Sasol Integrated Report 2024 - Book - Page 34


INTRODUCTION
ABOUT SASOL
STRATEGIC OVERVIEW
BUSINESSES
ESG
REMUNERATION REPORT
DATA AND ASSURANCE / ADMINISTRATION
RISK MANAGEMENT continued
RISK MANAGEMENT IS INTEGRATED INTO OUR DECISION-MAKING PROCESSES AND DAILY OPERATIONS
Our Group top risks by aspect and risk themes continued
1
continued
ASPECT 1: SHORT-TERM BUSINESS RESILIENCE AND VIABILITY continued
RISK THEME
Legal,
Regulatory
and
Governance
RISK THEME
Information
Management
POTENTIAL IMPACT
RISK DESCRIPTION
Includes risks associated with:
• legal compliance with key
laws in multiple jurisdictions;
• adherence to corporate
governance requirements;
• changing policy and regulatory
requirements in multiple
jurisdictions; and
• delivering on environmental
commitments.
RISK DESCRIPTION
Includes risks associated with:
• information and cybersecurity
threats impacting business
operations Information
Technology (IT) and Operations
Technology (OT) mainly driven
by internal/external threats,
increasing digital landscape,
vulnerable assets and hybrid
work practices.
RESPONSE
•
•
•
•
Significant Group fines and penalties
Potential legal or class action
Negative reputational impact
Policy and regulatory uncertainty
impacting business planning
• Increased costs to comply
• Legal compliance programme
• Monitor and inform policy, legislative and regulatory developments for current and future
business activities
• Proactive stakeholder engagement
• Sasol Group Policies, Standards and Procedures, eg Code of Conduct, data privacy
• Regular review and benchmark processes on governance processes and structures
• Deliver on committed environmental roadmaps and air quality offset programme
POTENTIAL IMPACT
RESPONSE
• Loss of IT/OT critical infrastructure
significantly impacting business operations
• Loss of sensitive data (cybersecurity
breach or data leaks)
• Negative financial and reputational impact
• Information and cybersecurity threat management processes
• Effective operational capabilities for access governance (including secure remote access),
robust infrastructure, resilient and recoverable systems, comprehensive event logging
and auditing and physical access to critical systems and infrastructure for cybersecurity
• Consistent security monitoring, trending, testing and incident simulations
• Regular training awareness campaigns and targeted initiatives to improve cybersecurity
maturity
SASOL INTEGRATED REPORT 2024
32
Paperturn flipbook system