At PMI, we use an array of expert-supported, state-of-the-art security solutions to help prevent, detect, and respond to events.
Together with our Code of Conduct, internal policies and guidelines govern our activities and ensure our everyday work is conducted in a manner consistent with our values. In particular, PMI’s global policy on data privacy sets a standard for privacy governance and accountability.
PMI’s Global Privacy Program (GPP) sets data privacy standards across markets and functions. It governs the collection, processing, and sharing of personal data by PMI affiliates. Our privacy team publishes privacy awareness materials and guidance for employees and contractors and regularly reports to PMI’s Corporate Risk Governance Committee on the business' adherence to the GPP.
We use information systems to help manage business processes and collect and interpret data. We also use these systems to communicate internally and externally with employees, suppliers, consumers, and customers. Specialist third-party service providers manage some of our information systems, and we work with internal specialists to protect systems and data from unauthorized access.
Employees and contractors play a fundamental role in protecting data. By being aware of potential threats and reacting to them appropriately, our community can help keep PMI secure. In 2023, we continued to train our workforce in data protection principles and information security. We complement our training with regular awareness campaigns and simulated phishing campaigns addressed to our entire workforce to help everyone practice recognizing and reporting phishing attempts and to identify weaknesses in advance of any real attempts the business might face.
We also maintain a hub of resources on information security awareness, accessible to all employees and contractors. In addition to detailing good security practices to protect user accounts and data from cyber risk, these resources help our team remain vigilant to the indirect risks that can arise from activities such as online shopping or connecting to wireless networks.
We invest in administrative, technical, and physical safeguards, including continuity planning to increase the resilience of our core processes and maintain information security protections in line with industry standards. We evaluate the adequacy of these preventative actions annually. In addition, PMI has an integrated program to manage cyber risks, protect PMI’s data, and safeguard the privacy of consumers and customers, including conducting third-party cyber risk assessments.
Management
The Chief Information Security Officer (CISO) is responsible for information security governance and reports to the Chief Digital & Information Officer, a member of Company Management. The Assistant General Counsel responsible for data privacy governance reports to the VP Regulatory Law and then into the General Counsel, a member of Company Management. Our Audit and Risk Committee is responsible for the review of, among other topics, the risk management of cybersecurity and data privacy risks, as well as data governance.