AI Content Chat (Beta) logo

All team members are encouraged to prevent and Including other incoming reports, we handled Every Hilti Group subsidiary is 昀椀rmly committed report violations of legal regulations or internal 222 cases in 2023, of which 167 are completed, 52 are to upholding the fundamental principles of data guidelines. We have numerous options and still pending and two are on hold. Of those completed, protection and ensuring the enforceable rights of data contact channels for trustworthy and anonymous 84 led to disciplinary measures while 68 have been subjects. This commitment serves to provide robust reporting. Our team members can contact the local closed without 昀椀ndings. 37 cases were closed with safeguards for the transfer of personal data outside the and regional compliance of昀椀cers, the corporate other measures. More than 60 percent of our case EU within the Hilti Group. Our team members receive compliance department, the CCO and the anonymous reviews are related to minor inter-company matters. data protection training tailored to their speci昀椀c job whistleblowing hotline, “SpeakUp”. In the reporting roles and the data protection regulations pertinent year, 81 incidents were reported through our to their respective countries. For instance, in our whistleblower procedure (see graphic below). We Product Regulatory Compliance South African entity, we’ve introduced specialized diligently review all reported incidents to ensure that training on the Protection of Personal Information Act. facts are clari昀椀ed and systemic problems or patterns We have positioned ourselves as an innovative, Furthermore, within our software development units, are identi昀椀ed. We ensure that the rights of both premium provider in our industry, fostering fair we have introduced dedicated face-to-face training the whistleblower and the involved person are not competition and driving technical progress and sessions that cover data protection. compromised (non-retaliation policy). digitalization. The Product Regulatory Compliance (PRC) function, reporting to the CCO, acts Cybersecurity is a top priority within Hilti and is Incoming Messages independently of the business units and supports supported by various technical and organizational and monitors the ful昀椀llment of product regulatory measures. The Hilti Cybersecurity Policy follows 80 requirements across the various areas of the company. the latest ISO 27001 standard and provides the In this role, the Compliance Of昀椀cer also provides baseline for our IT control catalog. This serves the 70 legal databases, in addition to those of the technical ambition to ensure reliable, maintainable and effective 60 departments, to ensure timely access to information on control management. On top of this, regular audit 50 regulatory developments. engagements are performed to provide an independent 40 third-party opinion of our control environment, which 30 is re昀氀ected in Hilti’s ISAE 3000 attestation. Beyond 20 Data protection & cybersecurity this, Hilti heavily focuses on capability improvements, 10 such as IT governance, network security and In 2022, we obtained approval from the Liechtenstein privilege access management, securing more than 0 Data Protection Authority for our 1000 privileged users. We additionally invest in Binding Corporate 2016 2017 2018 2019 2020 2021 2022 2023 Rules ongoing security testing capabilities, ranging from , following the European Data Protection Board’s favorable opinion and active engagement with all penetration tests and attack simulations to purple/red relevant EU supervisory authorities. Upholding the teaming exercises to further strengthen our cyber- application of these binding corporate rules within Hilti attack resilience. Our Security Operations Center is requires a sustained effort, encompassing training, continuously increasing their detection use cases, audits, updates and meticulous documentation. ensuring transparency across the company against

2023 Sustainability Report - Page 58 2023 Sustainability Report Page 57 Page 59