Governance
ams OSRAM would not be able to achieve its sustainable business success without the trust of its stakeholders such as customers, employees, investors, and suppliers. We strengthen this trust by means of transparent and responsible corporate governance.
Governance on ESG
Sustainability means responsibility to customers, employees, shareholders, society and the environment. Our approach to sustainability is the foundation of our licence to operate and an enabler for future business. Throughout our value chain, we emphasise the careful use of resources, environmental protection, good working conditions, health and safety, and respect for human rights. As a member of the UN Global Compact and the Responsible Business Alliance, we recognise their principles for sustainable business practices. In the Sustainability Policy* we provide an overview of our corporate values, policies, guidelines, reports and certificates, as well as links to the referenced documents.
Ensuring the sustainable development of the company is a key factor in all management decisions at ams OSRAM. In order to achieve this strategic goal, the Supervisory Board of ams-OSRAM AG has established a committee for environmental, social and governance issues ("ESG" and the "ESG Committee").
Further information on corporate governance, such as the ESG Committee Charter or the Composition and Diversity Policy, can be found on our website under "Corporate Governance".
*We consider CSR and ESG to be synonymous with sustainability.
Compliance & Whistleblowing
It is our goal to effectively promote doing business in a legal and ethically sustainable manner. Our Compliance Management System (CMS) builds the fundamental framework to achieve this goal.
The CMS focuses on preventing violations of applicable Anti-Corruption, Antitrust, Data Privacy, Anti-Money Laundering and Export Control regulations through internal policies and training, detecting violations that have occurred, and responding to them with the necessary measures to prevent them in the future (Prevent - Detect – Respond).
Whistleblowing
If you become aware of any unethical or illegal practices related to ams OSRAM own business or our supply chain, please use our secure electronic reporting channel "Tell ams OSRAM" to inform us about potential risks or violations.
"Tell ams OSRAM" is available 24/7 to employees and third parties, and is multilingual, confidential and anonymous. All reporters of good faith are protected against retaliation as a matter of course.
Please help us identifying potential wrongdoing. Your voice matters and we need your support.
Further information can be found in the documents linked in the dowload section at the end of this page.
Supplier Management
As a global company with a vast network of suppliers, ams OSRAM recognizes its responsibility towards the environment and society across its entire supply chain. We are deeply committed to this responsibility and implement standardized risk analyses, tools, and processes to guide our selection of international partners and our collaborative efforts with them. Furthermore, we have established internal and external control mechanisms, specifically designed to ensure our compliance with human rights obligations, especially in relation to conflict minerals.
Quality
ams OSRAM stands for a high quality standard, safety and reliability of its products and solutions. At ams OSRAM, product safety starts with product development, accompanies the procurement and production process, and is an essential aspect for our customers during the product life cycle.
We regularly have our processes and management systems certified to ISO 9001 and, for automotive customers, also to IATF 16949. In the course of integration, there will be joint certificates in the medium term.
Cyber Security
The increasing digitization of business processes makes the reliability and security of the company-wide system infrastructure extremely important. Regulatory requirements for the protection, integrity, and availability of data are also on the rise. For ams OSRAM, as well as for our stakeholders cyber and information security are of great importance.
Contact Information
Contact: security@ams-osram.com
Incident management via 'Tell ams OSRAM'
Further Information on Cyber Security
The board of ams OSRAM has defined a global information security strategy aligned with the company's risk management and business strategy. The Information Security Management System (ISMS) has been globally certified according to the ISO27001 standard.
Governance of Information Security
As part of the overall information security strategy, ams OSRAM has established a global information security organization coordinated by a Corporate Information Security Officer (CISO). The CISO reports directly to the Chief Information Officer and reports at least quarterly to the board members in the "IT Board," defined as the company's "Information Security Committee." Responsibility for cyber and information security within the board lies with the Chief Financial Officer (CFO) and the Technology Committee for the Supervisory Board. Identified cybersecurity risks are also addressed within the framework of Enterprise Risk Management and monitored by the Audit Committee.
Information Security Policy
The board of ams OSRAM has issued company-wide policies for information security and data protection. The CISO leads and oversees the implementation of the Information and Cyber Security Management System (ISMS), including this policy worldwide. Mandatory training on information security and data protection ensures that employees are familiar with relevant security policies and procedures. Global awareness tests are conducted regularly. All employees are bound by the applicable laws to protect the personal rights of others and to protect the company from harm through responsible behavior in line with the training. Effective prevention against information and data protection risks is an important part of our management approach, leadership responsibility, and individual behavior.
To extend our data protection and information security requirements to our suppliers, we have included them in our Supplier Code of Conduct: We require our suppliers to protect the personal data of their employees and business partners and to use it only for legitimate purposes. The laws on data protection and information security and regulatory requirements must also be observed when collecting, storing, processing, transmitting, and sharing personal data.
Our ISMS includes all relevant elements such as governance, risk management, information and system management, threat and incident management, and business continuity management. This includes not only monitoring and responding with adjustments to security risks (threats). Rather, threat and incident management is part of ams OSRAM's global incident and crisis management. Additionally, an emergency service provider has been contracted in case of a severe cyber-attack.
Our ISMS is externally validated. The ISO 27001 certification covers the global ISMS process of ams OSRAM, and individual production sites are certified according to ISO27001 or TISAX concerning local (physical) security requirements. Furthermore, the
ISMS is continuously improved, and its effectiveness is monitored through internal audits and vulnerability analyses. In addition to the annual external re-certification within the framework of ISO27001 and TISAX certifications, Corporate Audit initiates at least one external verification audit of information security-relevant processes and procedures annually, such as so-called Table Top Exercises or simulated hacker attacks. All automotive production sites worldwide are also certified at least with TISAX Level 2 and at least one with Level 3. This validates our global processes.
In the area of data protection, a comprehensive data protection management system is implemented, and a globally valid corporate policy ensures company-wide standards for handling personal data. Further development of data protection is promoted, among other things, through training for all employees and the enforcement of uniform technical-organizational measures, especially when processing data by external service providers.
Various channels are available for employees to report cases, including the whistleblower system "Tell ams OSRAM." This is also accessible to external parties via our website.
Further information and documents can be found in the "Downloads" section.
Downloads
Governance on ESG
Sustainability Policy
Tax Policy ams OSRAM
Compliance & Whistleblowing
Code of Conduct for Employees ams OSRAM
Rules of Procedure for the complaints procedure
Overview reporting channels at ams OSRAM
Supplier Management
Code of Conduct for Suppliers ams OSRAM
Policy on Conflict Minerals ams OSRAM
Quality
Quality Policy ams OSRAM
ISO 9001 Certificates ams OSRAM
IATF 16949 Certificates ams OSRAM
Cyber Security
TISAX
ISO27001 - Premstaetten
ISO27001 - Munich
ISO27001 - Regensburg
Contact us
Contact information
As a company, our mission is to forster a sustainable future through innovation and collaboration.
For further information get in touch with us!
Contact: sustainability@ams-osram.com