Description

Information and cyber risk includes theft, manipulation or destruction of information, and the inability to ensure continuity of services or to protect confidential, critical or sensitive information.

Prevention and mitigation

Cyber security program

Solvay’s cyber security and confidential information loss prevention program was further enhanced in 2016:

  • Outside experts conducted independent assessments, including penetration tests.
  • Solvay Business Services (SBS) renewed its quality management program (ISO9001:2015) for all its activities and the ISO27001:2013 certification that encompasses cybersecurity for the majority of our information systems activities is ongoing (all SBS will be certified ISO27001 by end of 2017).
  • Training on information systems security policies and best practices was completed for all SBS information systems professionals.
  • End-user security training remains mandatory for all employees. Cybersecurity tips are published regularly to increase employee awareness.
  • New fraud management tools have been implemented to identify and preempt fraud attempts.

In 2017, Solvay will continue to enhance its overarching cyber security strategy and governance, develop the corporate information security program, and explore other functions/capabilities to enrich the company’s security posture and ability to respond to a cyber-related threat.

While the Company has a comprehensive, regularly updated cyber security program, a significant cyber attack could nevertheless result in the loss of critical business information and/or could negatively impact the company’s operations and results.

Insurance

Solvay is insured against the potential financial impact of a cyber event with respect to assets, business interruptions, and cases of fraud.