RWE aktiengesellschaft THE ENERGY TO LEAD AND SECURE STRENGTHS. Overview of Group Security.



Similar documents
NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

Quality Policy. JRI Orthopaedics Limited

Corporate Policy. Data Protection for Data of Customers & Partners.

Diversity can also be opportunity. RWE Diversity Management

Foreign Corrupt Practices Act (FCPA)

University of Sunderland Business Assurance Information Security Policy

Master Document Audit Program. Version 1.8, dated November B-01 Planning Considerations

HIPAA Privacy Rule Policies

Prepared for Public Service Staff Relations Board. Prepared by Consulting and Audit Canada Project No.:

Audit summary of Security of Infrastructure Control Systems for Water and Transport

WOLTERS KLUWER WHISTLEBLOWER POLICY. Version: April 2009

Henkel s Compliance Management System (CMS)

PostNL Group Policy. on Fraud Prevention. PostNL Group Policy. on Fraud Prevention Page 1 of 15

OLD MUTUAL S RESPONSIBLE INVESTMENT POLICY

Code of Business Conduct and Ethics. With Special Message for Senior Business and Finance Leaders

Code of Conduct. Code of Conduct, 2009 Version 1.0

R345, Information Technology Resource Security 1

Physical Security Policy Template

a. employees Company; or

RWE Service. supplier management. Focus on the best Combining strengths

Our vision. A company where the best people want to work.

AIRBUS GROUP BINDING CORPORATE RULES

California Mutual Insurance Company Code of Business Conduct and Ethics

HMG Security Policy Framework

TO GAS TRANSMISSION OPERATOR GAZ-SYSTEM S.A.

COMPLIANCE CHARTER 1

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

Code of Conduct. Compliance in the NETZSCH Group

Authorisation Requirements and Standards for Debt Management Firms

SustainabledevelopmentofRWEinPoland

EUROPEAN CONFEDERATION OF INSTITUTES OF INTERNAL AUDITING (IVZW)

How To Ensure Information Security In Nhs.Org.Uk

Global Code of Conduct

COMPLIANCE PROGRAM FOR XL GROUP PLC

How To Protect Decd Information From Harm

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Corporate Compliance and Ethics Program Effective as adopted on February 21, 2012

YMCA of High Point Whistleblower Policy and Procedure

Riverside Community College District Policy No Human Resources

SHELL GENERAL BUSINESS PRINCIPLES

Mental Health Resources, Inc. Mental Health Resources, Inc. Corporate Compliance Plan Corporate Compliance Plan

How To Write An Anti Corruption Policy For A Company

15 December Crime Prevention and Anti-Fraud Policy

Business Conduct, Compliance and Ethics Program. important

CITY OF BOULDER *** POLICIES AND PROCEDURES

Framework for an Aviation Security Management System (SeMS)

CODE OF PRACTICE. Safety Management. Occupational Safety and Health Branch Labour Department CODE OF PRACTICE ON SAFETY MANAGEMENT 1

We will pursue our business with honor, fairness, and respect for the individual and. the public at large ever mindful that there

TELEFÓNICA UK LTD. Introduction to Security Policy

SAINSBURY S SUPERMARKETS LTD. Code of Conduct For Ethical Trade. Sainsbury s Supermarkets Ltd

CODE OF CONDUCT AND BUSINESS ETHICS

CODE OF CONDUCT as adopted by the Board of Directors on 20 February 2015

[To All Financial Institutions Exempt from Holding Capital Markets Services Licence]

BUSINESS ASSOCIATE AGREEMENT ( BAA )

Initiatives to Enhance Corporate Governance (Enactment of Basic Policy on Corporate Governance)

OUR ACTIVITIES IN THE COMPANY

Ethical Corporate Management Best Practice Principles for Chunghwa Telecom Co., Ltd.

