Occupational health and safety systems, travel safety instructions, and crises management guidelines are aimed at protecting Wärtsilä employees. Appropriate insurances are in place for the personnel, and to emphasise the importance of employee safety, the Board of Management has decided on a corporate level target for zero lost time injuries. A specific Zero Injury project exists for this purpose, and the target is a part of the company’s sustainability programme. During 2014, a near-miss reporting system, WeCare, was implemented worldwide in order to manage information related to incidents that can threaten the safety, health and security of our employees and operations, as well as the environment. This IT solution itself does not alone improve performance, but it provides a guide to identifying causes of incidents and taking proper actions in a systematic way.
Environmental management systems are in place to mitigate environmental hazard risks. Wärtsilä maintains a register of all properties used and gives guidelines for the purchase, sale, rental and security of premises and uses external advisors for environmental audits.
None of Wärtsilä’s major locations are situated in natural disaster areas. Catastrophic peril related scenarios are identified, and where necessary, exposures are mitigated by, for example, elevating sites above the flood risk level or by constructing flood dikes. For Wärtsilä’s main sites, business impact analyses have been conducted and continuity plans created to cover both property and business interruption risks.
The risks that Wärtsilä is unable to influence through its own efforts are transferred whenever possible to insurance companies. Wärtsilä uses appropriate insurance policies to cover indemnity risks related to its personnel, assets, and business interruptions; including supplier triggered interruptions, as well as third-party and product liability. Wärtsilä has established its own captive insurance company, Vulcan Insurance PCC Ltd, as a risk management tool.
Information & cyber security related risks
Information security risks are continuously identified and mitigation activities have been executed in network security, endpoint protection, access risk management and vulnerability management. The Wärtsilä Security Operations Centre (SOC) and vulnerability scanning capabilities for cyber security threats have improved situation awareness in digital services during 2014. Common information security capabilities, such as enhancing cloud usage and disaster and recovery planning of critical applications, has continued during 2014.
Cyber security risks are extensively identified and treated, and it appears that information and automation system related risks have exceeded the physical and personnel risks. Cyber security strategy review and implementation will continue during the coming years.