At PMI, we use an array of expert-supported, state-of-the-art security solutions to help prevent, detect, and respond to events.
Together with our Code of Conduct, internal policies and guidelines govern our activities and ensure our everyday work is conducted in a manner consistent with our values. In particular, PMI’s global policy on data privacy sets a standard for privacy governance and accountability.
PMI’s Global Privacy Program (GPP) sets standards for data privacy and security across markets and functions. It governs the collection, processing, and sharing of personal data by PMI affiliates. Our privacy team regularly reports to PMI’s Corporate Risk Governance Committee on the businesses’ adherence to the GPP.
We use information systems to help manage business processes and collect and interpret data. We also use these systems to communicate internally and externally with employees, suppliers, consumers, and customers. Specialist third-party service providers manage some of our information systems, and we work with internal specialists to protect systems and data from unauthorized access.
Employees and contractors play a fundamental role in protecting data. By being aware of potential threats and reacting to them appropriately, our community can help keep PMI secure. In 2022, we continued to train our workforce in data protection principles and information security. We complement our training with regular simulated phishing campaigns addressed to our entire workforce to help everyone practice recognizing and reporting phishing attempts and to identify weaknesses in advance of any real attempts the business might face.
We also maintain a hub of resources on information security awareness, accessible to all employees and contractors. In addition to detailing good security practices to protect user accounts and data from cyber risk, these resources help our team remain vigilant to the indirect risks that can arise from activities such as online shopping or connecting to wireless networks. To support those employees working remotely, we have adapted our network and systems and released guidance to help remote workers secure internet connections and manage paper documents outside of our offices.
We continue to make investments in administrative, technical, and physical safeguards, including continuity planning, to provide resilience on our core processes and maintain information security protections in line with industry standards. We evaluate the adequacy of these preventative actions annually. In addition, PMI has an integrated program to manage cyber risks, to protect PMI’s data, and to safeguard the privacy of consumers and customers, including conducting third-party cyber risk assessments.
Our strategy highlights the importance of governance-related topics, which cannot be overstated. Our company’s policies, rules, and procedures define our ability to implement sound strategies that successfully address environmental and social issues.

View all Fundamentals
Read MoreThis online content about our Integrated Report should be read in conjunction with PMI’s Integrated Report 2022. Unless otherwise indicated, the data contained herein cover our operations worldwide for the full calendar year 2022 or reflect the status as of December 31, 2022. Where not specified, data comes from PMI financials, non-financials, or estimates. Unless explicitly stated, the data, information, and aspirations referenced do not incorporate PMI’s Vectura Fertin Pharma business (consolidating the 2021 acquisitions of wellness and healthcare companies Fertin Pharma A/S, Vectura Group plc., and OtiTopic, Inc.), nor the late 2022 acquisition of Swedish Match AB. Please also refer to 'This report at a glance' on page 2 of the Integrated Report 2022 for more information. Aspirational targets and goals do not constitute financial projections, and achievement of future results is subject to risks, uncertainties and inaccurate assumptions, as outlined in our forward-looking and cautionary statements on page 214. In the Integrated Report 2022 and in related communications, the terms “materiality,” “material,” and similar terms, when used in the context of economic, environmental, and social topics, are defined in the referenced sustainability standards and are not meant to correspond to the concept of materiality under the U.S. securities laws and/or disclosures required by the U.S. Securities and Exchange Commission.