Compliance Commitment Week

01/10/2021
"Protecting ourselves to protect our customers."
Interview with Dr. Annette Kaffsack (CCO) and César Callejo (CIO).

In this exclusive interview, Dr. Annette Kaffsack (CCO) and César Callejo (CIO) share some details about  Nippon Gases' upcoming Compliance Commitment Week. The event, that further reinforces the company's compliance culture, has a main focus for this year: cybersecurity.

 

 

 

Compliance Commitment Week will be taking place this October. What does it entail?

 

 

                                                                                                                                     

Our compliance program at Nippon Gases includes mandatory actions. Among these are, for example, the annual recertification of the Code of Conduct, legally required training, compliance training for new employees and biannual training for all employees. In addition, we want to continue strengthening our compliance culture with additional measures, such as regular compliance news and periodic training, and the so-called Compliance Commitment Week, where we devote special attention to the topic of compliance. We are carrying this out across Europe for the second time since 2019. Nevertheless, whereas in 2019, the content centred on general topics concerning compliance, our program and culture, this year, we have chosen to focus on cybersecurity, supplemented by our IT control standards and data protection/confidentiality.

 

 

Why did you choose this approach?

 

 

                                                                                                                              

Although only partly due to the pandemic, we are witnessing fast digital transformation progress among our business partners and, of course, also at Nippon Gases. In addition, the workplace culture is undergoing changes that have been reinforced by working remotely from home, bringing about many advantages in availability and productivity. Unfortunately, it also has increased the risks of direct cyberattacks on IT systems, email phishing or indirect attempts via our partners. Fortunately, we have so far been able to protect ourselves from these attacks. However, the outlook on the number and sophistication of these cyberattacks will continue to rise in the future. Also, our business partners are increasingly informing us of having been victims of cyberattacks. Hence, we have decided to make this the theme of this Compliance Commitment Week.

 

 

 
                                                       

And since this topic covers data protection and confidentiality in a broader sense, together with our IT control standards and the use of IT and related equipment, these issues also need to be addressed.
 

 

How do you plan the Compliance Commitment Week?

 

 

                                                                                         

Adequate communication is essential for such a measure. We begin with a Europe-wide intranet message from our President, Eduardo Gil, followed by messages and notes from local management teams and local compliance champions. During Compliance Commitment Week itself, we ask managers to discuss cybersecurity and the use of IT and data protection with their teams based on a questionnaire or a list of suggested topics. The objective is to learn how the organisation evaluates these topics and understand where action may be needed. In addition, employees are asked to carry out online training on the subjects.

 

 

 

What other actions do you implement to minimize the risk of a cyberattack?

 

 

                                                                           

When it comes to cybersecurity, we try to follow a holistic approach to keeping the Company safe, which translates into several work areas. To begin with, a strong Governance security framework that includes standards, policies and procedures complemented with a set of new security technologies to protect our systems better. Lastly, our Security Awareness program creates the proper visibility on cybersecurity at all levels of the Company. It also supports employees with specific training since they play a key role in protecting the Company.

 

                                                         

In addition, we have been conducting monthly email phishing tests for the past year, and fortunately, we have seen a steady sensitivity increase. Nevertheless, we will not let up on these tests since a single attack can damage the Company. Furthermore, we regularly conduct awareness training on this topic for all employees and advanced training for particularly vulnerable departments such as Finance, Procurement and internal administration sales.

Read more about how we protect ourselves to protect our customers in our compliance page.
Dr. Annette Kaffsack
Director Legal Europe,
Chief Compliance Officer
Europe

César Callejo
Chief Information Officer