Governance Topics
Data Privacy & Cybersecurity
Management Approach
Belimo prioritizes data privacy and cybersecurity to safeguard sensitive information and protect against cyber threats. The Group follows strict standards, ensuring the confidentiality and integrity of personal and other sensitive data. By adopting a proactive approach that includes rigorous measures, active stakeholder engagement, adherence to best practices and regulatory standards, investment in education, and continuous monitoring, Belimo effectively mitigates risks and maintains the trust of its customers, employees, and other stakeholders.
Cybersecurity
Stakeholder Engagement, Training, and Investments
Belimo involves stakeholders through activities such as tabletop exercises, training sessions, and Lunch & Learn events, all designed to raise awareness about cybersecurity issues and teach individuals how to respond to potential threats. Stakeholders have expressed appreciation for Belimo's professional approach, highlighting the Company's focus on high standards.
Training and awareness programs are a critical component of Belimo's strategy in this area. Regular programs equip employees with knowledge of the latest threats and best practices. An awareness campaign is scheduled for 2025, aiming to further strengthen Belimo’s efforts.
Belimo also plans significant investments in employee education, technology and organizational development to counter emerging threats, and reinforce its protective framework. Upcoming projects include addressing gaps identified in the assessment of the NIST CSF 2.0 (National Institute of Standards and Technology Cybersecurity Framework, USA) underscoring Belimo's dedication to continuous improvement and proactive risk management.
Compliance and Implemented Technical and Organizational Measures
Belimo ensures compliance with cybersecurity regulations by involving all relevant stakeholders in the assessment, design, and implementation process. This approach helps the Group to meet legal requirements and maintain high standards of data protection. By involving senior management in the compliance process, Belimo makes data security a top priority throughout the organization.
Belimo has implemented several key measures to strengthen its cybersecurity framework and practices. The company follows the NIST CSF 2.0, has conducted a cyber risk assessment, and established the role of a Chief Information Security Officer supported by functional information security coordinators as part of the growing cybersecurity community. Additionally, a highly qualified cyber incident response team with ample resources has been set up to enable swift and effective responses and recovery, ultimately fostering cyber resilience.
Belimo has a robust system in place for incident reporting and response. The external Security Operations Center and the internal cybersecurity response team operate 24/7 and have effectively managed all incidents to date. Key lessons learned include the importance of clear communication channels, fast response, prepared templates, and ongoing training.
To measure its performance in these areas, Belimo uses a third-party service to monitor its cyber rating. This external evaluation provides an objective measure of Belimo's cybersecurity posture and highlights areas for improvement.
Data Privacy
Data Protection
Belimo is committed to responsible data processing in accordance with the statutory provisions, and continuously improves its data privacy management system. In 2023, Belimo updated its Group Directive to align with the revised Swiss Data Privacy Act and launched an extensive communication and awareness initiative.
The Belimo Data Protection Committee promotes a culture of compliance and risk mitigation in data handling, while also providing privacy-related guidance in business and decision-making processes. This Committee plays an advisory role across all of Belimo entities, supporting them in meeting their data protection obligations.
Employees receive data protection training upon onboarding and at regular intervals thereafter, together with cybersecurity awareness trainings.
Compliance and Implemented Technical and Organizational Measures
The Group Directive on Data Protection defines principles, rules, and guidelines for processing personal data (under reservation of mandatory provisions in individual countries) and stipulates that any cross-border transfer as well as transfer of personal data to third parties must only be made if the corresponding legal requirements are met. Contractual conditions and clauses protect Belimo’s customers, partners, and employees, binding all Belimo Group companies and external data processors to strict standards. Furthermore, Belimo incorporates data protection early in the product development process to ensure privacy by design.
In 2024, Belimo is not aware of any data breaches or complaints concerning breaches of customer privacy (2023: none).