OUR BOARD OF DIRECTORS

Oversight of our corporate purpose

Our Board of Directors (“Board”) maintains overall oversight responsibility for the Company, working closely with our Executive Management team.

Board highlights include:

• Nine-person Board (Five new members since 2016)
• Directors have deep and significant healthcare sector experience, with a breadth of perspectives.
• Broad independence, with an independent lead director
• All directors except our CEO are independent (89% of the Board)
• 100% of the Board’s Audit Committee members, Compensation Committee members and Nominating and Corporate Governance Committee members are independent
• 33% of our Board is comprised of women
• Executive pay and share ownership are publicly disclosed
• Director pay and share ownership are publicly disclosed
• The percentage of votes cast approving named executive officer compensation for 2021 was greater than 92%
• Executive pay is formally linked to long-term performance incentives
• All directors attended at least 75% of Board and committee meetings held in prior year
• Publicly available reports from standing committees
• Annual advisory approval of executive compensation
• No poison pill
• Executive compensation consisting of a mix of salary and short- and long-term incentive compensation tied to performance objectives

CORPORATE GOVERNANCE POLICIES

Addus maintains robust policies governing the activities of the company and its directors, officers, and employees.

Many of these policies directly reflect our sustainability practices and priorities, touching on diverse matters such as human resources, insider trading, compliance with healthcare laws, privacy, conflict of interest and patient protection.

Ethical Behavior

• Addus recognizes the importance of ethical behavior and its impact not just in the social matters discussed above but also in governance issues. Our Code of Business Conduct and Ethics, which can be found at the following link: https://addus.gcs-web.com/corporate-governance-code-conduct-and-ethics, embodies many of the governance expectations that we have with respect to conduct, including compliance with:
• Anti-Trust Laws
• Healthcare Laws
• Privacy Laws
• Environmental Laws
• Discrimination Laws
• Insider Trading
• Laws Governing Political Participation

Our Code of Business Conduct and Ethics further addresses other topics related to ethics behavior such as:

• Conflicts of Interest
• Corporate Opportunities
• Protection and Use of Company Assets
• Treatment of Proprietary Information
• Business and Accounting Records
• Relations with Government Agencies.

It also contains heightened rules of conduct for senior company executive officers.

PROVIDING A VOICE          

To Reinforce our Code of Business Conduct and Ethics:

• Addus has created a structured, systematic approach to anonymous reporting of concerns, backstopped by a rigid process for monitoring, investigating, reporting, and addressing concerns.
• At the center of this program is an ethics hotline and a dedicated website at www.addus.ethcspoint.com for reporting concerns.
• The website allows organized and consistent reporting and tracking of concerns on an anonymous basis, designed to cover a broad range of issues.
• Addus assesses and reports internally every single filed report via a Compliance Committee that includes our Chief Compliance Officer and Audit Committee Chairman.
• This Compliance Committee generally meets quarterly and, if necessary, more frequently.
• Our entire Board of Directors receives regular updates on the nature, scope, and resolution of these reports, as well as trends and other relevant information.

PRIVACY, DATA SECURITY AND CYBERSECURITY

Privacy and Security  

• Addus has developed extensive HIPAA and data security policies and procedures.
• Our Board of Directors monitors compliance with HIPAA security, receiving quarterly reports from our Chief Compliance Officer.
• Our Notice of Privacy Practices is available at https://addus.com/wp-content/uploads/AddusNPP.pdf.
• Addus recognizes the threat of cyberattacks and data breaches and have deployed significant measures to safeguard our systems and the data maintained within them.
• Addus completes annual Risk Assessments.
• We regularly test the adequacy of our security and disaster recovery measures and have implemented administrative, technical and physical controls on our systems and processes in an attempt to prevent unauthorized access.
• We contract with third party vendors for annual penetration testing and weekly security vulnerability scanning
• We maintain a security committee of executives that meets regularly and oversees our programs and initiatives that seek to protect and secure our data and systems.
• We have adopted a Security Incidents Response policy.
•  Our CIO regularly reports to our Board on cybersecurity, security threats and security measures.
• We have adopted the CIS Top 20 Critical Security Controls Framework, which provides best practices to prevent, detect and respond to cyberattacks.
• We have not had security attacks or threats that have had a material impact on our business or operations.