Corporate Social Responsibility Report 2020 | Cushman & Wakefield

Our minimum security requirements across the organization are aligned to ISO 27002 control categories. We undergo several independent third-party assessments to certify the security of various parts of our business, and we had zero formal security- or privacy-related complaints logged in 2020.

Additional components of our Information Security Program include: • Security rating and monitoring of third- party vendors

• Security monitoring of all critical infrastructure

• Access management and control

• Crisis management including incident response and disaster recovery plans

• Secure internal and external communications

• Annual proactive awareness training for all tech-enabled employees • Additional training for individuals that handle sensitive data

• GDPR training where relevant

26 | CORPORATE SOCIAL RESPONSIBILITY REPORT 2020