Our sustainability efforts are governed by a process involving all levels in the company.
-
The CEO and Arjo Management Team are overall responsible for the sustainability agenda, and decide on targets, provide guidance moving forward, evaluate reported results, identify items for improvement, and implement plans and activities throughout the organization. The sustainability efforts are operationally managed by the EVP HR & Sustainability.
-
Arjo’s Board of Directors receive regular updates on the current status, target realization and plans for the future, and evaluate and provide input to the sustainability agenda twice a year.
-
Cross-functional teams are in charge of leading projects, achieving targets and subsequent follow-up.
-
Line managers are responsible for ensuring their employees understand and act in accordance with our Code of Conduct and sustainability agenda.
-
Internal data collection forms the basis of reporting. As of 2023, reporting will adhere to Global Reporting Initiative (GRI).
Quality & Regulatory Compliance
Quality & Regulatory Compliance
A number of authorities contribute to ensure that medical devices are safe and well-functioning.
It is important that Arjo complies with the rules that apply in the markets where our products are sold.
A number of authorities contribute to ensure that medical devices are safe and well-functioning.
It is important that Arjo complies with the rules that apply in the markets where our products are sold.
Whistleblower function
We stress the importance of identifying suspicions of any wrongdoing at an early stage. Employees are encouraged to inform of any situation where there is evidence or suspicion of corruption or other ethically unacceptable actions. Customers, subcontractors and other stakeholders can also raise their concerns anonymously, by using our whistleblower communication channel, managed by the external party WhistleB Whistleblowing Centre.
The communication channel can be reached on any device, including smart phones.
The communication channel can be reached on any device, including smart phones.
Cyber Security
Arjo is dependent on IT and its surrounding infrastructure and thus is exposed to the risk of cyber-attacks and any type of data security breaches.
To mitigate all potential cyber security threats, Arjo works actively with risk assessments of its IT infrastructure and handling of sensitive data, and testing thereof, and has a governance structure in place to manage cyber security. This includes IT General Controls (ITGC) covering operational measures and procedures to monitor and respond to data breaches and cyberattacks. On a yearly basis Arjo conducts internal and external security audits, vulnerability assessments and penetration tests to constantly analyse risks, and to adapt and secure our systems, processes and data. All employees are trained on cyber security and data compliance & protection, and training for newcomers is part of the onboarding process.
Arjo is committed to respect the confidentiality, integrity and availability of all individuals’ personal data it processes, and to safeguard the data through policy and technical controls. Arjo’s Data Protection Compliance Policy outlines how personal data must be handled to ensure compliance with any local data compliance regulations, i.e., GDPR, HIPAA, and COPPA. Arjo is preparing for the ISO 27001 certification in the next two years.
To mitigate all potential cyber security threats, Arjo works actively with risk assessments of its IT infrastructure and handling of sensitive data, and testing thereof, and has a governance structure in place to manage cyber security. This includes IT General Controls (ITGC) covering operational measures and procedures to monitor and respond to data breaches and cyberattacks. On a yearly basis Arjo conducts internal and external security audits, vulnerability assessments and penetration tests to constantly analyse risks, and to adapt and secure our systems, processes and data. All employees are trained on cyber security and data compliance & protection, and training for newcomers is part of the onboarding process.
Arjo is committed to respect the confidentiality, integrity and availability of all individuals’ personal data it processes, and to safeguard the data through policy and technical controls. Arjo’s Data Protection Compliance Policy outlines how personal data must be handled to ensure compliance with any local data compliance regulations, i.e., GDPR, HIPAA, and COPPA. Arjo is preparing for the ISO 27001 certification in the next two years.