European Code for Export Compliance

Suspend the negotiations for a free trade agreement with the USA no agreement at the expense of workers, consumers or the environment

Terms of Business for Registered Support Providers

YIT Business Principles

Floyd Healthcare Management, Inc. Notice of Privacy Practices

CODE OF ETHICS AND PROFESSIONAL CONDUCT. indracompany.com

Compliance and Ethics Program Structure

National Security Auditing Criteria (KATAKRI) version II, 2011

Standards of. Conduct. Important Phone Number for Reporting Violations

Corporate Governance - Implementation, Challenges and Trends

STATE OF NEVADA DEPARTMENT OF HEALTH AND HUMAN SERVICES BUSINESS ASSOCIATE ADDENDUM

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

Sumitomo Forestry Basic Policy on Corporate Governance

AlixPartners, LLP. General Data Protection Statement

Information Security Policy. Document ID: 3809 Version: 1.0 Owner: Chief Security Officer, Security Services

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

Cloud security architecture

Health and safety policy

Understanding Principles and Concepts of Quality, Safety and Environmental Management System Graham Caddies

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

The Financial Impact of Cross-border Student Mob ility on the Economy of the Host Country Commissioned by Contact persons Authors

Business Ethics Policy

Corporate Governance Principles

Code. of Conduct for Suppliers

CUBIC ENERGY, INC. Code of Business Conduct and Ethics

Code of Conduct of the Dürr Group

ISO IEC ( ) TRANSLATED INTO PLAIN ENGLISH

Transcription:

RWE aktiengesellschaft THE ENERGY TO LEAD AND SECURE STRENGTHS. Overview of Group Security.

2 Contents RWE-Konzern Contents Introduction 3 Scope 4 Security philosophy 5 Security strategy 6 Security framework 8 Responsibility for security 9 Implementation 10 Execution 11

Introduction 3 The Energy to Lead and make no compromises when it comes to security. Dear Sirs, RWE is one of the leading energy companies in Europe. To ensure it remains so, The Energy to Lead is more than just a catchy slogan for us it forms a consistently implemented principle for all our actions both within and outside of the company. When it comes to the subject of security, we are therefore also consciously positioning ourselves as leaders in this area. Security forms the basis for securing our high profitability, our stability and our business success in the long term and to furthermore support the RWE values of trust, performance and reliability. Our products and services represent critical infrastructure services for industry and households and a failure or impairment of our ability to supply would lead to considerable disturbances in public security. It is for these reasons that we are not prepared to make any compromises when it comes to the issue of security. The Energy to Lead for us means correctly assessing security risks and preventing them that is the best way of facing the complex challenges of today and the future. Our dynamic, customer-oriented security programme gives RWE the decisive lead among the competition on the energy market. At RWE, security goes beyond protecting the Group s property and facilities. Employees, customers, business partners and shareholders expect professional security management. Every individual has the right to a safe and protected work environment. That is why people are at the centre of all RWE security measures. The progressive internationalisation and deregulation of the energy markets, structural change, regulation, legal changes both nationally and at the EU level as well as increasing competition pressure bring new risks and dependencies with them. The management of RWE faces these challenges with principles defined in this directive. They serve the successful achievement of our shared goals. All technically responsible organisation units as well as all employees of the RWE Group are responsible for applying the described principles in their daily work. After all, it is security that unites us and only The Energy to Lead together will bring us all forward. Alwin Fitting Member of the Executive Board of RWE ag michael Schmidt head of Group Security RWE AG

4 scope scope. The group Security directive is applicable for RWE AG and for companies that are affiliated to RWE either directly or indirectly ( groups companies ). Each group company must guarantee compliance with the directive by all subordinate companies by using the existing possibilities of influence and instruction. the group Security directive applies for every employee and business partner. through its application, all material and non-material assets and group resources will be protected against criminal acts. this directive forms the basis for all other securityrelated regulations applicable in the group and individual groups companies. these will take account of all sector-related and national circumstances, provided they do not conflict with the basic principles.

