INTRODUCTION
OPERATIONAL EXCELLENCE
PEOPLE-FIRST CULTURE CUSTOMER-CENTERED INNOVATION
GRI INDEX
ENTERPRISE RISK MANAGEMENT S&C’s key internal and external risks are managed through our Enterprise Risk Management (ERM) program, which is overseen by the board. The ERM program identifies, assesses, measures, and monitors business risks while promoting strategic priorities, including safety, innovation, operational excellence, global growth, and human development. The systematic identification, assessment, and monitoring of risk is designed to facilitate effective decision-making and drive business performance. In 2023, S&C established a separate information technology risk management team focused solely on cybersecurity matters and protection of our sensitive information and customer data. The board reviews cybersecurity matters and strategy on a quarterly basis. We also established a corporate cybersecurity council with senior leadership representation. The council meets monthly to review all elements of cybersecurity strategy, key risk indicators, and the latest cyber-related events. INFORMATION SECURITY S&C’s information security program governs the handling, storage, and deletion of all printed and digital information while conducting business. Team members are required to manage private and confidential information with care and in accordance with our documented processes and all applicable laws and regulations. We require personal or confidential information collected by, or for, S&C be properly safeguarded and used for business purposes only. This includes nonpublic or private information about S&C, as well as our team members, customers, suppliers, and contractors.
All team members are responsible for adhering to our privacy and cybersecurity policies and protocols to promote security throughout S&C. Introduced in 2023, our cybersecurity awareness training consists of three distinct security courses with 11 topic-specific training modules. Each year, all S&C team members with access to external internet and email are required to complete cybersecurity awareness training. In addition, formal, role-based training is provided, as needed, to team members with cybersecurity roles or job duties or with interest in professional development in this area. A portfolio of cybersecurity training is also available to the software development teams. In 2023, S&C made the decision to align our information security program with the International Standards Organization (ISO) 27001 standard. This will enable us to enhance our privacy and cybersecurity controls to protect our digital information and systems from cybersecurity attacks and unauthorized access. Our cybersecurity controls are strictly enforced to help ensure the information of S&C’s team members, customers, and business partners remains secure. ISO 27001 certification audits will commence in 2024 to validate the enhancements to S&C’s information security management system and conformance to ISO 27001. We will implement continuous improvement activities based on the results of the ISO 27001 certification audits.
11
Made with FlippingBook - Online catalogs