Security policy


Kesko Group's security operations aim at securing people, property, information, reputation and the environment against accidents, damages and crime and at ensuring undisturbed operations in advance.

Security operations support the implementation of Kesko's strategic targets and are a natural part of business operations.


Every Kesko employee is responsible for the safety and security of his or her work and actions.

Management and superiors are responsible for
- organising security operations clearly and including responsibilities in job descriptions
- allocating sufficient resources for security operations
- assessing and monitoring safety and security risks concerning operations on a regular basis
- providing sufficient action plans and instructions for minimising and dealing with security risks
- ensuring that security instructions approved for the Group are followed
- arranging safety and security training for the personnel on a regular basis
- ensuring that the working environment complies with safety and security requirements

The Risk Management Steering Group
- approves the Group security policy and strategy
- approves Group-level security principles and instructions


The Corporate Risk Management Unit guides and develops Kesko Group's security activities and management in a way that supports the achievement of Group's strategic objectives.

Persons responsible for risk management have been appointed in the divisions to coordinate and report on risk management activities.

The persons responsible for security guide and control the implementation of the duties assigned to the management and superiors in their respective divisions.
Depending on the nature of their operations, subsidiaries and units can have full-time security managers and/or a sufficient number of part-time security contact persons.

Induction and training

Superiors are responsible for the induction of new employees in safety and security matters and for arranging business supporting security training for all personnel on a regular basis. The Corporate Security unit and security contact persons assist in arranging training events.

The Corporate Security unit arranges training and communications events for the employees, managers and contact persons responsible for security matters on a regular basis.

The Corporate Security unit guides Group-level security training and induction as well as the implementation of security-related parts in the training arranged by K-instituutti.

Risk assessment

Security risks are mainly assessed and analysed according to the risk assessment system approved for the Group and, if needed, with the help of separate risk analyses.

Control and monitoring

The implementation and the level of security operations are monitored, assessed and reported in connection with the normal internal control and internal and external audits. If needed, separate safety and security surveys and audits can be made.

To top