Sustainability report 2020 FINAL - Flipbook - Page 46
DIGITALIZATION (DATA PROTECTION)
Digitalization allows faster, more reliable and efficient global business operations, and at the same time,
secure processes and data management.
Since its inception in 2013, Archroma has therefore been implementing new digital technologies and
information technologies (IT) systems and infrastructures, with the goal to eventually operate with
end-to-end, state-of-the-art digitalized processes.
In the reporting period, we completed the implementation of a new upgraded document management
system (DMS), transformed our infrastructure to next generation of software-defined networks (SDN),
finalized the migration of our IT systems to “Microsoft Azure” cloud solutions, and continued expanding
our data analytics capabilities.
Our digital workplace strategy has allowed Archroma employees to transition smoothly and efficiently
to a work-from-home setup, whenever needed to keep them safe in the context of the COVID-19 pandemic.
Confidentiality, security and data protection
Archroma is strongly committed to the protection of the information and data of its employees, customers,
and partners in general. Whilst Archroma needs to have access to the information and data that is required
to operate its business and better serve the needs of its customers, the company is also extremely careful
to comply with the laws and regulations related to data privacy, fair competition or intellectual property,
as well as with the expectations of its customers and partners in this respect.
Archroma continuously invests in technology security initiatives as part of its digital agenda to effectively
manage our business operations with best-in-class industry standards. We rely across our operations on
100% cloud-ready IT “eco-systems” with certified information security platforms which provide us high
levels of reliability and capacity to protect our daily processes and transactions, as well as the company’s
intellectual property and other sensitive business information.
We take threats seriously and continue to work to improve our systems and processes, which are constantly
monitored and regularly updated so they provide the most effective security to protect our technology
systems, processes and data.
As cybersecurity is continuously evolving, education is another essential part of our approach to protection,
and we strive to reinforce a cybersecurity-aware culture at Archroma. Our employees are required to
complete cybersecurity and data protection e-learning courses which are regularly updated based on the
latest types of attacks and security best practices.
For the most sensitive and confidential cases, projects are handled in secure online data rooms that can
be accessed only after the Archroma employees involved in the project have agreed to a non-disclosure
and confidentiality obligation.
In the reported period, Archroma recorded no incidents nor complaints related to the theft, loss, or leaks
of customer information, and no incidents of breaches of confidentiality.
To achieve the objectives related to data protection, Archroma has appointed a Data Protection Officer and
applies active accountability policies to ensure compliance.
Likewise, the Archroma Code of Conduct contains rules and guidelines aiming to protect sensitive and
confidential customer information. All our employees are trained to the Archroma Code of Conduct
to ensure that awareness is high on compliance issues, via an annual online training as well as regular
live or web-based meetings.
Archroma has a Whistleblowing Policy and a Compliance Officer in place to ensure that suspected
non-compliance incidents can be signaled, even anonymously, and properly investigated.
Archroma’s IT systems, including internet and intranet management systems, databases, customer relations
management (CRM) tools, enterprise resource planning (ERP) system, end-user computing applications,
and other operating systems, are protected by solid firewalls and password-protected with multifactor
The company also has an Information Security Officer in place.