New technology is helping us make better decisions and work more efficiently across all areas of our business. We recognize the value of information and the importance of maintaining high standards of security to avoid loss or corruption of data.
- Information Security Governance Structure
Organization and Responsibilities
- Approval of strategy, objectives and policies.
- Oversight of performance.
- Approval of key policies and expenditure programs.
IT Steering Group
- Creation of strategy, objectives, development of KPIs.
- Agreement of standards and processes; development of capital programs.
- Presentation of strategic options.
- Implementation of systems and process developments; training and security standards.
Legal & Compliance
- Manage consistency with legal and compliance obligations.
- Employee and partner compliance with standards and processes.
- Escalation of operational concerns.
- Cyber Security
Cyber security continues to be a threat for all businesses globally. It is vital for organizations to combat this threat by creating a risk-aware culture and protecting itself from cyber risks.
We are committed to continually improving our cyber security through investment in our people, processes and IT infrastructure. With the launch in 2020 of our new cyber security strategy and cyber security Program Steering Group (PSG), we have a comprehensive system in place to refine our ability to prevent, detect and react to cyber security incidents which is periodically audited by specialist external IT security resources.
Our PSG committee monitors best practice and ensures our solutions comply with the relevant legislative and regulatory standards on cyber security. It is responsible for increasing awareness and developing our security training. We issue regular communications covering areas such as how to stay safe online, protect against online fraudsters and prevent organized cyber-attacks on our businesses.
Communications to raise awareness are backed up by an extensive program of cyber security and phishing training courses. In 2020, we brought in an external cloud education and security provider to help deliver our program. This online service provides multi language packages which can be used by our employees all over the world.
In 2020, 1,056 employees completed our Phishing Fundamentals trainings course, 1,315 completed the Security Awareness Proficiency Assessment and 1,2385 employees completed a security culture survey. Internal phishing tests were also sent out to see how alert we are to attempts to gather sensitive information through fake emails.
- Information Security Training
We provide regular internal training for all employees based around quarterly campaigns. These campaigns cover a range of information security topics including access control, acceptable use and cyber security risks for example phishing. Compliance with successful completion of issued training courses is tracked on an individual employee basis.
All Innospec’s information security systems, processes and performance are subject to internal and external audit. Our internal Business Assurance team conduct regular testing of our processes to check they are effective. In addition, we have commissioned an external audit in 2019 and 2020. The audit was delivered by the NCC Group along with parallel technical reviews by ESSC. The findings were reported to our Board and Audit committee. Regular penetration testing is also undertaken to continuously test and enhance where applicable our security baseline.