Occupational health and safety systems, travel safety instructions, and crises management guidelines are aimed at protecting Wärtsilä employees. Appropriate insurances are in place for the personnel, and to emphasise the importance of employee safety, the Board of Management has decided on a corporate level target of zero lost time injuries. A specific Zero Injury project exists for this purpose, and the target is a part of the company’s sustainability programme. During 2015, the near-miss reporting system, WeCare, has been actively used worldwide in order to manage information related to incidents that can threaten the safety, health and security of the company’s employees and operations, as well as the environment. This IT solution itself does not alone improve performance, but it does provide a guide for identifying the causes of incidents and for taking all appropriate actions in a systematic way.
Environmental management systems are in place to mitigate environmental hazard risks. Wärtsilä maintains a register of all properties used and gives guidelines for the purchase, sale, rental and security of premises, and uses external advisors for environmental audits.
None of Wärtsilä’s major locations are situated in natural disaster areas. Catastrophic peril related scenarios are identified, and where necessary, exposures are mitigated by, for example, elevating sites above the flood risk level or by constructing flood dikes. For Wärtsilä’s main sites, business impact analyses have been conducted and continuity plans created to cover both property and business interruption risks.
The risks that Wärtsilä is unable to influence through its own efforts are transferred whenever possible to insurance companies. Wärtsilä uses appropriate insurance policies to cover indemnity risks related to its personnel, assets, and business interruptions; including supplier triggered interruptions, as well as third-party and product liability. Wärtsilä has established its own captive insurance company, Vulcan Insurance PCC Ltd, as a risk management tool.
Information & cyber security related risks
During 2015, Wärtsilä established an internal organisation dedicated to cyber security governance and management. This organisation, in cooperation with Wärtsilä’s divisional business management, is responsible for Wärtsilä’s cyber security governance and management in connection with its customer offerings and internal operations. The Wärtsilä cyber security governance model ties together traditional safety and security functions with cyber security operations.
Information security risks related to Wärtsilä’s internal operations are continuously identified, and mitigation activities are continuously executed in network security, endpoint protection, access risk management and vulnerability management. The Wärtsilä Security Operations Centre (SOC) monitors the internal threat exposure level with vulnerability scanning capabilities, and provides a coordinated response to identified cyber security incidents. Furthermore, development of Wärtsilä’s information security capabilities is steered through the new cyber security organisation.
Cyber security risks are extensively identified and treated, and it appears that information and automation system related risks have exceeded the physical and personnel risks. Cyber security strategy reviews and implementation will continue during the coming years.