Strategic Report Risk Management continued
Cyber and IT data risk Our data and systems are exposed to risks and the enhanced threat landscape that has become more hostile. These risks could lead to data breaches or disruption to our systems or operations. The Group operates an Information Security Management System (ISMS) aligned to the principles of ISO 27001, controls include but not limited to vulnerability management, penetration testing, 24/7 network monitoring, regular audits and routine access reviews. The Group reviews information security regularly and invests in proportionate and appropriate services, resources, systems, training and processes to endeavour to ensure the security of its systems, data and customer information. The Group also utilises integrated and complementary solutions and services to protect against data security risks and provide solutions for mitigation and remediation supported by our Business Continuity Plan and by communicating to our staff the importance of maintaining vigilance to protect digital assets. We enforce robust security and privacy controls to offer our customers and employees the assurance that we are committed to compliance with the regulatory requirements of both Payment Card Industry Data Security Standard (PCI DSS) and fulfilling our obligations under data protection laws. Business continuity The Group has detailed business continuity plans in place for all sites to ensure an immediate and appropriate response to a business continuity issue or disaster scenario.
Anti-bribery and corruption The Group operates an anti-bribery and corruption policy which was put in place in response to UK Bribery Act 2010. This policy sets out the responsibilities of employees of the Group in observing and maintaining the Group’s position on bribery and corruption, which is that the Group will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which it operates. All employees are required to undertake a Bribery Corruption Awareness training programme as part of their induction process upon joining the Group. We publish our anti-bribery procedure on our intranet and each member of staff has to complete an annual assessment through the company’s myAcademy online training portal. We are committed to actively investigating any reports of a breach in policy. No breaches were reported this year. Whistleblowing The Group has in place a Whistleblowing Policy, which all employees and other defined individuals are required to adhere to and is open to suppliers and customers to use if they wish to report any concerns. The Whistleblowing Policy sets out the ethical standards expected of all persons the policy legally applies to and includes the procedure for raising concerns in strict confidence. Employees are encouraged to raise their genuine concerns regarding any malpractice within the Group without fear of harassment or victimisation. Any instances of employee disclosures concerning malpractice are reported to the Executive Board. There were no instances of malpractice reported to the committee during the year.
Inflationary pressures and supply chain Inflationary pressures had already been increasing globally since 2021, as countries began to recover from the pandemic and the demand for goods and energy outpaced supply. This was exacerbated by Russia’s invasion of Ukraine In February 2022. The war led to further increases in global energy prices and shortages of certain commodities, labour shortages, increasing fuel and energy prices and drastically reducing growth forecasts. Any increase in our cost-base is partially protected via clauses in our customer and supplier contracts. Modern Slavery Act compliance Whistl is committed to ensuring that there is no modern slavery or human trafficking practices within our business or our supply chain. Our Anti-Slavery and Human Trafficking Policy reflects our responsibility to act ethically and with integrity in all our business relationships and to implement and enforce effective systems and controls to ensure slavery and human trafficking are not taking place anywhere in our supply chain. This policy works in conjunction with a range of other relevant policies and procedures that set out steps to be taken to support the identification and steps to prevent slavery and human trafficking in the business. Our Modern Slavery Committee meet at least twice per year and includes representation from Legal; Audit and Compliance; Human Resources; Procurement; Communications; and Security reviewing across the Whistl Group. Our Anti-Slavery and Human Trafficking Statement for 2020 has been published outlining our plans to ensure our approach and practices are assessed, reviewed and improved upon continually in line with best practice.
Whistl Annual Report 2022
30
Made with FlippingBook interactive PDF creator