EnvironmentalE
SocialS
GovernanceG
As part of ESG compliance, Northern Data has a particular level of responsibility in the area of environmental protection due to its high electricity requirements. The Company aims to make its energy consumption, which is also a significant operational cost factor, as efficient and environmentally friendly as possible.
Power Usage Effectiveness (PUE) defines the metric that describes how efficiently data centers use electricity to generate computing power. PUE is the ratio of the total amount of energy used by a data center facility to the energy delivered to computing equipment. An ideal PUE is 1.0. Anything that isn’t considered a computing device in a data center (e.g. lighting, cooling, etc.) falls into the category of facility energy consumption. Northern Data calculates data center PUE by dividing the amount of energy fed into the data center by the amount of energy used to operate the IT infrastructure in the data center. The PUE values for two data centers were determined in the reporting year 2022. A PUE value of 1.06 was determined for the data center in Sweden. According to Deutsche Rechenzentren GmbH, values of 1.5 are considered efficient and less than 1.2 are considered very efficient. Lefdal Mine, one of Northern Data’s contracted third-party data centers, guarantees a PUE of 1.15. Northern Data is currently preparing the introduction of suitable measurement procedures in all data centers in order to determine the PUE value globally in a standardized procedure, as in Sweden.
The total energy consumption is defined as the sum of all electrical energy consumed in Northern Data’s data center operations, including contracted third-party data centers. The data for the energy consumption is provided by the contracted energy suppliers according to the data center location. Based on this information, the total energy consumption for 2022 was 963 GWh. The increase in total energy consumption compared to the previous year can be attributed to the commissioning of additional data centers in North America in 2022 and continuous operation of data centers that were only commissioned in the course of 2021, respectively.
Northern Data reports on the share of renewable, nuclear and fossil energy. The share of nuclear and renewable energy was determined by multiplying the data taken from the fuel mix by the amount of energy used in the data centers. In 2022, 45 percent (357 GWh) of the energy consumption was drawn from renewable energies and 23 percent (181 GWh) from nuclear energies. 250 GWh (32 percent) were drawn from fossil fuel sources. The total energy mix of Northern Data’s data centers has shifted slightly towards fossil fuels in 2022 compared to 2021. This is primarily due to the fact that the energy mix of some electricity grids, that some of the exisiting data centers are connected to, have shifted into the direction of fossil
energies.
In 2021, Northern Data purchased Renewable Energy Certificates (RECs) with a capital expenditure of EUR 570 thousand. In 2022, no additional RECs were purchased as Northern Data was reviewing its REC strategy.
of data center operations
In 2022, no carbon footprint was reported, as Northern Data was reviewing its measurement operations on a global level.
of business travel
Northern Data is certified to offset 100 percent of the CO2 from most of its business travel. The majority of business travel at Northern Data is booked through GreenPerk, TravelPerk’s carbon-neutral business travel program. GreenPerk partners with carbon calculation and offsetting providers, so that Northern Data compensates for its CO2 emissions directly through the platform. Offsetting is done on a per-trip basis, helping to reduce the carbon footprint of the Company’s business travel. With this contribution, Northern Data supports projects to combat deforestation in Indonesia, to aid reforestation in Cambodia and to empower the use of hydropower in Turkey. All projects are VERRA / GOLD-awarded and audited.
Electronic waste is regarded as all kinds of discarded electronic devices and assets. Northern Data manages its electronic waste by deciding whether it can be remarketed, refurbished, recycled, or must be disposed of. Hereby, the Company strives to give the discarded electronic devices and assets a second lifecycle through refurbishment and remarketing. In 2022, there were no significant amounts of electronic devices and assets discarded, therefore no waste was measured. The hardware impaired as of 31 December was not yet classified as decommissioned in 2022. Northern Data handles the recycling and disposal of electronic waste in accordance with local and European laws and guidelines.
