We had no significant cyber security incidents with a material impact in 2020.
Our use of advanced technology – such as automated trucks, drills and trains, and remotely operated drones – means that we must continually enhance the resilience of our IT systems against cyber attacks that could affect our production, the health and safety of our employees or operations, or the environment. In 2020, this improvement and response work included infrastructure upgrades and enhanced tools for data classification and protection.
As a result of the COVID-19 pandemic, we saw a significant increase in the number of employees working remotely. In response, we expanded our IT capacity – including scaling up secure access to key tools such as email, Microsoft Teams and SharePoint.
In partnership with a third-party expert, we carried out an extensive review of our network to identify potential critical vulnerabilities, extending the initially planned scope to more thoroughly assess areas of risk associated with a larger remote workforce. This review focused on external-facing systems such as internet access and external providers. It identified no critical vulnerabilities.
Despite the COVID-19 travel and site access restrictions, we carried out the assurance work planned for Oyu Tolgoi, in Mongolia.
We also formed a strategic partnership with Microsoft to use emerging technologies that will help us improve security and compliance, enable more effective governance through better visibility, continuous monitoring, and actively prevent risk through technical control measures.
With an increased focus on the controls and practices that protect our digital information and assets, we also updated our Group Standard for Acceptable Use of Information and Electronic Resources and the Group Procedure for Information and Cyber Security. The revised Standard and Procedure align more closely to the Rio Tinto Risk Management Standard, incorporate areas of emerging risk such as social media, and improve compliance by providing clearer accountability and escalation processes.