Wärtsilä is committed to creating and maintaining a safe and healthy work environment for its employees, contractors, and other partners, wherever it operates. Wärtsilä believes all accidents can be prevented by promoting a strong safety culture, improving our performance, and by applying high-level occupational health and safety standards.
Wärtsilä has implemented occupational health and safety systems, training programmes, travel health and security instructions, and crisis management guidelines to safeguard its employees. Personnel are covered by appropriate insurance policies. To emphasise the importance of employee safety, the Board of Management has established a corporate-level target of zero lost time injuries, which is part of the company’s sustainability programme. Every year Wärtsilä organises a Safety Day to enhance safety awareness, promote safety and wellbeing measures, strengthen our safety culture, and celebrate our success in safety.
Environmental management systems are in place to mitigate environmental hazard risks. Wärtsilä maintains a register of all properties used and provides guidelines for the acquisition, sale, disposal, rental, and security of premises. Additionally, the company engages external advisors to conduct environmental audits.
Wärtsilä's approach to preventing environmental risks from its own operations involves strict adherence to its public policies, the Code of Conduct, and the Quality, Environmental, Health and Safety policy, all of which emphasise continuous environmental improvement. The company requires all suppliers to have an environmental management system compliant with ISO14001 or the Eco-Management and Audit Scheme (EMAS), and to comply with regulations by eliminating or restricting hazardous substances. Cooperation with suppliers is essential for managing environmental risks and ensuring compliance with substances of concern. Wärtsilä utilises a “Black & Grey list” to classify restricted and prohibited substances, which is updated continuously in order to meet regulatory requirements.
Climate change poses a variety of impacts on Wärtsilä throughout our supply chain, our own operations, and our customers’ needs. These include potential physical risks to our sites and employees, mainly as a result of increased global average temperatures, and the increased frequency, as well as intensity, of heatwaves and flooding due to extreme precipitation events.
Wärtsilä assumes a modest climate change impact risk on its main production facility in Finland and its warehousing facility in the Netherlands as these are not located in the natural disaster areas of extreme weather events, earthquakes, or wildfires. Certain smaller sites have a higher risk of physical effects, although they do not represent an overall major financial risk to Wärtsilä.
More information can be found in the Sustainability statement of the Annual Report.
Catastrophic peril scenarios are identified and, where necessary, risks are mitigated through measures such as elevating sites above flood risk levels, or constructing flood dikes. Comprehensive business impact analyses and continuity plans have been implemented for major sites to address property damage and business interruption risks. When delivering customer projects in locations prone to extreme weather events, Wärtsilä prioritises the safety and wellbeing of its employees and subcontractors, and meticulously plans operations to ensure their protection.
With the rapidly growing use of data in shipping, shipbuilding, and in the energy markets, cyber threats can potentially result in various forms of financial, operational, or reputational damage to the business.
The digital era has brought a constantly evolving cyber threat landscape. New attack vectors and advanced techniques are emerging, challenging traditional defences. The sophistication and frequency of threats, such as ransomware and state-sponsored intrusions, have notably increased. Managing advanced attacks requires a proactive approach with continuous monitoring, threat intelligence, and rapid response. The NIS2 Directive, now in force across the EU, significantly enhances requirements for the security of critical infrastructure and digital service providers. For corporates, such as Wärtsilä, this means implementing stricter requirements for incident reporting, risk management, and the adoption of advanced cybersecurity measures.
Wärtsilä has an internal organisation dedicated to the effective management of cyber security risks throughout the Wärtsilä Group. This organisation, in cooperation with Wärtsilä’s businesses, delivers strategic and operational support for cyber security. It also provides the associated governance, risk management, and assurance required to support and enable safe and secure internal operations, while aiming to ensure that the businesses’ customer offerings are aligned with all relevant current and future regulations and applicable standards.
The Wärtsilä cyber security governance model is closely aligned with overall business risk management, and supports the businesses and support functions in identifying and prioritising their respective cyber security risks. The cyber security team works with security colleagues across Wärtsilä to ensure the effective and coordinated delivery of holistic security solutions, for both the cyber and physical domains.
Information security risks related to Wärtsilä’s internal operations are continuously identified, analysed, and evaluated. The attendant mitigation activities are executed throughout Wärtsilä’s networks, endpoints, systems, and services. The 24/7 Wärtsilä Security Operations Center continuously monitors the perimeter to internal systems and closely observes the external threat exposure level, while providing a coordinated response to identified information security incidents, as and when they may occur.
The effective mitigation of risks associated with cyber security hygiene throughout Wärtsilä is continuously and progressively reinforced through coordinated and complementary cyber security training, awareness initiatives, and extensive communication. This involves all Wärtsilä businesses and corporate functions. Wärtsilä has identified the need to mitigate the cyber security risks associated with its supply chain. The company has addressed this need through a comprehensive risk-based third-party risk management programme, involving both increased opportunities for the remote and objective assessment of suppliers, as well as the continuous monitoring of the supply chain cyber security risk.
It should be noted that Wärtsilä has achieved numerous cyber security certifications, and is in the process of further aligning with international standards and certifying the cyber security of its processes, products, and solutions. Wärtsilä maintains ISO 27001 certification on the protection of its information assets and enhancement of its overall information security posture.
The EU’s General Data Protection Regulation (GDPR) sets out the general framework for Wärtsilä’s data protection, which is applied both inside and outside the European Economic Area. Data protection implementation is supported by, and aligned with, Group-wide privacy policies and processes.
Wärtsilä applies a risk-based approach to privacy and data protection and continues to take further actions to strengthen privacy and data protection implementation to mitigate risks by accountability, privacy by design, data minimisation, and transparency.
Wärtsilä continuously improves employee data protection awareness with mandatory data protection (GDPR) training, targeted training sessions, communication activities, as well as comprehensive guidance materials.
Wärtsilä continues to invest in the development of data protection platforms to support data protection management and implementation.
Wärtsilä mitigates risks outside its direct control by transferring them to insurance providers whenever it is practical and appropriate. For a risk to be insurable, any occurring damage must be abrupt, sudden, and unforeseen.
Wärtsilä employs suitable insurance policies to cover indemnity risks pertaining to personnel, assets, and business interruptions— including those induced by suppliers—as well as third-party and product liability. Wärtsilä owns a captive insurance company, Vulcan Insurance PCC Ltd, to insure its own risks. For re-insurance purposes, this company is based on the island of Guernsey. The financial results of Vulcan Insurance PCC Ltd are consolidated into Wärtsilä's corporate accounts and are subject to standard taxation in Finland.