- To launch trainings on Samskip Academy related to cyber-security and data protection
- To send the CSR questionnaire and develop action plans for all suppliers by 2025
At Samskip, we believe that conducting our business ethically and responsibly is essential to our long-term success. Through our policies and practices, we seek to encourage a community of open communication and feedback that can meet our expectations of ethical behaviour and positively contribute to society. We recognise that we rely on many suppliers and stakeholders throughout our value chain in our day-to-day operations as well. As such, we are working towards engaging with our suppliers on matters of business ethics to further the extent of our responsible practices throughout our value chain.
As a foundation to Samskip’s commitment to responsible business practices, we have established multiple policies and measures that outline best practice conduct and action for those in our business and within our value chain. The Management Board and the Extended Executive Committee govern our business ethics systems and ensure integrity and ethics in all operations. This system relies upon three main segments: our Code of Conduct and adjoining policies, our approach to supply chain due diligence and risk management, and our Whistle Blowing Procedure.
Our comprehensive Code of Conduct covers a range of areas from anti-bribery to corruption and builds upon our information and cyber security measures. We rely upon this Code to showcase not just our commitment to responsible business, but to ensuring every employee is help to the same standards in the application of these practices.
The DNA of Samskip is embedded into the code, which stipulates that employees must:
Obey all relevant laws within their operating region.
Treat others fairly, with dignity, and with respect.
Avoid any cases of corruption and bribery.
Prepare all records of financial transactions accurately and with integrity.
Report financial conditions and results of operations honestly and promptly.
Deal honestly and fairly with customers, business partners, and suppliers.
Avoid actual and potential conflicts of interest.
Respect and adequately manage our data and information and our stakeholders.
As of 2022, this policy is coupled with a Gifts & Entertainment Policy that outlines our expectations for financial prudence to reduce risks associated with sensitive transactions and ensure financial integrity. The policy outlines when gifts and gestures are considered appropriate and the procedure to get such gifts or gestures approved by line managers. Employees are regularly trained on the Code of Conduct and the existing complementing processes. Samskip makes sure that 100% of employees are aware of the Gift and Entertainment policy, including governance body members. Trainings are also available online, with 25 people being trained in Business Ethics on our Samskip Academy in 2023.
We integrate due diligence process for ourselves and all of our partners, especially suppliers, as a part of our approach to risk management. This way, we can adapt to the risk incurred and set up stricter monitoring mechanisms.
Internally, Samskip implements the best practices to strengthen this system as defined by international standards, such as ISO37001. This includes the regular verification of the use of internal procedures. Currently, regular verification on the use of internal procedures occurs, with multiple internal audits conducted every year to ensure the optimal use of the system by employees. Externally conducted financial auditing also provide reassurance on Samskip’s bookkeeping. Each entity of Samskip conducts at least one external financial audit every year.
Externally, the mechanism includes frequent assessments of the risks associated with our partnerships. In 2023, we have conducted a business ethics risk assessment for 2 of our main suppliers, one office, and 10 regions. Additionally, we have integrated a Corporate Social Responsibility questionnaire for our suppliers that involves questions on ESG matters, including business ethics. The questions are designed to create an overview of the systems suppliers have in place related to sustainability topics. The top 45 suppliers, representing 80% of Samskip transport procurement spending, have received and completed the questionnaire so far.
Being a large company, it is important to ensure that our employees can work together to prevent the potential legal and professional repercussions of misconduct. Therefore, Samskip fully implemented and communicated its new Whistleblowing procedure in 2022, allowing employees to report their concerns anonymously. In line with our Code of Conduct, this procedure outlines the responsibilities and reporting mechanism to be followed by anyone that wishes to report misconduct related to any of the following matters:
Discrimination, harassment, or unfair treatment based on gender, age, religion, origin, sexual orientation, political opinion
Dangerous behaviour that can compromise employee’s wellbeing and safety
Unethical or improper behaviour
Malpractice concerning financial documents, fraud, corruption, and bribery
Practice that can reduce competitiveness in the sector
Criminal behaviour which breaches laws, regulations and/or obligations
Events of child or forced labour
Damage to the environment
Public health
Consumer protection
Breach of confidential information and data
Information security breaches
Attempt to conceal any of the above
Samskip expects employees to report any legal, ethical or safety concerns directly to management or through this procedure. We ensure to offer anonymity and confidentiality to those who speak up in accordance with this procedure and protection against retaliation. We commit to investigating all cases raised and to taking the appropriate measures.
Samskip has a remediation procedure additionally to reassure all parties involved that actions are taken to mitigate the risks associated with the case.
This is why every effort is made to protect personal and business data. Implementing an information security management system (ISMS) is the best way to protect data from end to end. Samskip's approach is based on the requirements and recommendations of the GDPR and the international standard ISO 27001.
Here is an overview of Samskip's ISMS:
Samskip uses Microsoft Defender as servers and workstations' primary AV security solution.
Server and workstation updates are controlled with Microsoft Azure automation.
Updates, patches, and vulnerability management are controlled and monitored using various tools, including Microsoft Advanced Threat Protection and Azure automation services, to ensure safety, reliability, and control.
Data in transit and at rest is always encrypted and stored in secure data centres. Data on workstations is encrypted with BitLocker.
End user devices must be enrolled in Azure for mobile device management, and users must authenticate with their Active Directory credentials; multi-factor authentication is mandatory to access our systems.
Our password policy ensures minimum length and complexity and prevents the use of common dictionary words. Employees receive training on cyber security topics to raise awareness and increase security around common phishing attacks.
Regular phishing test email campaigns are sent out to ensure our employees can recognise potentially malicious emails and respond accordingly.
Samskip uses modern backup systems to ensure system resilience and regularly backs up every server of the production farm on different layers.
Samskip is working with the authorities on the NIB2 requirement of the EU to have the proper systems in place. From 2024 Samskip will be marked as critical infrastructure for the European Union due to our transporting of food and medicine, making it essential to have necessary systems in place.
All our IT (Information Technology) business suppliers are ISO27001 certified.
We are a company you can trust.