Security, Emergency, and Crisis Resilience

Material Topic: Security, Emergency, and Crisis Resilience

Protecting people, assets, operations, information, and reputation against any threats, incidents, or crises, thereby ensuring business continuity

Key GRI

• GRI 410: Security Practices 2016

NaDiVeG

• Employee and social concerns

Most relevant SDG

The purpose of OMV’s security activities is to protect the OMV Group’s personnel, assets, information, operations, value, and reputation against malicious threats. The Security, Emergency, and Crisis Resilience material topic encompasses two facets: corporate physical security and information security.

OMV’s core commitments to security are laid out in the HSSE Policy. We protect against crime, malicious acts arising from geopolitical threats, and business crime. Furthermore, we develop resilience to respond to and recover from incidents and ensure business continuity.

Governance

Group HSSE is responsible for coordinating physical security and resilience activities across the OMV Group. Group HSSE is led by the VP HSSE, who reports directly to the Chief Executive Officer. In high-risk countries, we have dedicated Country Security Managers and Asset Protection Experts on site to add additional expertise. IT Security is not handled by the HSSE department, but rather by the Group IT & Digital Office led by the Chief Information Officer. The CIO reports directly to the Chief Financial Officer. The Group CIO is supported by the Group CISO and Group IT/OT Governance team.