Mobile Search

CMS Energy Stock Price

71.92 +1.07 +1.51% Volume: 1,583,714 07.18.25 04:00 ET
security-statement
Home>Security Statement

Disclaimer

Please note that you are now entering a website directly or indirectly maintained by a third party (the "External Site") and that you do so at your own risk.

CMS Energy, Corp. (“CMS”) has no control over the External Site, any data or other content contained therein or any additional linked websites. The link to the External Site is provided for convenience purposes only. By clicking “Accept” you acknowledge and agree that neither CMS nor third party provider Virtua Research, Inc. (“Virtua) is responsible, or accepts or assumes any responsibility or liability whatsoever for, the content, the data or the technical operation of the Linked Site. Further, by entering the External Site, you also acknowledge and agree that you completely and irrevocably waive any and all rights and claims against CMS and Virtua and further acknowledge and agree that in no event shall CMS or Virtua, its officers, employees, directors and agents be liable for any (i) indirect, consequential, incidental, special, compensatory or punitive damages, (ii) damages for loss of income, loss of business profits, business interruption, loss of data or business information, loss of or damage to property, (iii) claims of third parties, or (iv) other pecuniary loss, arising out of or related to the Legal Notice, this disclaimer or the External Site

By entering the External Site, you further acknowledge and agree that the disclaimer of warranties and limitations of liability set out in this disclaimer shall apply regardless of the causes, circumstances or form of action giving rise to the loss, damage, claim or liability, even if such loss, damage, claim or liability is based upon breach of contract (including, without limitation, a claim of fundamental breach or breach of a fundamental term), tort (including, without limitation, negligence), strict liability or any other legal or equitable theory, and even if CMS and Virtua are advised of the possibility of the loss, damage, claim or liability. The waiver and release specifically includes, without limitation, any and all rights and claims pertaining to the processing of personal data, including but not limited to any rights under any applicable data protection statute(s). If in any jurisdiction, any part of this disclaimer is held to be unenforceable by a court of competent jurisdiction, such part of this disclaimer shall be restricted or eliminated to the minimum extent and the remaining disclaimer shall otherwise remain in full force and effect.

Please note the information presented is deemed representative at the time of its original release. Changes in historical information may occur due to adjustments in accounting and reporting standards & procedures.

Non-GAAP Information

In addition to disclosing results determined in accordance with GAAP, CMS may also disclose certain non-GAAP and pro forma non-GAAP results of operations, including net income, earnings per share, and operating income that make certain adjustments or exclude certain charges and gains that are outlined in the schedules included in this website. CMS provides historical financial results on both a GAAP and non-GAAP basis. Management views adjusted earnings as a key measure of the company’s present operating financial performance and uses adjusted earnings for external communications with analysts and investors. Internally, the company uses adjusted earnings to measure and assess performance. Adjustments could include items such as discontinued operations, asset sales, impairments, restructuring costs, regulatory items from prior years, or other items. Because the company is not able to estimate the impact of specific line items, which have the potential to significantly impact, favorably or unfavorably, the company’s reported earnings in future periods, the company is not providing reported earnings guidance nor is it providing a reconciliation for the comparable future period earnings.

CMS and Virtua also take no responsibility for third party pricing data provided for informational purposes and certain ratio results formulated from the provided third party pricing data. The non-GAAP information is not prepared in accordance with GAAP and may not be comparable to non-GAAP information used by other companies. The non-GAAP information should be considered supplemental information to assist in fully understanding our business results, rather than as a substitute for the reported earnings.

A reconciliation of each of these non-GAAP measures to the most directly comparable GAAP measure is included as a separate link and also posted on the CMS website at www.cmsenergy.com.

Accept | Decline

Important Notes

  • The information contained in this Machine-Readable File may be difficult to access without certain technology.
    • These files may be large and require a computer that can download at least up to 1TB (terabyte) of data. Most modern hard drives store half of this amount of data. Based on your computer's storage and hard drive, attempting to open or download large files may cause instabilities in Windows, cause performance issues resulting in downloads that could take hours, days or weeks depending on the file size and hard drive combination. For reference: 1TB = 243 high-definition streaming movies (average 2 hours per movie).
  • This mandate is a building block for future customer-facing mandates, including the Price Transparency Tool and the Advanced Explanation of Benefits.
  • The data in the files may not be useful for the average consumer. For example, facilities that are paid based on a percent of charge will not have a dollar amount representing the amount paid for a service.
  • The machine-readable files will be updated monthly to ensure accuracy of the data and reflect changes in pricing and regulatory requirements.
    • I Understand 

Security Statement

Security

Security is an integrated organization within CMS Energy, including its subsidiaries, and is accountable for cyber and physical security. Security is subject to state, federal and industry regulations that include focus on cyber security, physical security and privacy. Risks are managed using a robust program that includes people, processes, technology and governance structures. We maintain a strong security culture because we acknowledge evolving security threats pose risks. Our security culture focuses on shared responsibilities among our employees to maintain a secure environment.