Security Philosophy 5 Security philosophy. As one of the leading energy supply companies in Europe, security is a decisive factor for RWE. Security influences the trust of our employees, customers, business partners and shareholders in our products and services. It is therefore essential for the financial success of the Group. corporate values of high performance and reliability and contribute to securing stable growth and profitability for the group. The group s security directives based on this security concept and the resulting security standards and instructions of the with consideration being given to their national or company-specific requirements security = availability By fulfilling our responsibilities in all matters relating to Security, we can offer the best possible production against malicious acts. Our aim is to set a strong example in the business segments of electricity, gas and water. In this way we are also supporting the RWE individual group companies form a sound framework for the group s business activities and give the company optimum protection from internal and external risks. The RWE security directives are integrated in the security strategies of all operating units,

6 Security strategy Security strategy. The RWE Security strategy is to provide the best possible protection for persons and all material and intangible assets and group resources from malicious acts or to minimize the consequences of malicious acts. This strategy is pursued on the basis of clearly defined and verifiable targets: The Security measures are in line with the RWE corporate strategy and further regulations and directives, such as the RWE code of conduct. Emergency and crisis plans are based on current precise threat analyses. Protection goals, risk potentials and residual risks are defined. The security measures take account of the special protection needs of critical infrastructures. Security aspects are always taken into consideration at an early stage in corporate decisions.

Security strategy 7 Security-relevant responsibilities are precisely defined and are executed with the required degree of professionalism. All security measures are continuously adapted to changing demands. Action instead of Reaction The activities of the security department are oriented to ensuring that the security directives are complied with at all times and thus that the defined targets are achieved. The group executive board sees security as part of the corporate obligation of the RWE group. The Group s security experts work together with all employees, especially the responsible managers, in a cooperative and customer-oriented manner.

8 Security Framework Security framework. The RWE Security structure is based on: the group Security directive the group security concept and the group security minimum standards the security manuals of the individual groups companies and the relevant standards and processes Group-wide internal training programs aimed at enhancing security consciousness round off the concept. Security-oriented working methods The permanent observance of the security standards reinforces sensitivity among the staff for existing or possible risks, and allows them to contribute actively to minimizing, avoiding or removing these risks. Corporate Security policy Concept corporate security Corporate security guidelines This individual sense of responsibility and the necessary measures and behavior contribute towards a situation where all employees in the RWE group operate in a safe working environment and the values of the company are fully protected. Security awareness program Security-focussed approach to work Group companies security standards and processes

responsibility for security 9 responsibility for security. A security-oriented approach to work within the RWE group is achieved by clearly defined areas of responsibility at all levels. General responsibility the general responsibility covers all employees, services providers, sub-contractors, partners and consultants of the rwe group: they guarantee security of the company as a whole. they are responsible for the security of all information provided to them. they guarantee the security of group assets and property. they assess potential risks and ensure that the correct measures will always be taken when necessary. Function-related responsibility beside this general responsibility, there are also hierarchical levels and sections with functionrelated responsibilities. these include: executive boards and management bodies group security Security management of the groups companies executives with personnel responsibility in their leadership functions Security service providers these special assignments and areas of responsibility are explained in more detail in the group security minimum standards.

10 Implementation Implementation. Employees and partners of the RWE group are responsible for ensuring that their tasks are executed in compliance with the relevant security regulations of the group. Control mechanism The Security Management functions of the different RWE group companies are a central control mechanism in this regard. It verifies, if necessary with the assistance of the Corporate Internal Audit division, compliance with the security directives and the security standards by means of regular internal audits and security compliance audits by themselves. Security provisions As employees and business partners have to offer all internal and external customer of the RWE group the same degree of security as the company itself. All relevant contracts and agreements will contain security provisions guaranteeing compliance with the group security directive and the detailed directives. This will be monitored in the course of internal audits carried out by Corporate Internal Audit, Security Compliance Audits carried out by Group Security and Security Audits carried out by the Security Management of the different RWE group companies. Reporting of incidents Every employee of the group is obliged to report all suspected or actual breaches of the security directives and the associated standards and processes to some suitable office, such as his direct superiors or to the security management.

execution 11 execution. A violation against the group security directive and all other security direc tives, standards and procedures can depending on degree of severity lead to legal action, which could be in the form of criminal proceedings, legal action in civil, labor or contract law or disciplinary measures. measures provided in the corporate security directives, standards and procedures of rwe ag and the groups companies are oriented to the relevant statutory provisions and regulations.

RWE Aktiengesellschaft Opernplatz 1 45128 Essen Germany T +49 201 12-00 F +49 201 12-15199 I www.rwe.com