3.0 | Cybersecurity and Data Privacy
Relevance to Our Business In today’s business environment, secure systems, access to data, and reliable authentication processes are critical. Cybersecurity risks can lead to business interruption, data and financial loss, and reputational damage. Richardson has security controls to reduce the likelihood of security breaches and human error, increase accountability, pinpoint specific risk, and develop faster responses.
VALUES in ACTION In 2019, MNP performed an initial assessment of Richardson’s technology security, using the Centre for Internet Security (CIS) framework. This framework provides a list of controls that help businesses ensure they have strong security posture. With this assessment, MNP challenged our risk-based systems and defense measures to verify that we have adequate controls in place. In 2022, MNP performed a reassessment and reported a significant improvement, including that Richardson demonstrated a low level of residual risk.
Actions and Impacts
Cybersecurity Initiatives
Identify Asset Management
We identify and manage hardware, software, data, and personnel involved in our organization's information systems.
Risk Assessment We regularly assess and prioritize cybersecurity risks to our assets. Risk Management Strategy We develop and implement strategies to manage and mitigate identified risks. Governance
We have an established structure for accountability, communication, and decision-making regarding cybersecurity.
Controls: • Implemented a vulnerability management program to address high-risk issues within internal SLAs. All external-facing servers are patched within 14 days of a patch becoming available. • Annually and bi-annually perform internal and external network penetration testing by independent third parties. • Annually engage PWC for IT audit of financial systems.
58 | RICHARDSON INTERNATIONAL SUSTAINABILITY REPORT 2022
Made with FlippingBook interactive PDF creator