Governance
Corporate Governance
Adopting the highest standards of Governance, Quality and Compliance is essential to the success of our business. The Board continue to align its governance practices to, and to disclose any variances against, the 2024 UK Code. The corporate governance of our business is dealt with in extensive detail in the Corporate Governance section of our 2025 Annual Report on page 66
Business Ethics
Our organisation is dedicated to fostering a workplace culture grounded in strong ethical principles and conduct. In recent years, we developed and refined several important policies that are listed in the following table. The most up-to-date versions of these policies can be found in the Sustainability section of our website here.
Cybersecurity
Our cybersecurity programme is continually updated to take into account the changing cyber-threat landscape and to address emerging risks. Our programme puts in place a defence-in-depth, multi-layer security control environment, enabling us to protect, detect, respond and recover from cyber-threats. This multi-pronged approach involves strengthening existing controls, adding additional controls where weaknesses are identified and developing strategic partnerships with technology providers to deploy market leading defensive capabilities. In addition, staff receive quarterly security awareness training and are kept up-to-date with topical cybersecurity news and alerts via our Employee Experience Platform Uniphi.
System & Critical Incident Risk Management
The Group has a robust risk management framework in place, which provides the structure for managing the principal risks of the business. In addition, the quality and regulatory personnel across the Group perform regular risk assessments and have robust validation processes in place.
Critical incident management requires a coordinated response from multiple teams to ensure that any critical incidents (regardless of severity) are appropriately managed. Our internal reporting lines and focus on open communication across divisions and functions ensure that any critical incident identified is managed appropriately.