DOWNLOAD THIS CHAPTER

Risk management

Integrated Risk Management System (IRMS) encompasses the entire Group and is embedded into the strategic planning process, definition of the Group’s business targets and day-to-day operations. Risks are classified into six categories which are then subdivided into lower-level categories by source: financial, geopolitical, technological, environmental, social and governance risks.

Climate change

Assessment of possible climate-related impacts in their various manifestations constitutes a very relevant input into the Group’s strategic decision-making. Our climate management and disclosure effort is based on the recommendations issued by the Task Force on Climate Related Financial Disclosures (TCFD). We also follow the recommendations and standards issued by international accounting organisations around climate risk transparency. The sustainability culture that permeates all areas of the Group allows us to progress towards a triple objective: minimising possible environmental and social impacts in our value chain; mitigating our exposure to potential climate change risks; and taking advantage of the opportunities created by a low-carbon economy. We want those opportunities to translate into benefits not only for our company and business model but also for the entire industry and society in general.

Information security

Last year our investment in security increased by 8% year-on-year for a cumulative increase of 56% in the last three years. That, together with the commitment, support and leadership of the organisation’s senior management, makes it possible to continue to pursue the technology and solutions needed to deliver the Group’s strategic Information security objectives.

Data protection

In 2022, we worked on a number of cross-cutting projects to bring implementation of our privacy programme to a new level. For example:

  • Enhanced safe-keeping and elimination of the customer, employee and candidate personal data stored in the Company’s main systems.
  • Improved automation of data protection rights management.
  • Management of third-party risks by working on the implementation and upgrade of the supplier certification procedure in collaboration with other departments in order to ensure that the suppliers that may process personal data for which Inditex is responsible are committed to complying with data protection and privacy requirements and have the organisational capabilities to do so.