Sonepar likewise appointed a Chief Risk Officer, a move reflecting determination to establish proper governance of all risks and opportunities facing the Group. The two key focal points are preventing compliance-related risks (through strict compliance with the law and preventing corruption), and guaranteeing information, data and personal security (by identifying and evaluating the risks in every country where the Group operates).
Sonepar initiated a major process for mapping out those risks country by country and put in place appropriate plans of action spanning extensive preventive work, widespread training, providing all the necessary information and explanations, cybersecurity awareness-raising sessions and more. Last year, the Group also adopted ISO 27001/NIST, a globally recognized reference in this area. For business partners and customers, that guarantees adherence to the highest standards of data security, good practices, ethics and legal and regulatory compliance.
We’ve identified and assessed the risks, and we’ve put in place adequate oversight and follow-up. We’ve also set up programs to inform our staff and taken extensive action to prevent risk and train our people with appropriate versions for each country. And we regularly reassess our work.