IMD business school for management and leadership courses
Safeguarding our people
The security and safety of all our people are paramount. We have several initiatives and procedures in place to ensure this.
Ethics and transparency
IMD has a strong commitment to ethics and transparency. We encourage reporting any unethical, illegal, corrupt, fraudulent, or undesirable conduct.
A new Whistleblower Policy and Anti-Bribery and Anti-Corruption Policy were implemented in 2022, ensuring that any concerns regarding misconduct are dealt with effectively, securely, and in accordance with the applicable law.
Our Report-It tool enables the confidential reporting of any concerns about potential misconduct or violations. We promoted our new policies and procedures via a targeted communications campaign in 2023.
Protecting labor and human rights
IMD is committed to ensuring adherence to its core values, compliance, and promoting an ethical and safe culture by observing the highest standards of fair dealing, honesty, and integrity in all its activities. As a Swiss academic institution, we are committed to respecting all internationally recognized human rights, the UN Universal Declaration of Human Rights, and the Swiss Code of Obligations (CO) and to treating all people with dignity.
We do not tolerate or engage in any Human Rights violations, including slavery, forced labor, child labor, exploitative labor, or human trafficking in any form at any stage of our activities or our supply chain.
We ensure good labor practices and the protection of human rights with a wide range of policies. These include policies on our code of conduct, guiding principles for conflict, harassment and discrimination prevention and management, leave of absence, teleworking, overtime management, recruitment and incentives, on-call work rules, multiactivity, disciplinary matters, and maternity and paternity.
“This year’s highlight has been working with my team, the EDS team. After all the changes over the past few years, people within the team have really gotten to know one another. We support, trust and help each other, which helps to tackle the daily challenges and pressures. They are all amazing people.”
Ensuring digital security and data privacy
Digital security and data privacy are of paramount importance at IMD, given the vast amount of data we manage. IMD holds ISO 27701 certification for data privacy and ISO 27001 certification for information security, which are globally recognized and externally audited standards. The certifications attest to IMD’s high level of maturity and robust security posture in our efforts to protect the private and personal data of our employees, clients, and partners.
To ensure seamless operations and embed data security in our governance structure, we have implemented guidelines, practices, and policies such as the Information Security Policy, the Data Privacy Policy, and the Information Classification Policy. In 2023, we made significant strides in enhancing our security posture.
We introduced a new Security Operations Center (SOC) provider and implemented a new identity management system, which enhanced security and access control and simplified the user experience. Further, as phishing becomes increasingly prevalent, we have taken comprehensive measures to safeguard our digital security and privacy.
We share a monthly security bulletin on our Intranet to keep our employees informed on cybersecurity threats and data privacy issues. This bulletin reports on IMD-specific data, such as email traffic, spam, and phishing emails, and provides general threat intelligence. Our employees also undertake mandatory training on security and data privacy issues. In 2023, 96 new employees completed security training, and over 380 individuals attended additional training.
Digital security
First internal phishing campaign
Users received internal phishing campaign emails, including additional training for those who got caught
Security alerts
Security alerts or suspicious activity handled, filtered, and classified by MSSP (security management system doing first-level security monitoring 24/7)
Second internal phishing campaign
Users received internal phishing campaign emails, including additional training for those who got caught
Security incidents
Security incidents escalated by MSSP to the IMD internal Security Team for further investigations and remediations
Security training
New employees completed security training
Complementary security training
Colleagues received complementary security training throughout the year
Email traffic at IMD
IMD received 20,903,961 emails, 54% of which were good emails. The remaining 45% of all email traffic was spam, and 1% comprised phishing emails.
Good
Spam
Phishing
