Security of operations

At Patria, security of operations covers the comprehensive management of corporate security and the development of related competence. Security and data protection are highly important factors in critical projects. In the defence sector, corporate security plays a central role in ensuring undisrupted operations.

The purpose of Patria’s corporate security is

• to enable Patria to conduct business within its sector with regard to its various areas of responsibility
• to promote and ensure the attainment of Patria’s business objectives by maintaining and developing security
• to safeguard business continuity during various disturbances and exceptional circumstances by ensuring that Patria has prepared for them in advance • to ensure Patria’s reliability as a partner to its customers, the authorities and other stakeholders
• to maintain a level of security that ensures the protection of customers’, other stakeholders’ and Patria’s own information and material. Primary responsibility for corporate security lies with Patria’s business units and group functions, which each take responsibility for matters related to their operations.

Patria’s corporate security division provides operative functions and support functions with a variety of corporate security services. The corporate security unit also steers, develops and monitors the comprehensive management of corporate security, and maintains and develops the related competencies within Patria. Corporate security is divided into: production security, rescue safety, preparedness and crisis management, facility security, management of misuses and non-conformities, information security, and personnel security.

Patria has been granted national Facility Security Clearance. The designated national security authorities (DSA and NCSA) regularly audit Patria’s level of corporate security.

Information security

Patria systematically seeks to maintain a good and sufficient level of information security through management, development, communications, training, continuous improvement, and cooperation with a variety of stakeholders. When developing its information security, Patria follows generally approved best practices and operating models, taking into account any country- and customer-specific requirements arising in different business areas, and especially the requirements of the sector. The aim is to take a variety of measures in different areas of information security to protect Patria’s personnel, customer data, property, reputation and trade secrets. These measures include risk management, security processes, information security architecture, guidelines, audits, personnel onboarding, and improving information security awareness. An important aspect of these objectives is to safeguard business continuity, assurance processes, safety, access control, reporting and the monitoring of information security incidents. All Patria personnel, its management and Board of Directors are committed to following security-related operating procedures, processes and guidelines.

In 2022, Patria continued to increase information security awareness among its personnel and stakeholders through online training, webinars and new forms of internal communication. In conjunction with its organisational restructuring, the company began developing new operating models and control activities for the renewed and internationalising Patria, which is now subject to an increasing number of new requirements. The most significant technical projects of the year were the launch and mobilising of user management and situational awareness development projects. The management and analysis of cyber risks is based on an accurate and up-to-date situational picture, and well-functioning background processes. Uncertainty and instability in Europe have also increased the challenges pertaining to information security. A general increase in cyberattacks, the growing demand for experts in the sector, an increase in digitalisation and new technology, and an increase in new risks and threats are all phenomena in whose management Patria is investing.

Data protection

Patria’s Legal and Compliance function provides support for data protection and prepares Group-wide policies and guidelines for processing personal data. This function also develops and maintains the data protection management model and supports others in the use of data protection processes, such as impact assessments and data processing agreements. As per Patria’s policy and guidelines, everyone who processes personal data at Patria must do so in accordance with data protection legislation and comply with good data processing and management practices. This means that personal data is processed legally, fairly and transparently with regard to the data subject, and only for the intended purpose. The amount of data stored is kept to a minimum, and its accuracy, integrity and confidentiality are taken into account. In 2022, Patria continued to train personnel and mobilise its management model and data protection processes within the organisation.

More about Data protection