Risk management

Orange Polska is exposed to a range of external and internal risks of varying types which can impact the achievement of its objectives. Therefore, Orange Polska maintains a risk management framework to identify, assess and manage risks. This framework is based on the standards ISO 31000 and ISO 27005 (for Information Security Management System only). Leaders within the Group’s individual business areas and functions are responsible for the assessment and management of risks, including the identification and escalation of new/emerging circumstances, and monitoring and reporting on both the risks themselves and the effectiveness of control measures. Events are considered in the context of their potential impact on the delivery of our business objectives.