Solvay
2019 Annual Integrated Report

Risk description

A security event such as terrorism, crime, violence, vandalism, theft, or cyber attack, which would impact employees, sites, assets, critical information, or intellectual property and could have negative consequences for the business.

Prevention and mitigation actions

  • Solvay has a threat-, risk-, and compliance-based security approach to protecting sites, information, and people.
  • A Group Security Director coordinates all security activities globally in order to ensure efficient security risk mitigation.
  • Two governance bodies lead the security risk management effort:
    • a Security Board, chaired by the CEO and
    • a Security Coordination Working Group, chaired by the Group Security Director, which aims to run a continuous security threat monitoring program and an optimized security program for the Group.

Cyber security program

The two Governance bodies leading the security risk management effort also supervise the Cyber security program.

  • External experts conduct independent assessments, including penetration tests.
  • Solvay Business Services (SBS) has renewed its ISO 9001:2015 quality management program for all its activities and obtained its ISO 27001:2013 certification. The latter encompasses cybersecurity for the majority of its information systems activities.
  • All SBS information systems professionals have completed training on information system security policies and best practices.
  • End-user security training remains mandatory for all employees. Cybersecurity tips are published regularly to increase employee awareness.

A significant cyber-attack could negatively impact the company’s operations and results. Therefore, the Company will continue to solidify its cyber defenses to manage the evolving cyber threat landscape.

Insurance

Solvay is insured against the potential financial impact of a cyber event stemming from damage to assets, business interruptions, and cases of fraud.

2019 main actions

  • The Group created the role of Security Champion in the GBUs and Functions to facilitate a coordinated approach to managing security risks in the Group. These Champions are the voice of their entities within the Security Coordination Working Group. They ensure that governance is implemented in a consistent manner with business priorities.
  • The Group is launching a Data Protection Plan to protect its sensitive information and has completed projects to make high-risk sites more secure.
  • Solvay continues to enhance its overarching cyber security strategy and governance, develops its corporate information security program, and explores other functions/capabilities to enrich the company’s security posture and ability to respond to a cyber-related threat.