Skip to main content

Cornerstones and center of our action

Compliance, risk management, and information security are integral components of our company as part of corporate governance. The organization, its activities, and its responsibilities are based on the acknowledged “Three Lines of Defense” model*.

Our relationships with the owner and with our customers and partners are based on trust, integrity, and mutual respect. The Board of Directors and the Executive Committee ensure that we always conduct ourselves in accordance with our values and pursuant to applicable regulations and internal directives. RUAG wishes to further promote this awareness and focuses on the areas of compliance, risk management, and information security.

Our Compliance Management System ensures ethically correct conduct that conforms to regulations and instills that behavior in the employees. To that end, our Code of Conduct serves as a basis and guideline for our actions. Risk management includes the consistent handling of risks to support attainment, fulfil-ment of tasks, activities, and management of the company with comprehensive, transparent, and up-to-date risk infor-mation. The goal is to improve the predictability of events and strengthen our stakeholders’ trust. Our customers’ trust also essentially depends on the trust in how we handle their data. This is where information security comes in, which must be ensured in all situations – in the knowledge of our own critical infrastructure and that of our customers. The assimilation of RUAG into the security perimeter of the Federal Department of Defense, Civil Protection and Sport (DDPS) strengthens us in our striving to guard the confidentiality and protect the integrity and availability of our information.

All departments train their employees and raise their aware-ness. In 2020, training in antitrust law, an e-learning about anticorruption, and various training initiatives in the areas of trade compliance and handling cyber threats took place. To that end, employees were also made more aware of our whistleblower system: the external whistleblower platform (“Integrity Line”). We take the reports entered into that system seriously, assess them, and investigate them – objectively, consistently, and professionally.


Organising framework for assigning the respective roles and responsibilities in the Governance, Risk and Compliance Management System.