Enterprise Risk Management

This program focuses on four key areas:

1. Workforce — Sustainment of workforce, productivity, and ensuring appropriate employee responsiveness during a disruption.
2. Business — Continuance of critical business, manufacturing and distribution processes.
3. Technologies — Data integrity, security and essential continuance of critical technology infrastructure crucial in delivering products and services.
4. Supply Chain — Mapping, alternate arrangements, logistics, and security of raw materials and vendor supply services.

West’s BCM program aligns with ISO : 22301 (Security and Resilience — Business Continuity Management Systems — Requirements) and the Business Continuity Institute’s Good Practice Guidelines.

Business Continuity Plans for each of our manufacturing sites are a critical part of our BCM, ensuring plans are in place in the event of an incident that could cause a potential disruption at a site.  These Plans lay out clear roles and responsibilities  and include risk assessments for each site along  with steps to mitigate risks. 

Our BCM program ensures appropriate Risk Identification and Mitigation, Crisis Management, Business Continuity and Disaster Recovery Plans are all in place, linked and regularly monitored to facilitate organizational resilience. This includes active engagement in monitoring enterprise critical risks  and mitigation strategies with Board of Director oversight. This program ensures that we are best prepared to continue the delivery of products and services at acceptable predefined levels following  any disruption.

West’s continued investment in and emphasis on effective business continuity management provides a solid framework for further building organizational resilience with the capability of an effective response that safeguards the interests of our stakeholders, reputation, brand, and value-creating activities.

Cybersecurity

Cybersecurity is one of the main focus areas of our BCM program, and we are committed to maintaining strong cybersecurity program to protect West critical infrastructure, our information asset, our customers, and other stakeholders’ information. 

2021 was a unique year and cybersecurity was a key concern for businesses, organizations, and governments across the entire globe. The continuation of remote work as a result of the pandemic left organizations vulnerable to sophisticated cybercrime. West responded to these increased attacks by proactively and frequently educating team members on how to recognize threats through global Cybersecurity Awareness speaker events, a simulated phishing attack and a cadence of ongoing communications.

Key cybersecurity strategic initiatives in 2021 included eliminating legacy VPN services, implementing a global vulnerability Management and Penetration Testing program, establishing a global 24x7 Security Operations Center, and enforcing a policy to block access to external storage devices to protect against transmission of malicious files. 

Our Cybersecurity program is actively monitored by our Board of Directors and the Audit Committee, both of whom receive update reports at each formal meeting. West continues to collaborate with government agencies (Department of Homeland Security, Cybersecurity & Infrastructure Security Agency and FBI Cyber Division) to conduct Cybersecurity Assessments and gain insight into our operations and cybersecurity capabilities.

Our Global Cybersecurity Strategic Plan focuses on how we can continue to reduce risk through certain key areas, including:

• Vulnerability management
• Penetration testing
• Routine audits
• Product modernization
• Cybersecurity awareness and education
• Training

Proactively focusing on this Plan helps to minimize the threats for disruptions, and reduce the time to detect and respond, enabling a quicker recovery and return  to normal operations.