Information security and risk oversight
According to EDP’s Articles of Association, EDP’s General and Supervisory Board is primarily responsible for (i) overseeing and supervising the activity of the management of EDP, (ii) advising and assisting the Executive Board in relation to strategy, achievement of goals and compliance with applicable laws; (iii) delivering its opinion about the management report and annual accounts; and (iv) various other functions as described in EDP’s Articles of Association. The activity carried out by the General and Supervisory Board covers, therefore, all the matters related to digital, information technology, and cybersecurity.
Within the scope of the activities carried out by the GSB, all of its members are responsible for monitoring matters related to digital, information technologies and information security, including cybersecurity. In addition, certain members bring specific professional experience in these areas, as reflected in the information contained in their respective CVs, thereby strengthening the GSB’s position in overseeing these themes.
In particular, the Financial Matters Committee, which comprises four members, three of which are independent, considers cybersecurity and information technology risks while monitoring EDP’s enterprise risk management system. The FMC monitors the activity of Digital Business Enablement Function by supervising the information and communication technology (or "ICT") governance model, ICT information security policies and standards, as well as control mechanisms (cybersecurity and technological risks), with a view to assessing the effectiveness of plans to mitigate the main risks, especially those related to the attacks that may occur on EDP's information and communication systems. The committee also addresses the main activities planned, in which the focus will be on consolidating the roadmaps of initiatives related to information technology (IT) and operational technology (OT) systems, as well as the structure of the global organizational model with the aim of improving the EDP Group's defences.
The Executive Board of Directors (EBD) is supported by Specialised Committees, including the Digital & Tech Committee.
The Digital & Tech Committee has the following functions:
1. To ensure alignment of the global strategy in the areas of Digital and Information Technologies, including information security.
2. To define and consolidate the global budget for Digital and Information Technologies, including information security.
3. To monitor the implementation and progress of the main Digital and Information Technologies projects.
The Digital & Tech Committee is chaired by a member of the Executive Board of Directors (EBD), Ana Paula Marques, who is responsible for reporting to the Financial Matters Committee (FMC) on enterprise risk management matters.
The Digital Business Enablement Function's mission is to make EDP a truly digital organisation by defining a global technology strategy and vision for the Group, integrating digital technology into business domains, and transforming the way of working and adding value.
The Cybersecurity Committee meets on a regular basis to:
1. Define guidelines for the strategic planning of information security;
2.Assess the company's cybersecurity risks;
3.Monitor scenarios of major incidents in the energy sector and the organisation's cybersecurity risk profile.
Each meeting of this Committee includes the participation of the business unit management teams, as well as a member of the Executive Board of Directors (EBD).
The status update of the EDP Group cybersecurity report, including matters related to risk, is presented annually to the members of the General and Supervisory Board.
