Case study: How Sempra Energy promotes cybersecurity
Sempra Energy is an energy infrastructure company with 2019 revenues of $10.8 billion, investing in, developing and operating transmission and distribution infrastructure in the most attractive markets in North America. Cybersecurity at Sempra Energy is about people, processes and technology working together to protect systems, networks and programmes from digital attacks.
This case study is based on the 2019 Corporate Sustainability Report by Sempra Energy published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.
Abstract
Sempra Energy is committed to dealing effectively with cybersecurity threats Tweet This! to its energy grid, storage and pipeline infrastructure, as well as the information and systems used to operate its businesses. In order to promote cybersecurity Sempra Energy took action to:
- establish an information security team
- implement an information security awareness programme
- use an automated SPAM reporting button
Subscribe for free and read the rest of this case study
Please subscribe to the SustainCase Newsletter to keep up to date with the latest sustainability news and gain access to over 2000 case studies. These case studies demonstrate how companies are dealing responsibly with their most important impacts, building trust with their stakeholders (Identify > Measure > Manage > Change).
With this case study you will see:
- Which are the most important impacts (material issues) Sempra Energy has identified;
- How Sempra Energy proceeded with stakeholder engagement, and
- What actions were taken by Sempra Energy to promote cybersecurity
Already Subscribed? Type your email below and click submit
What are the material issues the company has identified?
In its 2019 Corporate Sustainability Report Sempra Energy identified a range of material issues, such as reliability, affordability, greenhouse gas emissions, public safety, disaster preparedness and response. Among these, promoting cybersecurity stands out as a key material issue for Sempra Energy.
Stakeholder engagement in accordance with the GRI Standards
The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:
Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.
Key stakeholder groups Sempra Energy engages with:
Stakeholder Group | Method of engagement |
Customers | · In-person meetings or phone calls · Open houses, town hall meetings · Ethics & compliance helpline · Website content · Surveys · Print or social media |
Communities
| · In-person meetings or phone calls · Open houses, town hall meetings · Ethics & compliance helpline · Website content · Corporate sustainability report · Facility tours · Surveys · Print or social media |
Employees
| · In-person meetings or phone calls · Open houses, town hall meetings · Ethics & compliance helpline · Website content · Corporate sustainability report · Facility tours · Surveys · Print or social media |
Investors and shareholders
| · In-person meetings or phone calls · Open houses, town hall meetings · Ethics & compliance helpline · Website content · Corporate sustainability report · Facility tours · Print or social media |
Regulators, elected officials, community leaders
| · In-person meetings or phone calls · Open houses, town hall meetings · Ethics & compliance helpline · Website content · Corporate sustainability report · Facility tours · Print or social media |
Suppliers, contractors, business partners
| · In-person meetings or phone calls · Open houses, town hall meetings · Ethics & compliance helpline · Website content · Corporate sustainability report · Facility tours · Print or social media |
How stakeholder engagement was made to identify material issues
To identify and prioritise material topics Sempra Energy interviewed stakeholders to gain their perspectives on current and emerging priorities.
What actions were taken by Sempra Energy to promote cybersecurity?
In its 2019 Corporate Sustainability Report Sempra Energy reports that it took the following actions for promoting cybersecurity:
- Establishing an information security team
- Sempra Energy’s information security team conducts regular penetration tests and analyses the results to improve existing controls and identify opportunities for improvement. Members of this team also participate in department staff meetings, safety stand downs and safety congresses to provide perspective and training on cybersecurity issues. Individual employees across the company support these efforts as “cybersecurity champions,” sharing relevant information with their teams.
- Implementing an information security awareness programme
- Sempra Energy’s information security awareness programme includes periodic communications, companywide events and campaigns, mandatory annual web-based training, facility-specific town hall events and a cross-business advocacy programme. Sempra Energy supports these efforts with articles, webpage communications and digital signage.
- Using an automated SPAM reporting button
- An automated SPAM reporting button in Microsoft Outlook allows easy one-click reporting of suspicious and unwanted emails. In fact, to keep this reporting option top-of-mind, Sempra Energy’s cybersecurity team utilises “fake” phishing attempts and sends congratulatory messages when employees take the correct action by clicking the SPAM button. Sempra’s 24/7 Information Security Operations Centre (SOC) also responds to reports of suspicious email. The SOC can pull a suspicious email from the enterprise, reducing the risk of infecting other users or devices.
Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?
The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data
Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:
- Sustainable Development Goal (SDG) 16: Peace, Justice and Strong Institutions
- Targets: 16.3, 16.10
78% of the world’s 250 largest companies report in accordance with the GRI Standards
SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.
Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.
7 GRI sustainability disclosures get you started
Any size business can start taking sustainability action
GRI, IEMA, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom (venue: London School of Economics)
- Exclusive FBRH template to begin reporting from day one
- Identify your most important impacts on the Environment, Economy and People
- Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP.
- Benchmarking methodology to set you on a path of continuous improvement
See upcoming training dates.
References:
1) This case study is based on published information by Sempra Energy, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:
http://database.globalreporting.org/
2) https://www.globalreporting.org/standards/gri-standards-download-center/
Note to Sempra Energy: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.