SASOL Integrated Report 2025_Final_28 August 2025 - Flipbook - Page 133
INTRODUCTION
ABOUT SASOL
STRATEGIC OVERVIEW
BUSINESSES
ESG
REMUNERATION REPORT
DATA AND ASSURANCE / ADMINISTRATION
GOVERNANCE continued
INFORMATION MANAGEMENT AND CYBERSECURITY
Our commitment
Our group approach
We are committed to ensuring a secure information
management and cybersecurity environment by implementing
measures to address and mitigate associated risks.
Information Management (IM) aims to direct the effective and efficient use of IT solutions and services
in enabling the organisation to achieve its goals and strategic objectives, by establishing appropriate
decision-making bodies and governance artefacts such as policies and processes.
IM Governance forms a subset of Sasol
corporate governance with a groupwide
risk management process that is aligned
to international standards and best practice.
Cybersecurity is noted as a Group material
risk for Sasol and oversight lies with the
Audit Committee.
In FY25, we continued to focus on:
Policies and compliance
A Improving our customer experience.
A Growing IM talent and digital enablement.
For more details refer to Risk management on page 37.
A Progressing our cloud journey.
A Improving data quality.
Sasol is dedicated to ensuring compliance with
IM-related regulation and legislation. This
commitment is reflected in our Information
Management Policies and Code of Conduct.
The use of Sasol computing devices, systems
and services is governed by Sasol IM policies and
each user acknowledges these and acceptable-use
when logging onto a Sasol account. Any intentional
non-compliance is addressed in accordance with the
stipulated policies, taking into consideration
jurisdictional implications.
The IM operating model and structure
is approved by the Group Executive
Committee (GEC) of the organisation and
renders a service to all subsidiaries of Sasol.
Regional specific legal and regulatory
requirements are taken into consideration
when delivering IM services and solutions.
PERFORMANCE
A Enabling strategic business and digitalisation
initiatives.
A Exploring the value cases for Artificial Intelligence
(AI) and Generative AI (GenAI) for Sasol.
A Optimising our spend on outsourced services.
A Mobility applications for the retail fuels business.
A Focusing on cybersecurity to secure our
operations and the organisation.
Chief Information
Officer
GEC
EVP Commercial and Legal
Board
Audit Committee
We operate in a financially constrained environment,
however the organisation has sufficient protection
in place and has not experienced any major
cybersecurity incidents that had a material impact
on our business strategy, operations and financial
reporting.
We continuously assess our cybersecurity posture
to identify areas for enhancement, implementing
improvements as needed or schedule them for
future deployment.
IM’s focus for our supply chain is ensuring the
confidentiality, integrity and availability of data,
document retention requirements, data privacy,
information classification and security.
Training and awareness
We have robust information security awareness
campaigns with monthly themes shared with
our employees and service providers. Employees
are enrolled in training on our Learning Management
Systems, which focuses on critical topics for
cybersecurity awareness. Month-to-month
participation ranges from 85% to 95%.
We circulate regular awareness communication
via email on either internal or external events to
share risk with employees. We run regular phishing
exercises and provide feedback to assess employee
awareness risk to management.
The training is not mandatory, however the
participation is tracked and feedback given to
the Group Executive and Senior Vice Presidents
to encourage participation and completion of the
training. Training is also offered to employees on the
use of our IM systems and tools.
SASOL INTEGRATED REPORT 2025 132
The top three areas of training for FY25 were
cybersecurity, AI tools and system-specific training
depending on the job role. Cybersecurity awareness
training is provided to all employees with access to
Sasol computer systems.
Responsible AI
Sasol has established a visionary position to
embrace, accelerate and unleash the potential
of AI and GenAI to ensure we stay relevant and
enable safe and responsible innovation.
We have established robust guardrails to guide our
employees in the secure, ethical and responsible
use of GenAI technology. These strike a balance
between maintaining governance and allowing
sufficient flexibility to accelerate adoption for the
benefit of Sasol. They encompass an AI and GenAI
policy, a governance committee, approved AI
technology for use in Sasol, and a framework for
data accuracy.
Environmental stewardship
Sasol is committed to the environment and applies
responsible disposal of its e-waste according to
IS014000 standards. Paper recycling, reducing
printing by using e-signing, and moving our data
centres from on-premise to Cloud is part of our
commitment to sustainable computing.
