Loomis has implemented routines and processes to uphold the ability to safeguard confidentiality, integrity, availability, and traceability of the group’s information assets. As the external cyber threats are continuously evolving due to, for example, the development of generative AI and geopolitical situations, the ability to detect deviations and attempts to disturb Loomis' IT infrastructure is constantly strengthened. The Loomis Group Information Security Management System (ISMS) is evolving to facilitate a centralized approach to mitigate risks, where the decentralized Loomis organization will benefit from centrally managed information security threat mitigation strategies.

All Loomis entities are working towards the implementation of an information security management system based on the ISO27001/2 standard, with two subsidiaries holding ISO certification. EU-regulated Loomis entities are actively working on compliance with NIS2, while regulated subsidiaries are ensuring adherence to DORA. 

A security awareness program is running. The intention of the program is to strengthen the information security awareness for all employees and consultants within the Group. The program is managed and monitored by Loomis AB as part of the ISMS with local support from country representatives. The program should, as a minimum, include security awareness training, phishing campaigns to ensure information security awareness in the handling of e-mail, security awareness material grouped per predefined functions in the Group, and Cybersecurity Awareness Month activities.

Information security awareness programs are used to mitigate the risk of misuse of information assets from internal and external IT users. To uphold digital operational resilience, the Loomis business stakeholders provide IT with requirements for digital resilience, which in turn form the basis for continuity plans and the management of critical ICT suppliers.

Data protection and information security are prioritized, with procedures in place to ensure information security in outsourced data processing. The company also addresses controversies relating to data protection and information security, ensuring proactive measures to mitigate risks. Information security incident management processes are established to respond effectively to any security breaches or incidents.

By continuously strengthening its ISMS and adhering to regulatory requirements, Loomis aims to maintain robust information security practices across its operations.