SASB Response / Social Capital
As reported in DJSI 1.8.4, due to the sensitive nature of work carried out by Babcock we are not able to provide specific information on security breaches.
Description of approach to identifying and addressing data security risks in
Babcock has a governance structure in place to ensure data security risks are identified, impact assessed and that necessary mitigating actions are recorded and implemented. Records of all information assets are held in a central register and asset owners (IAOs) are assigned with responsibility for assessment and management of associated risks in alignment with Babcock’s overall risk appetite. Senior Information Risk Owners (SIROs) are responsible for data security within their respective areas and this includes escalation of data security risks to the overall business risk register.
Products generated by Babcock are required to go through a robust accreditation process to ensure risk assessments have carried out and that necessary standards are met.