XML 307 R46.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Board oversees the Group’s risk management and internal control framework, including consideration of the risks posed from cyber security threats.

Management provides an in-depth annual update to the Board on the Group’s IT security arrangements, including details of our cyber security operations and performance, and the status of this risk.

To protect the Group from potential cyber security threats, we have employed complementary processes for assessing, identifying, and managing the risk, with our information systems being protected by a multi-layered set of technology and processes (implemented and monitored by cyber security professionals), and consistent with the US National Institute of Standards and Technology Cybersecurity Framework. This is periodically assessed via recurring independent third-party assessments, internal audits, and penetration testing. The Group has also adopted cyber security incident response plans, to ensure the appropriate escalation of potential threats in a timely manner, and we use our e-learning platform for cyber security training, along with regular phishing simulations, to assess the effectiveness of our training and to test user awareness of current threats. The Group has not experienced previous cyber security incidents that have materially impacted the business or business strategy.

In addition to the annual presentation to the Board, the outputs of these security activities are summarised and reviewed by the Group Risk Committee and discussed at the IT leadership team meetings. The Audit Committee would also be notified of any control incidents. Third-party partners are subject to appropriate controls as specified on Rentokil Initial third-party risk management and procurement processes, and enforced via service agreement and contract terms and conditions.

Management reviews cyber security risks through updates received from the Group Chief Information Security Officer (CISO), IT Risk Committee, and Internal Audit. These updates include details of the actions being taken to prevent, detect, mitigate, and remediate the risk of cyber security threats. Management also considers recommendations from the Group CISO, including any corrective actions required to address exposed risk to information systems from cyber security threats.

The Group’s CISO, who reports to the Chief Information Officer, has more than 20 years of cyber security expertise, across a range of diverse industries, and leads our Information Security team. The Information Security team is supported by an external third party that provides uninterrupted security monitoring.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] our information systems being protected by a multi-layered set of technology and processes (implemented and monitored by cyber security professionals), and consistent with the US National Institute of Standards and Technology Cybersecurity Framework.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] The Group has not experienced previous cyber security incidents that have materially impacted the business or business strategy.
Cybersecurity Risk Board of Directors Oversight [Text Block] The Board oversees the Group’s risk management and internal control framework, including consideration of the risks posed from cyber security threats.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

In addition to the annual presentation to the Board, the outputs of these security activities are summarised and reviewed by the Group Risk Committee and discussed at the IT leadership team meetings. The Audit Committee would also be notified of any control incidents. Third-party partners are subject to appropriate controls as specified on Rentokil Initial third-party risk management and procurement processes, and enforced via service agreement and contract terms and conditions.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Management provides an in-depth annual update to the Board on the Group’s IT security arrangements, including details of our cyber security operations and performance, and the status of this risk.
Cybersecurity Risk Role of Management [Text Block]

Management reviews cyber security risks through updates received from the Group Chief Information Security Officer (CISO), IT Risk Committee, and Internal Audit. These updates include details of the actions being taken to prevent, detect, mitigate, and remediate the risk of cyber security threats. Management also considers recommendations from the Group CISO, including any corrective actions required to address exposed risk to information systems from cyber security threats.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Management reviews cyber security risks through updates received from the Group Chief Information Security Officer (CISO), IT Risk Committee, and Internal Audit.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The Group’s CISO, who reports to the Chief Information Officer, has more than 20 years of cyber security expertise, across a range of diverse industries, and leads our Information Security team. The Information Security team is supported by an external third party that provides uninterrupted security monitoring.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

In addition to the annual presentation to the Board, the outputs of these security activities are summarised and reviewed by the Group Risk Committee and discussed at the IT leadership team meetings. The Audit Committee would also be notified of any control incidents. Third-party partners are subject to appropriate controls as specified on Rentokil Initial third-party risk management and procurement processes, and enforced via service agreement and contract terms and conditions.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true