BASF Report 2021 Management’s Report – Health and Safety, Emergency Response 122 guiding principle is to identify risks for the company at an early Our worldwide network of information protection officers comprises Good to know stage, assess them properly and derive appropriate safeguards. around 650 employees. They support the implementation of our uniform requirements and hold events and seminars on secure We inform business travelers and transferees about appropriate behaviors. Around 100,000 employees had been trained on the protection measures prior to and during travel in countries with ele- basics of cybersecurity and information protection in 2021. Our vated security risks. We updated our travel recommendations in line standardized Group-wide recommendations for the protection of with the coronavirus pandemic. After any major incident, we can use information and knowledge were expanded to include additional a standardized global travel system to locate and contact employ- guidance for employees and updated in line with current ees in the affected regions. developments. For more information on emergency response, see basf.com/emergency_response We protect our employees, sites, plants and company know-how against third-party interference. This includes addressing in depth the issue of cybersecurity and information security. BASF applies the “security by design” principle to critically review and Automation Security Roadmap optimize IT applications from a cybersecurity perspective as early as the design phase. We are continually improving our ability to prevent, The advance of digitalization increases the risk of cyberattacks detect and react to security incidents with various measures and on IT systems such as online stores or servers. At the same time, training programs. Our global cybersecurity team monitors and pro- automation technology (operational technology) is increasingly tects our IT systems against hacker attacks. We cooperate with being used in production plants, buildings, laboratories and in experts and partners in a global network to ensure that we can logistics, which is also connected to the internet via various protect ourselves against cyberattacks as far as possible. Our IT protection levels. An interdisciplinary team with experts from security management system is certified according to DIN EN information and automation technology developed the Auto- ISO / IEC 27001:2017. It also supports, in particular, our critical infra- mation Security Roadmap to reduce risk in these areas. It serves structures in meeting additional compliance requirements such as as a guide for facilities to protect themselves against cyber- DIN EN ISO/IEC 27019:2020, IT security catalog and corresponding attacks. Part of the concept is training Officers for Automation industry-specific standards (B3S). Security (OAS). BASF now has over 300 OASs. They provide advice and support on cybersecurity in automation technology Around the world, we work to sensitize our employees about pro- at all BASF sites worldwide – for example, on risk analysis, tecting information and know-how. We further strengthened our protecting sensitive data and access control. employees’ awareness of risks in 2021 with mandatory, regular online training for all employees and complementary offerings such as seminars, case studies and interactive training. These increas- ingly addressed aspects of working practices that have changed as a result of the coronavirus pandemic, such as cybersecurity when working from home.