, are highlighted in Section 7 of GEO’s Code of Business Conduct and Ethics.
We respect the right of all persons to have a safe and humane environment, and our commitment to this right is unwavering. Our goal of ensuring a safe and humane environment for everyone in our care calls for us to follow many sets of standards and laws that define and prescribe the daily operation of our facilities and programs.
Throughout our operations, GEO has implemented an Environmental Health and Safety (EHS) Management System that is grounded in Integrated Safety Management. Our health and safety management system and practices apply to all GEO employees and contractors. Through the EHS, we have established objective, quantifiable targets and extensive feedback and reporting mechanisms to achieve continuous improvement in our health and safety performance.
The overall management of GEO’s EHS program is led by GEO’s Corporate Risk Management department, which is comprised of more than 50 professionals with expertise in occupational safety, workers’ compensation and insurance, risk analytics, and environmental issues. Regional Safety Managers are embedded into our operations throughout the United States and provide hands-on, field support for our facilities.
All facilities in the U.S. Secure Services Division also employ a dedicated Fire & Safety Manager responsible for managing the EHS program at the local level. Fire & Safety Managers are formally trained in multiple EHS disciplines, including the Occupational Safety and Health Administration (OSHA), and National Fire Protection Association (NFPA), along with company and customer required practices.
In addition to organizational and management structure, the following elements are critical to GEO’s ongoing EHS program:
Operational Excellence: Our organization strives to achieve sustained, effective levels of operational performance. This involves a focus on operations, decision-making, open communication, and systematic approaches to reduce and eliminate the chance of events or situations that may jeopardize the safety and health of employees and/or those in our care.
Individual Responsibility for Workplace Safety: Every employee at GEO accepts the responsibility for safe operational performance and is trained to be mindful of work conditions that may have an impact on safety.
Compliance Oversight: Competent, robust, periodic, and independent oversight is an essential source of feedback that can be used to verify safety performance expectations are met and to identify EHS gaps and opportunities for improvement.
Communication and staff engagement: There are multiple formal and informal channels for communication to and from staff regarding the discovery and mitigation of potential hazards and corrective actions that involve all aspects of workplace safety. We also encourage individuals in our care to be active participants in each facility’s safety program by reporting any issues that may give rise to hazards or injury.
Safety committees are active at each of our facilities and play an integral role in assisting the Fire & Safety Managers and facility management teams, in reducing injuries and hazards associated with facility operations.
GEO has long been an industry leader in Safety & Risk Management. Several years ago, we launched a university partnership to create a Correctional Officers Safety Course. After many years of success and hundreds of GEO students attending the course, we decided to bring the course in-house. After six months of planning, development, and creating the curriculum, the first GEO/OSHA General Industry 30- hour class was conducted in December 2016. GEO’s Risk Management department conducts two classes for Fire Safety Managers annually.
The GEO Safety Institute provides safety curriculum to each Division of the Company, as well as training curriculum for The GEO Continuum of Care®. Instructors are authorized trainers of the OSHA511 30-hour General Industry course. The course is generally attended by Fire Safety Managers, maintenance staff, compliance staff, management staff, and others. Since the inception of the GEO Safety Institute, approximately 525 Certificates of completion have been issued to successful participants.
The GEO Safety Institute also supports The GEO Continuum of Care® program for inmates and residents. The GEO Continuum of Care® program includes a safety curriculum that increases a participant’s ability to seek gainful employment
by providing several marketable training course certificates. The participants have access to classes such as the OSHA 10-Hour Construction Safety course
and forklift operator training. Since 2022, more than 12,000 CoC students have
completed the course.
GEO maintains a Board-level Committee to provide oversight on the Company’s protection against potential cyber-related incidents. The Cybersecurity and Environmental Oversight Committee is empowered and authorized to oversee and guide the Company’s processes and initiatives as well as its risk management program regarding cybersecurity, privacy, and environmental concerns.
Notably, the Committee’s members are from diverse industries that have implemented state-of-the-art protections against cyber incidents. Their collective insights inform measures being developed, implemented, and continually updated by GEO’s information technology, finance, operations, and risk management departments. Day-to-day cybersecurity responsibility rests with our Chief Information Security Officer, who provides reports to the Committee on a regular basis, and GEO’s Information Technology (IT) Department. GEO’s IT Department has a data security incident management plan to investigate and remediate any issues that are raised.
GEO understands the importance of cybersecurity and takes all necessary measures to ensure information is secure. Besides the physical security elements of our data centers, GEO’s environment is monitored 24/7 by a Security Operations Center (SOC). GEO performs regular threat assessments, penetration tests, and threat hunting, both internally and through third party engagements.
To protect the privacy and confidentiality of the data of those entrusted to our care and employees, GEO uses best in class technologies to implement strict information security policies based on the National Institute of Standards and Technology (NIST) 800-53 framework moderate control set. GEO regularly performs compliance framework assessments through authorized third-party service providers to identify strategic growth opportunities to keep up with the emerging and constantly changing threat landscape.
To maintain the highest levels of security, GEO works closely with experienced security professionals and top cybersecurity firms to ensure the correct resources are always available and provide a holistic view into GEO’s information security posture.
Our robust continuous training program ensures all employees are always up to date on the latest threat vectors, best practices, new risks, and common attack methods. Through regular training content, internal phishing tests, and GEO’s agile approach to cybersecurity, we strive for success in every aspect of security, based on the threat landscape. In addition, GEO has robust policies and procedures related to cybersecurity and general IT practices that include but are not limited to encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of the internet, social media, email, and wireless devices. These policies go through an internal review process and are approved by appropriate members of management.
GEO started conducting Cybersecurity Awareness training in 2016, utilizing several human risk management platforms. Currently, GEO utilizes the KnowBe4 platform to implement its Cybersecurity Awareness Training.
BI Incorporated, a subsidiry of GEO, also ensures cybersecurity is taken seriously. BI Incorporated maintains an Authority to Operate (ATO) through government contracts that are aligned with the NIST FISMA (Federal Information Security Management Act) Moderate security framework. Part of this agreement includes the Continuous Monitoring (ConMon) of the system, its security compliance to the framework, and conducting monthly vulnerability scans.
In addition to NIST, BI Incorporated is preparing for Federal Risk and Authorization Management Program (FedRAMP) readiness assessment, which provides increased security standards through the standardization of security monitoring for cloud products and services.
GEO also implements specific cyber-related risk management and insurance protocol tools for all GEO contractors, vendors, and suppliers.
GEO places great value on its relationships with its numerous and varied contractors, vendors, and suppliers; accordingly, the cyber security requirements are designed to protect them, as well as GEO, its employees and government clients from computer viruses, ransomware, malware, phishing and other attacks and potential threats from cyber-criminals.