Compliance Commitment Week

Our compliance program at Nippon Gases includes mandatory actions. Among these are, for example, the annual recertification of the Code of Conduct, legally required training, compliance training for new employees and biannual training for all employees. In addition, we want to continue strengthening our compliance culture with additional measures, such as regular compliance news and periodic training, and the so-called Compliance Commitment Week, where we devote special attention to the topic of compliance. We are carrying this out across Europe for the second time since 2019. Nevertheless, whereas in 2019, the content centred on general topics concerning compliance, our program and culture, this year, we have chosen to focus on cybersecurity, supplemented by our IT control standards and data protection/confidentiality.

Although only partly due to the pandemic, we are witnessing fast digital transformation progress among our business partners and, of course, also at Nippon Gases. In addition, the workplace culture is undergoing changes that have been reinforced by working remotely from home, bringing about many advantages in availability and productivity. Unfortunately, it also has increased the risks of direct cyberattacks on IT systems, email phishing or indirect attempts via our partners. Fortunately, we have so far been able to protect ourselves from these attacks. However, the outlook on the number and sophistication of these cyberattacks will continue to rise in the future. Also, our business partners are increasingly informing us of having been victims of cyberattacks. Hence, we have decided to make this the theme of this Compliance Commitment Week.

Adequate communication is essential for such a measure. We begin with a Europe-wide intranet message from our President, Eduardo Gil, followed by messages and notes from local management teams and local compliance champions. During Compliance Commitment Week itself, we ask managers to discuss cybersecurity and the use of IT and data protection with their teams based on a questionnaire or a list of suggested topics. The objective is to learn how the organisation evaluates these topics and understand where action may be needed. In addition, employees are asked to carry out online training on the subjects.

When it comes to cybersecurity, we try to follow a holistic approach to keeping the Company safe, which translates into several work areas. To begin with, a strong Governance security framework that includes standards, policies and procedures complemented with a set of new security technologies to protect our systems better. Lastly, our Security Awareness program creates the proper visibility on cybersecurity at all levels of the Company. It also supports employees with specific training since they play a key role in protecting the Company.