Corporate Sustainability Report - Flipbook - Page 61
Sustainability Report
CYBER SECURITY
Strategy and governance
In an increasingly interconnected digital
landscape, Access recognises cybersecurity
as a critical strategic imperative that extends
far beyond technical infrastructure. Our
comprehensive approach to digital resilience
integrates advanced technological solutions,
robust governance frameworks, and a culture
of security awareness that permeates every
level of the organisation.
Access aligns its cybersecurity approach
with the National Institute of Standards and
Technology (NIST) Cybersecurity Framework
(CSF) continuously, leveraging its best practices
to drive ongoing improvement in its cyber
defence and response capabilities against an
ever-changing threat landscape.
We have established policies and procedures
that provide the foundation upon which
Access’ infrastructure and data are managed.
We also use a systematic approach to
managing cybersecurity risks throughout the
merger and acquisition (M&A) lifecycle.
This includes pre-acquisition security
assessments and due diligence, evaluating
each target’s security posture, compliance
status, and potential vulnerabilities against our
established security standards.
Upon deal closure, we implement a tailored
security onboarding plan for integrating the
acquired entity into our enterprise security
architecture, including deployment of our
core security monitoring tools, vulnerability
management systems, and access governance
frameworks.
This methodical process, ensures all
acquisitions achieve compliance with our
security policies while minimising operational
disruption, protecting sensitive data, and
maintaining stakeholder trust throughout the
integration journey.
Access’ in-house cybersecurity team
works with external third-party specialists
continuously to monitor and develop
capability in this area, as a critical business
continuity activity. Access deploys world
class security tooling to defend the company
against malicious activity such as denial of
service attacks, malware, credential theft and
ransomware events.
Centralising identity governance has enabled
continual review and recerti昀椀cation of user
access and supports application of the
principle of least privilege across our systems.
Cybersecurity is overseen by the Chief
Information Security O昀케cer, along with
oversight by the Security Steering Committee,
and is an agenda item for the quarterly Audit
and Risk Committee meetings.
Industry recognised, independently
veri昀椀ed
Access is certi昀椀ed to ISO27001:2022 across
our business and is audited independently
to this international standard to ensure that
best practice is maintained in all information
security processes.
We are externally benchmarked against
industry peers on an ongoing basis through
the BitSight platform where we have achieved
an ‘Advanced’ rating.
61
