You are using an outdated browser. Please upgrade your browser to improve your experience.
Moomba CCS: Delivering real emissions reduction Find out how

Sustainability governance

We incorporate robust governance structures designed to ensure our sustainability efforts align with best practices and are accountable.

This includes:

Ethical conduct: A focus on ethical business practices enables operations to comply with international and local regulations, and underpins us maintaining high standards.

Sustainability oversight: Sustainability initiatives are integrated into the overall business strategy, with oversight by the Board and executive leadership.

We commit to transparency in reporting by publishing our sustainability report detailing our progress across our sustainability pillars. As part of this commitment, our auditors EY have performed limited assurance over the statements and figures in this report. Refer to page 115 for their statement of assurance.

Our material topics

Governance is a core function for Santos. We promote a culture of ethical and responsible conduct in line with our values and legal obligations to support long-term success.

Our approach

Governance and business ethics

Our corporate governance framework underpins effective decision-making and operational integrity.

Our Code of Conduct sets clear expectations for ethical behaviour, guiding how we interact, make decisions and perform daily work. All employees and contractors are required to adhere to these standards, and we offer mandatory training across all global locations. We report on breaches related to our Code of Conduct.

Reportable misconduct

Santos is committed to providing a safe environment for reporting misconduct. Our Reporting Misconduct (Whistleblower) Procedure allows stakeholders to report concerns such as misconduct, fraud or corruption through various channels, including anonymously and through an external confidential 24-hour hotline. All reports are investigated, as appropriate, under our internal processes. Training is provided to those who work for and with us as well as to our Board Directors, in line with Australian whistleblower laws.

Read more on risks and opportunities, our process and due diligence and our actions and performance in the 2024 Annual Report.

Santos is committed to upholding internationally recognised human rights, guided by the UN International Bill of Rights and the UN Guiding Principles on Business and Human Rights.

Our approach

Human Rights Framework

Santos is committed to upholding internationally recognised human rights, guided by the UN International Bill of Rights and the UN Guiding Principles on Business and Human Rights. We also work to align with the Voluntary Principles for Security and Human Rights, integrating these into our policies and practices, including our Human Rights and Modern Slavery Policy.

Our Human Rights Framework supports these commitments and guides our processes to address key risks. We recognise the role of governments in protecting human rights and work collaboratively to align our operations with these responsibilities.

Read more on risks and opportunities, our process and due diligence and our actions and performance in the 2024 Annual Report.

Important topics

Our approach

Santos is obligated to comply with the Australian Security of Critical Infrastructure Act (2018) and related amendments for Australian assets, and similar international regulations for non-Australian assets. To comply with these obligations Santos has enacted a cyber risk management framework based on the Australian Energy Sector Cyber Security Framework (AESCSF). The AESCSF leverages the National Institute of Standards and Technology (NIST) cyber security framework which guides Santos’ overall Risk Management Framework to manage cyber security threats.

Santos adheres to the Australian Privacy Act (1988) and similar international legislation in locations where we operate. Privacy policies are available on the Santos website, and a register of Personal Identifiable Information is kept within the company. Please refer to santos.com/privacy/ for further information on how this is protected.

Our process and due diligence

The AESCSF framework provides for both preventative and responsive controls to protect information held by Santos, including Personal Identifiable Information (PII). All systems (including those holding PII) are protected by leading industry-standard cyber security products and practices, with no notifiable or material cyber or information breaches occurring in the last 12 months.

Santos is a participant of, and contributor to, the Australian Government’s Critical Infrastructure Information Exchange forum, and meets regularly with regulatory officials, law enforcement and peers to exchange intelligence on emerging threats and trends.

Assessment of cyber security posture and controls is performed throughout the year, with annual benchmarking of performance through both internal and external audits, penetration testing and other evaluations.

Key programs and initiatives include:
  • Santos maintains a robust and dynamic program of both capital and operationally funded security improvement initiatives. These initiatives focus on the continuous enhancement of existing cyber security controls to address evolving threats and ensure compliance with regulatory requirements.
  • Our program emphasises regular updates to current systems, ensuring they remain aligned with the latest industry standards and technologies. Additionally, we conduct frequent audits, readiness assessments, and incident response simulations to evaluate and strengthen our ability to counteract potential threats effectively.
  • To stay ahead of emerging cyber security risks, Santos is committed to the proactive adoption and integration of new technologies, tools, and systems designed to enhance our defensive capabilities. This approach ensures that we not only meet today’s challenges but also anticipate and prepare for the evolving cyber security landscape.