Pursuing business sustainability and growth
Mining is a long-term business, and our business strategy aims to create sustained value over the period of our mining operations and beyond. This involves the careful allocation of resources to actively manage our activities as we try to mitigate negative impacts from our operations and ensure positive outcomes. We look to continually improve the value proposition we provide to our hosts and investors, creating more growth opportunities.
In 2022, we continued to implement our new Operating Model, both in response to the external environment and internal performance requirements. Our 2022 <IR> provides a comprehensive account of the progress we have made.
At the same time that we seek to improve our business sustainability, we seek to enhance the significant opportunities that mining can present, and to positively contribute to national, regional and global economic and social development. As an industry, we continue to work on establishing meaningful relationships and building trust with all our stakeholders.
Building trust also requires that we continue to strengthen integrity within our own organisation and the way in which we conduct business. As we consistently strive to generate competitive shareholder returns and create value for everyone with a stake in our Company, we recognise the enduring importance of acting ethically at all times and ensuring that our business practices meet the highest standards of integrity in line with the values of our Company.
Addressing cyber safety
Our continued investment in technology, coupled with strong governance, a robust policy framework and business operating processes, provides employees with a well-functioning, stable and secure working environment.
After executing continuous improvement programmes for IT security during 2021, we continued in 2022 with our global cyber safety programme for operational technology. A comprehensive site review was launched for five mining operations, covering Australia and Africa. The information gathered from the sites highlighted the embedded cyber risk for operational systems and the work required to bring operational technology cyber risk to the forefront. A detailed multi-year mitigation programme is being developed to address all the risks identified from the 2022 assessments. Although each site is unique in their design, all the sites share the same top 10 residual risks, and the first priority is to reduce these risks to a manageable level. The programme also saw the deployment of a global real-time monitoring platform that will integrate into our existing 24/7 cyber operations centre.
In line with our commitment to our first value, Safety, the cyber team was rebranded as the cyber safety team. This indicates that all cyber matters should be considered in light of how they influence overall safety. Ensuring our people are equipped with the right knowledge to counter cyber safety and security threats is key to the organisation becoming cyber resilient. Several cyber awareness courses were issued to users within our organisation. In particular, global focus has been given to employee awareness with the launch of the Human Firewall campaign, where we aim to empower all employees to not only recognise cyber risks but also protect the AngloGold Ashanti operating environments and contribute to overall system safety. Additionally, the cyber safety team conducted several threat simulations during the year to identify areas of risk for mitigation.
We remain committed to minimising risk to the organisation and continuously improving security by aligning all our security controls to the International Society of Automation IEC 62443 and National Institute of Standards and Technology (NIST) Cybersecurity framework for critical infrastructure. All policies and procedures are reviewed on a regular basis and audited for compliance. In line with industry transparency, our external Security Score by an independent validator is available online.
High-risk suppliers are identified by considering the type of category, value, volume and known risks provided by or associated with the supplier. Such suppliers are subjected to risk monitoring by our independent market intelligence contractor, the information management and compliance departments, including adverse media and sanction alerts, production, cybersecurity, country, civil liberties and freedom status risks. In cases where we identify or suspect a risk, suppliers are approached with the details of the risks and requested to develop a corrective action plan. This approach provides a fair opportunity to manage the risk and reduce or avoid unintended consequences. If a supplier refuses the remediation, or is not able to demonstrate progress towards resolution, the matter is then escalated and may result in review of the supply relationship.
All cyber matters
should be considered
in light of how they