CSL Ltd Annual Report 2021

As we continue to build and improve our information security program, including our business continuity plans, critical event and incident response processes, and security technology infrastructure, we recognise that our security initiatives must support the global scale of our business, and that compliance with local data protection and privacy laws in each region where we do business is imperative. We also recognise that our security posture is dependent on every one of our employees, contractors, suppliers and partners. In order to enable these stakeholders to support our enterprise security priorities, we continue to focus on strengthening security governance, including supply-chain risk management processes to assess whether our vendors can protect our data and infrastructure, and educational updates and training so that our people can recognise and properly respond to a cyberattack or report a privacy breach. Over the reporting period, employees were required to undertake cybersecurity training in security awareness, introduction into phishing, data entry phishing and avoiding dangerous links. At CSL, as we meet the challenges of a new age of cybersecurity risk, we are driven by our commitment to protect the privacy and security of our patients, donors, employees and company data. Ethical conduct CSL operates in a diverse and complex marketplace where bribery and corruption are risks that could expose the organisation and employees to possible prosecution, fines and imprisonment. CSL has a number of commercial arrangements with governments and related agencies across various geographies. Market practices are governed by company-specific policies and procedures. Internal compliance mechanisms and control systems are directly supported by our Global Ethics and Compliance team and subject to additional oversight by CSL’s Global Compliance Committee (GCC), regional committees, and CSL’s Audit and Risk Management Committee of the Board. Based on these controls, we consider our overall risk relating to corruption to be low and are committed to ensuring full compliance in how we conduct our operations across all regions in which we operate and those we are seeking to enter. CSL’s Code of Responsible Business Practice (CRBP) underpins our commitment to operating with the highest integrity in the marketplace. From 1 July 2020 to 30 June 2021, 259 reports were identified for the attention of management through our global hotline. For substantiated allegations, corrective actions were taken to the extent warranted. For matters closed during the reporting period, no allegations resulted in any regulatory action or action by law enforcement authorities. 259 As of 30 June 2021, a total of 259 hotline reports received with no allegations resulting in any regulatory action or action by law enforcement authorities In addition, over the reporting period, our operations conducted an annual assessment of bribery and corruption risk within their businesses. This was achieved by means of a standardised questionnaire that was completed and the responses reviewed with the GCC. During the reporting period, these assessments did not identify any material issues with the Company’s management of corruption risks. CSL’s environmental, social and governance (ESG) performance has been recognised by the FTSE4Good Index Series, a leading sustainability index, for the last ten years CSL Limited Annual Report 2020/21 49