www.grainger.com
100% of team members completed Business Conduct Guidelines Training

Ethics & Compliance  Grainger’s Business Conduct Guidelines define our shared expectations of how we work together, serve customers and business partners, and honor our commitments to shareholders everywhere we do business. In July 2019, the Board adopted our updated Business Conduct Guidelines. The Guidelines, applicable to all team members, now incorporate issues such as social media and data security and privacy protocols. In 2019, 100 percent of Grainger team members completed Business Conduct Guidelines training.

We encourage anyone to report ethical concerns or complaints regarding company or individual practices. Individuals located within North America may call an independent, secure, 24-hour hotline at 888-873-3731. A global reporting website is available at www.tnwgrc.com/grainger.

Grainger expects the same ethical and legal commitment from all third parties (business partners, brokers, consultants and agents) acting on Grainger’s behalf, and from others with whom Grainger conducts business.

Anti-Bribery & Corruption Grainger places the highest value on integrity in its business dealings and the ethical conduct of its directors, officers, team members, agents, shareholders, customers and suppliers. As set forth in our Business Conduct Guidelines, Grainger is committed to business practices that are consistent with the highest ethical and legal standards. Grainger expects the same ethical and legal commitment from all third parties (business partners, brokers, consultants and agents) acting on Grainger’s behalf, and others with whom Grainger conducts business. Grainger team members in certain roles are required to complete biannual anti-corruption and anti-bribery training and certification to reinforce the requirements of this policy.

Privacy Grainger recognizes the importance of protecting the personally identifiable information (PII) of every team member, customer and supplier, which we collect during normal business activities. PII helps us fulfill orders, provide benefits, and better serve our customers, team members and others. We are committed to protecting PII from unauthorized access, usage or disclosure by following globally recognized privacy standards, and building privacy and data protection principles into our systems and processes. Notice regarding our privacy practices is published on company websites via our Privacy Policies. To address global privacy laws such as CCPA, GDPR, and PIPEDA, solutions have been implemented to facilitate individual data subject requests to provide further transparency about how Grainger may collect, use, share or store PII.

Information Security The Grainger information security team’s mission is to facilitate the protection of Grainger information and computing assets worldwide. We achieve that mission by establishing guidelines to ensure the confidentiality, integrity and availability of assets across the global organization, and by managing risk through the application of appropriate technologies, people and processes to identify, detect, protect, respond and recover in alignment with the organizational risk posture.

As Grainger advances our digital journey, the vulnerability to external threats, risks, and visibility to regulatory or contractual obligations will require increased management of the information security ecosystem. Ensuring information security risk appetites are understood and explicitly managed supports our organization’s future growth and positions us to balance protecting and running the business. Providing ample understanding of the information security operating environment allows leadership to make informed decisions, mitigate disruption to the business, prevent data breaches, limit damage to the Grainger brand, understand the financial impacts, and ensure alignment to applicable requirements.

Business Continuity Our business continuity and disaster recovery (BCDR) planning helps minimize the impact of unplanned events and outages affecting Grainger customers. BCDR efforts include developing, implementing and enhancing business continuity processes in alignment with the ISO/IEC 22301 standard for Grainger’s Business Continuity Management Programs (BCMPs). For disaster recovery processes, we apply federal, state and international agencies’ recommended protocols in establishing guidelines and processes for our customers, employees and suppliers. These measures ensure our ability to provide customers with access to products and services when and where they are needed.