The executive director of security reports to a senior vice president. The Board of Directors (Board) oversees our security risks including cyber security, physical security, compliance and privacy. Two members have extensive industry experience in cyber security. The Board receives updates at the start of each year, which cover the current threat environment, regulatory updates, review of prior year incidents and a strategic look forward. The Board receives a second update around mid-year. Board oversight also includes regular program updates and third-party audits.

Our See Something, Say Something program encourages employees to report suspicious activity. Employees also receive annual security training on a variety of physical and cyber security topics including phishing, data security, data privacy, device security and access management.

Cyber Security

We manage our cyber security program using industry frameworks and best practices developed by both government and industry partners. We make significant technological investments to prevent, detect and respond to attacks. Our electric, natural gas and corporate systems each follow standards, controls and requirements to maintain compliance. Our payment card industry compliance is audited annually.

Our cyber security incident response team is a dedicated, proactive function focused fully on monitoring our systems and responding when issues occur. This includes regular information sharing with industry partners, peer utilities and state and federal government agencies. We have third-party cyber security firms on retainer to assist with potential significant incidents. And we’ve invested in cyber security insurance to offset any costs incurred from incidents.

All technology projects are reviewed for cyber security requirements. Leadership must approve any unmet requirements prior to implementation. A dedicated team focuses on identifying and remediating system vulnerabilities. We regularly use third-party firms for penetration testing, audits and assessments. 

We also conduct monthly phishing tests through our Don’t Take the Bait program, which asks employees to report suspicious emails that demonstrate common phishing tactics in real-world scenarios. When a test phishing email is clicked, employees are provided with information on cyber security best practices. We monitor our Don’t Take the Bait statistics every month and report click rates to senior management and all employees to further emphasize their role in cyber security.

Physical Security

We take employee and customer security seriously and strive to provide a safe and secure environment free from violence or threats of violence. Our buildings are equipped with security enhancements, including physical barriers, secured access areas, cameras, alarms and other monitoring equipment. Employees must use electronic badges to access sites and display identification badges throughout shifts.

As part of our physical security efforts, we also:

  • Partner with the Michigan Intelligence Operations Center and law enforcement to share information related to any act of violence or threat to employees or customers.
  • Mitigate potential threatening or dangerous situations through employee education including annual mandatory training on workplace violence and volatile situations and guidance for customer-facing employees to report dangerous situations to co-workers or customers.
  • Provide all employees the ability to sign up for notifications about security threats and threats of violence.
  • Conduct daily Safety Tailboards when groups of employees gather at work, in the field or remotely, to identify hazards, define responsibilities and review exit strategies in the case of a real threat. If violence or imminent danger occurs, employees are instructed to immediately call 911 first, then our security command center.

Privacy

Our privacy policy uses industry-standard administrative, technical, and physical security measures to ensure the integrity of our systems and protect customer information from unauthorized access, destruction or alteration. Protection measures include an enterprise security program based on industry standard frameworks, security awareness for employees, a dedicated team to detect and respond to threats, and collaboration with peers, state and federal partners.

Footer Links

Top Destinations

Subscribe to
our alerts

To opt-in for investor email alerts, please enter your email address in the field below and select at least one alert option. After submitting your request, you will receive an activation email to the requested email address. You must click the activation link in order to complete your subscription. You can sign up for additional alert options at any time.

At COMPANY NAME, we promise to treat your data with respect and will not share your information with any third party. You can unsubscribe to any of the investor alerts you are subscribed to by visiting the ‘unsubscribe’ section below. If you experience any issues with this process, please contact us for further assistance.

By providing your email address below, you are providing consent to COMPANY NAME to send you the requested Investor Email Alert updates.

* Required

Sign up for Email Alerts
*
Mailing Lists
Unsubscribe

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Back to beginning of page back to beginning of page