Group operating activities rely increasingly on the proper, uninterrupted functioning of information systems and network infrastructure in support of business processes. Human error, access by unauthorised persons, vulnerable security systems, and/or system and network infrastructure breakdowns or malfunctions might negatively impact the performance of operating activities, cause the disclosure of critical, confidential corporate information, with consequent repercussions on the Group’s corporate image and the risk of statutory and regulatory violations.
In 2010 the Group finished mapping the principal risks connected with the 10 most important information systems supporting core processes (production, purchasing, sales, and logistics). The risk was analysed on the basis of its impact on the Group if confidentiality were breached and according to the likelihood that the event occur in connection with the vulnerabilities existing in the system. Specific measures for further upgrades to physical, logical and infrastructure safety measures were implemented for the principal “vulnerabilities.” Their implementation was constantly monitored in 2012 by the Managerial Risk Committee.