Your browser is not up to date and is not able to run this publication.
Learn more

92

CHAPTER 4 Responsible management

Guaranteeing the secure management of data processed in the IT systems of our company is vital in order to control risks in an ever more digitalised scenario such as the current one. To do this, we have

a cybersecurity model which, through a process of ongoing improvement, pro- vides us with the necessary protection. In this connection, in 2019 we implemented the following initiatives:

CYBERSECURITY

Definition of regulations for environ- ments whose objective is to establish the strategic framework that sets out the cybersecurity measures to be implemented in industrial scenarios, through adequate risk management and complying with the internal regulations and legal obligations of the jurisdictions in which we operate.

Development of a new global cyberse- curity service model that represents an evolution from current protection capacities and introduces new scopes.

Promotion of the culture of cybersecu- rity with awareness initiatives such as specific presentations and workshops, as well as sending regular communi- cations to employees.

Updating of the technological risk map, which is periodically reviewed within the management system cer- tified under international standards ISO 27.001 and ISO 20.000, in line with corporate ERM (Enterprise Risk Management) methodologies.

Introduction of an insurance poli- cy with coverage for cybersecurity events. In addition, it should be noted that to manage cyber security events, we have a specific process certified under the ISO standards described above, although in 2019, as in previous years, there were no attacks with a significant impact on our facilities and business processes.