The case for CSR/ Sustainability Reporting Done Responsibly


IDENTIFY - MEASURE - MANAGE - CHANGE

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How Alperia promotes cybersecurity

Case study: How Alperia promotes cybersecurity

Alperia is South Tyrol’s leading energy service provider and one of the most important sustainable-energy companies in Italy. Alperia deals with cybersecurity through a dedicated structure that defines and supervises cybersecurity architectures and systems  Tweet This!, deals with identity management and access control systems and intervenes in the event of any attacks.

This case study is based on the 2019 Sustainability Report by Alperia published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

In 2019, Alperia’s protection systems blocked an average of 4.000 spam emails and 6.000 malicious connection attempts every day. In order to promote cybersecurity Alperia took action to:

  • introduce new and better performing management systems
  • renew the ISO 27001 certification

What are the material issues the company has identified?

In its 2019 Sustainability Report Alperia identified a range of material issues, such as security of supply, innovation, research and development, health and safety at work, asset integrity, energy consumption. Among these, promoting cybersecurity stands out as a key material issue for Alperia.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups Alperia engages with:

Stakeholder Group
Customers
Workforce
Suppliers
Owners and Investors
Interest groups
Citizens
Research institutes
Community

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics Alperia engaged with its stakeholders though an anonymous online survey which 176 participants answered.

What actions were taken by Alperia to promote cybersecurity?

In its 2019 Sustainability Report Alperia reports that it took the following actions for promoting cybersecurity:

  • Introducing new and better performing management systems
  • In 2019, Alperia introduced new and better performing management systems both inside and outside the Alperia world, also including Artificial Intelligence (AI) platforms. Attacks are becoming more frequent and high risk. Most are perpetrated by extremely sophisticated AI software, which is why it is necessary to use the same language in defence. In 2019, Alperia did not suffer from any significant cybersecurity incidents, but is aware of how important it is to protect yourself with increasingly sophisticated barrier systems. This is why Alperia introduced a double layer antivirus system for email and all the documents are classified according to a specific confidentiality level (public, restricted, confidential). Updating activities continue with trials of the disaster recovery plan and adoption of protection systems against ransomware threats.
  • Renewing the ISO 27001 certification
  • In 2019, Alperia renewed its ISO 27001 certification, which was extended to include even more stringent checking. This international standard recognises the group’s adoption of a secure system for the management of company information systems (IT and documentary), to monitor and reduce management costs, ensure adequate service levels and monitor and reduce the risk of possible outages. The certification is subject to an annual audit, with additional checks carried out by the group’s Internal Audit. During 2019, Alperia’s business continuity plan was also developed to be activated in the event of attacks. In compliance with the requirements of Europe’s GDPR regulation, a Data Protection Officer (DPO) was appointed external to the IT department. A new privacy-by-design procedure was developed, to be carried out at the start of each new project in order to check if it meets the standards set by privacy and GDPR legislation.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

 

80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.



FBRH GRI Standards Certified, IEMA & CIM recognised Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI Standards Certified, IEMA & CIM recognised course you will be taking the first step in gaining the many benefits of sustainability reporting.

Most importantly, you will gain the knowledge to use the GRI Standards, project manage your own first-class sustainability report and:

  • Identify your most important impacts on the Environment, Economy and Society
  • Begin taking solid, focused, all-round sustainability action ASAP

 

References:

1) This case study is based on published information by Alperia, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:

http://database.globalreporting.org/

2) https://www.globalreporting.org/standards/gri-standards-download-center/

Note to Alperia: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.