This Policy describes the Company’s approach to Security risk management. Failures of Security risk management can endanger the Company’s licence to operate, cause major financial and reputational loss, undermine the integrity of Company products and put its strategic objectives at risk.
In implementing this Policy, the Company is committed to protecting its information, infrastructure, operations and people by delivering security that is a true market differentiator. This approach ensures protective Security is embedded in the Company’s culture and that risk is managed dynamically to ensure the Company can innovate at speed.
Suppliers, partners and other stakeholders that work with the Company and require access to assets shall be assessed and appropriate preventative controls and measures implemented in line with this Policy to ensure protection of assets.
Our Policy covers the following requirements:
- Dedicated Security Function responsible for developing Security strategy, and delivering Physical, Technical and Personnel Security in line with internal and external policies and standards, as well as risk assessment, assurance and reporting;
- Dedicated Supply Chain Security teams across our Commercial and Security Functions, ensuring all aspects of Security are incorporated into the supply chain of every Line of Business;
- Dedicated Product Security teams in our Engineering Function in every Line of Business, working to ensure the through-life integrity of our products and services;
- Annual Security risk assessment conducted and reviewed half yearly;
- Dedicated Cyber Security team responsible for developing and delivering Cyber Security in line with relevant Business’ Security risk assessments;
- Role and responsibility specific employee Security training;
- Employee travel advice; and
- Management of Company assets in accordance with classification / company marking standard / relevant handling instructions.
Publication date: 20 May 2025
Governance and Disclosure