SASB Response / Social Capital

Data Security

REFEstadoDisclosureOur Response

RT-AE-230a.1

No Disclosure

  1. Number of data breaches
  2. Percentage involving confidential information

As reported in DJSI 1.8.4, due to the sensitive nature of work carried out by Babcock we are not able to provide specific information on security breaches.

RT-AE-230a.2

Partial Disclosure

Description of approach to identifying and addressing data security risks in

  1. Company operations and
  2. Products

Babcock has a governance structure in place to ensure data security risks are identified, impact assessed and that necessary mitigating actions are recorded and implemented. Records of all information assets are held in a central register and asset owners (IAOs) are assigned with responsibility for assessment and management of associated risks in alignment with Babcock’s overall risk appetite. Senior Information Risk Owners (SIROs) are responsible for data security within their respective areas and this includes escalation of data security risks to the overall business risk register.

Products generated by Babcock are required to go through a robust accreditation process to ensure risk assessments have carried out and that necessary standards are met.