Our Responsible Business

We are committed to revolutionising our industry for the better. We understand that in terms of our governance, the only way to achieve this is by leading the way. We go above and beyond the norm to be a responsible business and bring new and innovative ideas to the forefront. To achieve this, we make sure our experts stay ahead of the game by keeping them informed about upcoming regulations. 

We are not content with just doing our bit, though. We are active members of several industry groups, such as TLN and the UK Chamber of Shipping’s Carbon Working Group, where we work towards bringing positive change in shipping. 

Our Ethical Responsibility

Through ethics, Samskip protects its employees' and partners' interests, as well as its own. There is no place at Samskip for immoral and dangerous behaviour that jeopardises the proper conduct of business. Samskip has many people and assets under its responsibility, so strengthening our risk management and spreading our values for ethical conduct is vital.

The Management Board and the Extended Executive Committee govern the business of Samskip and ensure integrity and ethics in all operations. Employees are expected to respect their colleagues and Samskip's partners and to apply Samskip's values in their daily work. Samskip’s policies and procedures cover corruption, conflicts of interests, fraud, and theft.

However, words are not enough, and it was essential for us to understand the risks associated with our activities and put a risk management system in place. All the while, internal and external transparency remains a top priority. 

This risk management system is based on a due diligence process that Samskip can rely on to ensure that the parties involved in its activities align with its ethical standard. 

Due diligence

The due diligence process allows for gathering information on partners, especially suppliers, which is then integrated into risk management. Thus, Samskip can adapt to the risk uncovered and set up stricter monitoring mechanisms.

This mechanism includes:

• Frequent assessments of the risks associated with our partners.
• The CSR questionnaire which includes business ethics related questions. The questions are designed to create an overview of the systems suppliers have in place. The top 25 suppliers, representing 50% of Samskip spending, have received and completed the questionnaire so far.

Risk management

Samskip implements best practices to strengthen this system as defined by international standards, such as ISO37001:

Regular verification of the use of internal procedures. internal audits are conducted every year to ensure the optimal use of the system by employees.

• Externally conducted financial auditing to provide reassurance on Samskip’s bookkeeping. Each entity of Samskip conducts at least one external financial audit every year.
• Regular training of employees on the Code of Conduct and the existing processes. For instance, Samskip makes sure that 100% of employees are aware of the Gift and Entertainment policy, including governance body members. Trainings are also available online, and 25 people were trained in Business Ethics on our Samskip Academy.

Code of conduct

Samskip's Code of Conduct is used to communicate our values to our employees. Working for the company means fully integrating high ethical standards into behaviour at work. In 2022, we fully implemented the Code of Conduct in our contracts so that all new employees read the code and agree to its terms.

The DNA of Samskip is embedded into the code, which stipulates that employees must: 

• Obey all relevant laws within their operating region.

• Treat others fairly, with dignity, and with respect.

• Avoid any cases of corruption and bribery.

• Prepare all records of financial transactions accurately and with integrity.

• Report financial conditions and results of operations honestly and promptly.

• Deal honestly and fairly with customers, business partners, and suppliers.

• Avoid actual and potential conflicts of interest. 

• Respect and adequately manage our data and information and our stakeholders.

Whistleblowing procedure

Being a large company, it is important to ensure that our employees can work together to prevent the potential legal and professional repercussions of misconduct. Therefore, Samskip fully implemented and communicated its new whistleblowing procedure in 2022, allowing employees to report their concerns anonymously.

Samskip expects employees to report any legal, ethical or safety concerns directly to management or through our whistleblowing procedure. Samskip will not tolerate any retaliation against employees reporting their concerns. We commit to investigating all cases raised and to taking the appropriate measures. 

The whistleblowing procedure includes a remediation procedure to reassure all parties involved that actions are taken to mitigate the risks associated with the case.

Trained and ready to go

Understanding Samskip's values and integrating its DNA will translate into the appropriate morale, attitude, and behaviour at work is an essential part of employees' onboarding. The newly hired staff goes through a series of courses covering various business ethics topics, to ensure all employees have a share understanding and commitment to high ethical conduct. At Samskip, we want to maintain a reputation that our customers and clients can rely upon. 

A Security System You Can Rely Upon

Samskip understands the responsibility that comes with handling data. This is why every effort is made to protect personal and business data. The loss or modification of such data can significantly affect people and businesses. Implementing an information security management system (ISMS) is the best way to protect data from end to end. Samskip's approach is based on the requirements and recommendations of the GDPR and the international standard ISO 27001. 

Here is an overview of Samskip's ISMS: 

• Samskip uses Microsoft Defender as servers and workstations' primary AV security solution.

• Server and workstation updates are controlled with Microsoft Azure automation. 

• Updates, patches, and vulnerability management are controlled and monitored using various tools, including Microsoft Advanced Threat Protection and Azure automation services, to ensure safety, reliability, and control. 

• Data in transit and at rest is always encrypted and stored in secure data centres. Data on workstations is encrypted with BitLocker. 

• End user devices must be enrolled in Azure for mobile device management, and users must authenticate with their Active Directory credentials; multi-factor authentication is mandatory to access our systems. 

• Our password policy ensures minimum length and complexity and prevents the use of common dictionary words. Employees receive training on cyber security topics to raise awareness and increase security around common phishing attacks. 

• Regular phishing test email campaigns are sent out to ensure our employees can recognise potentially malicious emails and respond accordingly. 

• Samskip uses modern backup systems to ensure system resilience and regularly backs up every server of the production farm on different layers. 

• Samskip is working with the authorities on the NIB2 requirement of the EU to have the proper systems in place. From 2024 Samskip will be marked as critical infrastructure for the European Union due to our transporting of food and medicine, making it essential to have necessary systems in place. 

• All our IT business suppliers are ISO27001 certified.

Risk management is also embedded into the system with the following: 

• Internal audits and penetration tests are performed yearly on networks and systems.
• External penetration tests are conducted by experts every year.
• The due diligence process also covers IS.
• Phishing test is conducted every year.