SustainabilityReport 2023 high - Flipbook - Page 31
SUPPLIERS: CODE OF CONDUCT AND
ISO STANDARDS
PERCENTAGE OF PRODUCTION SUPPLIERS WITH ISO CERTIFICATION AND CoC COMPLIANCE
All three of Terratech’s daughter companies are
certi昀椀ed according to ISO9001 and ISO14001 and
although the formal work to certify the companies
according to ISO45001 have not yet started, the
areas related to health and safety are covered by the
companies’ respective quality systems.
To verify that our suppliers comply with our priorities
of safeguarding human rights and conducting a
fair business we have set a goal where “100% of
Terratech’s production suppliers should agree with
our CoC and they should follow ISO9001 & ISO14001
(or equivalent) by 2024”.
To ensure we reach this goal we will continue to
increase control, veri昀椀cation, and expectation on
suppliers to follow and implement Code of Conduct,
ETP (Equal Treatment Policy) and ISO9001 &
ISO14001.
RISK MANAGEMENT
Our risk management process follows an annual cycle
where an overall risk analysis is done on a company
level during the last quarter of each year. The risk
areas cover all risks related to the business as such,
both upstream and downstream, as well as products,
personnel, 昀椀nance, cyber security, infrastructure and
regulations. We design our products in line with the
Machine Directive as well as a number of di昀昀erent
standards and we CE-mark our products where
applicable.
We make risk analyses in our product and process
development and a part of our day-to-day operations
in safety rounds.
DATA ETHICS
Terratech maintains an IT policy and guidelines for
the employees IT usage where the goal is to protect
the employee’s integrity in accordance with GDPR
(General Data Protection Regulation) and to protect
all business-critical systems. We follow GDPR, the
Personal Data Act, the Act on Electronic Message
Boards, and the Copyright Act.
During 2023 much work has been performed to
increase our Cyber security and towards the end
of 2023 and early 2024 a second NIST review was
performed for all three companies. NIST is a set of
guidelines for mitigating organizational cybersecurity
risks, published by the US National Institute of
Standards and Technology (NIST) based on existing
standards, guidelines, and practices around the
main topics of “Identify, Protect, Detect, Respond and
Recover”.
3.4.4. Summary of focus area 3
To visualize the full picture of our focus area 3, we
have summarized most of what we do in regard to
this on the next page. The summary includes actions,
status and goals required to reach our overall focus to
be a responsible business.
31