Attracting new and retaining existing employees is critical to Northern Data’s future success. In 2022, the focus was on expanding the HR department globally to implement a global strategy on people and culture, including standard processes, frameworks, and tools. As part of this program, job profiles at Northern Data were reviewed. Based on this analysis, job grades were then defined and a bonus system was developed. The result is a concept that clearly shows which career paths can be taken at Northern Data, at both the specialist and the management level.
To achieve its recruiting goals, the HR department is continuing the employee referral program that moti- vates employees to recruit experts from their own network for the Company. In view of the many changes that have been made, the People Team focused on defining and adapting new processes. In 2022, Northern Data started hiring internationally in accordance with the global People & Culture strategy. On December 31, 2022, Northern Data employed 209 employees, 99 percent of whom have contracts without a fixed employment term and 1 percent with fixed-term contracts.
Every employee should be given the opportunity to develop his or her personal and professional ambitions to the fullest. To underpin this belief, Northern Data is developing a recognition strategy. As part of this strategy, Northern Data already offers competitive salaries, flexible working hours and supports professio- nal development. In line with the recognition strategy, a performance/bonus framework has been intro- duced to recognize good and reward exceptional performance. Quarterly appraisals are conducted as part of the performance process. These are designed to help the supervisor and employees track their perfor- mance and determine the next steps. The basic idea is to keep employees motivated and help them achieve their goals. At Northern Data, good performance is incentivized. However, to motivate employees to go one step further, we reward exceptional performance with even higher rewards. A performance enable- ment process/framework was established in 2022. This describes a structured approach to promoting and optimizing the performance of individuals and teams. Finally, an employer branding project was initiated, including the creation of the Northern Data People & Culture Blog.
To support the employees in their development, Northern Data offers several training courses in various areas via the Haufe Academy, an e-learning platform. In addition to the development programs offered, Northern Data promotes individual training measures to enable employees to develop further. The Compa- ny also invests in individual training in line with the employee’s individual performance plan.
Northern Data consistently opposes discrimination based on gender, ethnicity, age, sexual orientation and religion. The Company documents its workforce data broken down by age, nationality and gender. In 2022, 52 percent of the workforce was between 30 and 50 years old, 21 percent was under 30, and 8 percent was 50 or older. 19 percent of the workforce is not registered with their date of birth due to individual countries’ data protection laws. 25 percent of the workforce was female and 75 percent was male. In the reporting year, Northern Data had employees of 23 different nationalities, hailing from five continents. They are Ger- man (39 percent), Canadian (21 percent), American (15 percent), Norwegian (5 percent), British (3 percent) and Swedish (3 percent). The remaining 14 percent of the workforce yields from other countries or cannot be identified due to data privacy laws in the respective countries.
Northern Data places great importance on the physical and mental well-being of its employees. The rules of conduct for a safe workplace and healthy interaction are documented in Northern Data’s Code of Ethics and Conduct. Most importantly, Northern Data has established a Health, Safety and Environmental (HSE) Program in 2022. The key elements of the program include a comprehensive safety plan, accident and damage reporting, safety, orderliness and cleanliness, organization of first aid, risk audits, instructions, training and drills, and contractor qualifications.
Northern Data’s approach to respecting and complying with human rights is set out in the Company’s Hu- man Rights Policy. The Company’s policy is based on the international human rights principles contained in the Universal Declaration of Human Rights, the International Labor Organization (ILO) Declaration, the Fundamental Principles and Rights at Work, the United Nations Global Compact and the United Nations Guiding Principles on Business and Human Rights. It applies throughout the Group and covers the topics of anti-discrimination, freedom of association and collective bargaining, a safe and healthy workplace, forced labor, human trafficking, child labor and working hours.
Northern Data takes the topic of responsible corporate governance very seriously and aims to sustainably increase the value of the Company. In 2022, the relevant measures included the integration of ESG into the group-wide risk management system, the revision of the Code of Conduct, the establishment of a Conflict-of-interest register, and the improvement of the KYC strategy. Besides, there were obligatory training courses for all employees in the field of acting safely and responsibly in the workplace. Most importantly, the implementation of ISO 27001 has started, with the goal of being certified in 2023/24.
