Urenco Annual Report 2022

46 Urenco Annual report and accounts 2022 Resourcing requirements to meet our strategic objectives Description Impact How we are managing the risk The availability of people and scarce skills in a tight labourmarket, following the COVID-19 pandemic and Brexit, combinedwith increased demand for enriched uranium, places a premium upon identifying the right mix of skills across our sites. If we are unable to resource the skillsmix and growth required in our capacity programme, wemay be unable to operate our sites at the levels required to fulfil the future requirements of our customers. • We are developing a hybrid delivery model, partnering dedicated internal recruitment resources with a professional outsourced recruitment provider and preferred suppliers • Each functionwill develop and own detailedworkforce plans and agreed prioritisation to support the capacity programme • We are reviewing the effectiveness of our organisational structure (matrix optimisation) and implementing change • Reviewing vetting processes to improve staff onboardingwithout compromising our security requirements • We will be implementing an integrated Human Resources Information System across our organisation Lack of appropriate cyber resilience Description Impact How we are managing the risk Failure to protect data, information and IT systems. • Loss or theft of confidential client or customer data, or service disruption due to cyber attack could result in reputational damage, disruption to business, or regulatory breach. • Our Chief Information Security Officer (CISO) is responsible for ensuring that Urencomaintains effective threat intelligence and incident response capabilities tomeet the evolving challenges of the cyber environment • We operateThreat Defence workstreams to identify and address vulnerabilities • Robust management of our third parties • Investment in informing and protecting our systems users • Delivery of an organisationwide Information SecurityManagement System(ISMS) composed of a comprehensive control framework, updated riskmanagement method and robust policy and procedure suite • We have ISO27001 Information Security accreditation in parts of our business and are implementing a programme to extend this to cover Group Services by 2024 Strategic report 01 Risks and risk management