Samskip Sustainability Report 2021 – From Compliance to Care

Conducting business with integrity is fundamental to us. Every employee is expected to maintain the highest standards of legal and ethical conduct. We foster a culture of respect and fairness, which celebrates differences, rather than turning against them. We wish to challenge our own methods and ways of doing things, to ensure continuous improvement, and growth through innovation. To demonstrate our commitment, we guarantee the right of every employee to voice concerns about their treatment and to have those concerns heard.

We are committed to following the laws of the countries in which we operate. However, we go beyond compliance. To become a truly responsible business, we don’t just follow, but bring new and better ideas into the light. To do this, we regularly give our expert advice on upcoming regulations. For example, we contributed to the development of the new environmental requirements for SOx and NOx, two of the main pollutants caused by the burning of various fossil fuels by ships. We are also an active member of several industry groups, such as TLN, and the UK Chamber of Shipping’s Carbon Working Group, to influence positive change in shipping.

Here at Samskip, we strive to reform our industry for the better, and recognise that to do so, we must take the lead and show other organisations how together we can sail towards a more sustainable future.

Our Ethical Responsibility

As a growing company, we wish to maintain a high level of ethical, and responsible business standards. As a result, we expect our employees to respect one another, be inclusive, and thrive.

At Samskip, we have a Management Board and Extended Executive Committee who govern our business. At least 10 meetings are held per year with the Supervisory Board to take care of any major decisions.

Our Code of Conduct encourages our employees to abide by our values, ensuring that high ethical standards are embedded into our DNA, attitude, morals, and mentality. We’re working on implementing the Code of Conduct in our contracts, so that all new employees read the code, and agree to its terms.

Conducting business ethically requires that employees:

Obey all relevant laws within their operating region.
Treat others fairly, with dignity, and with respect.
Avoid any and all cases of corruption and bribery.
Prepare all records of financial transactions accurately and with integrity.
Report financial conditions and results of operations honestly and promptly.
Deal honestly and fairly with customers, business partners, and suppliers.
Avoid actual and potential conflicts of interest (situations where one makes or influences a decision that may result in personal gain for oneself or others).
Respect and properly manage our own data and information and that of our stakeholders.

Employees are expected to come forward with any legal, ethical or safety concerns either directly to management or through our whistleblowing procedure. Any concerns raised will be investigated and treated seriously. We pay particular attention to the possibility of anti-competitive practices, and conflict of interest. Being a large company, it is important to ensure our employees understand the potential legal and professional repercussions of misconduct. A whistleblowing procedure was recently implemented to allow employees to anonymously report their concerns.

At Samskip, we train our employees on ethical business practices. This covers information on anti-competitive training. We ensure that new employees are trained on this as part of their onboarding.

At Samskip, we want to maintain a reputation that our customers and clients can rely upon.

A Security System You Can Rely Upon

We take cyber security seriously and are committed to continuously improving our IT system security in line with industry best practices and common security frameworks. Our team consists of highly skilled and motivated individuals that are alert on the latest developments and trends in cyber security. We work closely with various authorities that serve their constituency by proactively analysing and advising on threats and vulnerabilities, as well as aiding in handling incidents that may occur.

We have many systems and practices in place to ensure the best protection of our data:

Samskip uses Microsoft Defender as the primary AV security solution on servers and workstations.
Server and workstation updates are controlled with Microsoft Azure automation.
Updates, patches, and vulnerability management are controlled and monitored using various tools including Microsoft Advanced Threat Protection and Azure automation services to ensure safety, reliability, and control.
Data in transit and in rest is always encrypted and stored in secure data centres. Data on workstations is encrypted with BitLocker.
End user devices must be enrolled in Azure for mobile device management and users must authenticate with their Active Directory credentials and use of multi-factor authentication is mandatory to access our systems.
Our password policy ensures minimum length, complexity, and prevents the use of common dictionary words. Employees receive training on cyber security topics to raise awareness and increase security around common phishing attacks.
Regular phishing test email campaigns are sent out to ensure our employees can recognise potentially malicious emails and respond accordingly.
Our servers are backed up nightly, and offsite copies are transferred in immutable form to external storage and to a cloud backup partner for long-term retention or disaster preparedness.

Regular internal audits and penetration tests are performed on our network and systems. We also use external security companies to perform external and internal penetration tests.

We use good practices in all areas of cyber security. We are a company you can trust.