Наша практика безпеки даних відповідає Сарбейнсу-Окслі, Загальний регламент ЄС щодо захисту даних (GDPR), and Greif’s Records Management and Retention Policy. Greif’s Information Technology Team, led by our manager of Global IT Security, manages data security, which includes annual audits for IT control processes, quarterly reviews of data permissions, and quarterly phishing simulations. At the center of our security operations is training. All colleagues with access to computers are required to complete quarterly cybersecurity training, receive quarterly newsletters promoting cybersecurity awareness and weekly security tips on topics ranging from password security to avoiding phishing scams, and participate in our annual Cybersecurity Month each October. Greif Executives receive updates through a cybersecurity dashboard that is shared with Greif’s Enterprise Risk Management Team and Board quarterly. The dashboard currently tracks our performance using the Індекс зрілості Національного інституту стандартів і технологій NSF. Should Greif fall victim to a cybersecurity breach, we maintain an IT Services Cyber Incident and Response Plan and an IT Services Global Business Continuity Plan, which outlines our steps to quickly respond to and mitigate the impact of an incident. Greif received no substantiated complaints concerning breaches of customer privacy and identified no leaks, thefts, or losses of customer data in 2020.

Щоб керувати фізичною безпекою наших будівель, Greif встановлює на наших підприємствах зчитувачі тегів і замки з PIN-кодом. Ми вимагаємо коносамент для кожного вантажу, отриманого з наших об’єктів. Компанія Greif забезпечує безпеку продукту в усьому ланцюжку поставок, пропонуючи запірки, захищені від несанкціонованого доступу.

Since 2018 we have been working to implement findings from a cybersecurity maturity assessment we conducted in collaboration with a third-party partner. We introduced annual online Cybersecurity and Awareness training to help improve our colleagues’ ability to identify and respond to potential threats and minimize risk in both digital and physical spaces. After completing the training, each of our colleagues must complete a quarterly checkup, ensuring knowledge is retained and put into practice. The training is mandatory for all colleagues with access to computers, including our Executive Leadership Team. To further comply with GDPR, we have conducted GDPR training for our colleagues in EMEA and began establishing a formal data classification framework. The framework will help us better understand, and ultimately manage, the personal information we store.

Each month members of Greif’s cybersecurity and legal departments meet to discuss compliance with current and emerging data security and data privacy regulations. We monitor regulatory changes and actions required to ensure compliance.

In 2019 we established a three-year cybersecurity strategy that we began implementing in 2020. As part of this strategy, we have implemented single-sign-on (SSO) and multi-factor authentication (MFA) to Greif exposed applications. We have also implemented next-gen antivirus solutions with endpoint detection and response services. Our colleagues now have the ability to self-tag their information and emails with the proper data classification based on our new data classification framework. In 2021, we will continue to develop our cybersecurity strategy with a focus on the industrial internet of things, third-party risk management, and increasing our incident response capability.