Group-wide risk and compliance management is responsible for preserving data privacy. It is carefully considered – especially when hiring freelancers, implementing new software, making changes in proces- sing personal data, answering incoming questions from customers, business partners or suppliers, video surveillance, and when personal data is transferred outside the EEA. To ensure company-wide data privacy, all employees attend data privacy training once a year. The requirements with regard to data privacy are re- corded in Northern Data’s privacy policies, which are all third-party audited. They cover all GDPR-relevant procedures and apply to the entire operations, including suppliers. There were no data protection breaches in 2022 and the Company is working towards maintaining this result.
Cyber security is of critical importance for all departments that are directly connected with IT activities.
In 2022, these departments included internal IT, the team responsible for the data center infrastructure and the team responsible for STEIGER, Northern Data’s software for the management of data centers and cryptocurrency mining, and the cloud department. Notably, the STEIGER team was terminated in late 2022 due to the retirement of the STEIGER software. For the group-wide workforce, Northern Data has a cyber security policy in place that offers recommendations and sets rules in the fields of email security, password protection, and multi-factor authentication. Newly hired employees receive an IT guide during onboarding. Training materials and information are regularly provided on the intranet and via IT newsletters. To ensure that every employee knows the basics of IT security, everyone is required to attend IT security training once a year. Moreover, there are regular phishing simulations that show potential areas of risk. For the employees working with STEIGER Software, Northern Data provided additional guidelines covering the matters of network security (ensuring security in internal networks), 2-factor authentication, penetration- testing, and SSL (securing internet connections and protecting sensitive data transferred between two systems). Finally, the STEIGER Team met quarterly to discuss developments in the fields of data center network infrastructure and security.
To manage incidents and breaches in the internal IT, several security mechanisms (Defender for Endpoint, Defender for O365, Identity Security), that all report to one central location, are applied. Depending on the incident, the management system automatically executes actions or calls for a manually executed action. In addition, all software installed is analyzed frequently for possible vulnerabilities and outdated versions. STEIGER Software, which was used in 2022, had its own management system that performed regular tests and automatically provided notifications in case of internal or external cyber security threats. In the case of a pool change that indicated that crypto rewards are running into another wallet, the management system would sound an alarm. So far, there were no situations where crypto rewards were sent to unknown wallets. Northern Data reported no cyber security breaches in 2022.
Northern Data does not tolerate any form of corrupt practices, including, but not limited to, extortion, fraud, or bribery. The Company encourages employees who suspect that serious issues exist to report them using a whistleblowing form without fearing any kind of reprisal. Normally, suspected irregulari-
ties must be reported to the respective manager, who examines the matter and seeks a solution. If, for whatever reason, an employee does not feel comfortable with reporting the issue to the manager, the Compliance or People Team may be approached directly. Whistleblowing, however, does not only concern employees. Northern Data provides a whistleblowing form on the Company’s website to enable members of the public to report wrongdoing. In 2022, the topic of whistleblowing was again given special attention particularly within the workforce, which again was made aware of the opportunity to make use of the form. In 2022, 5 cases of whistleblowing were reported. 2 of the cases were investigated and 3 of them were considered irrelevant.
Northern Data is committed to the highest values and morals. These are presented in the Company’s Code of Conduct. Northern Data’s Code of Conduct was revised and further developed in 2022. The “Code of Business Conduct & Ethics” applies to all employees, suppliers, customers and partners. It provides guide- lines that must be followed under all circumstances. The code covers important topics such as health and safety, equality and anti-discrimination, conflicts of interest, the confidentiality of information, intellectual property, competition and anti-trust, risk management and awareness, money laundering and insider tra- ding. The code is centrally placed on the Northern Data intranet and translated into German, English, and French. To ensure consent and compliance, all employees are required to complete a course that teaches the basics of the Code of Conduct and confirm that they agree with and follow it.