Corporate responsibility and compliance
Our commitment to responsible practice
Corporate responsibility and compliance are integral to how we operate at Almirall. We believe that long term success in healthcare depends on acting responsibly, treating people fairly, and supporting the wellbeing of patients, communities, and employees. This section outlines the principles, systems, and initiatives that guide our approach. It reflects our commitment to ethical conduct, sustainability, and continuous improvement across all areas of our work.
Acting with responsibility across the organization
We integrate responsible practice into every stage of our activity. This includes conducting research ethically, ensuring transparency in communication, respecting human rights, and promoting equality and inclusion within our workforce. We also take an active approach to environmental responsibility by working to reduce emissions, optimize resource use, and support circular practices where possible. Our policies guide daily behaviour, and our training programmes ensure that teams understand their responsibilities and feel empowered to act accordingly.
Our compliance framework
A strong compliance system is essential to maintaining trust. We apply robust procedures that help prevent, identify and address potential risks. These include monitoring tools, reporting channels, dedicated committees, and clear internal guidelines. We also collaborate with regulators and industry bodies to keep our practices aligned with evolving standards. Compliance is not a passive activity for us; it is an ongoing commitment that supports integrity and accountability across the company.
Creating positive and lasting impact
Corporate responsibility is not limited to compliance. It extends to how we support communities, engage with partners, and contribute to better healthcare outcomes. We invest in patient-focused initiatives, community programmes, and sustainability projects aimed at creating long-term benefit. By sharing our progress openly, we demonstrate our commitment to responsible growth and our dedication to making a positive impact within and beyond the healthcare environment.
Average period of payment to suppliers
Information on delays in payments to suppliers CCAA
PDF 367.2KB
Information on delays in payments to suppliers CCAACC
PDF 258.9KB
Information security at Almirall
Almirall maintains an Information Security Program that aims at protecting strategic information and critical business processes in line with market standards such as NIST Cyber-Security Framework and the NIST 800-53 series.
The Information Security function in our Organization covers everything from strategy to operations, and has includes the necessary organizational independence, empowerment and sponsorship. The oversight of risk management is integrated into the Corporate Governance mechanisms, with regular briefings to the Executive Board and, at least twice a year to the Audit Commission of the Board of Directors. This oversight involves monitoring the maturity of Information Security processes maturity and a selected set of key risk indicators. This regular review also orients the annual update of the Information Security Program.
The approach Almirall applies to the Information Security Program is risk-oriented and holistic, covering the triad Processes, Technology and People, and all the NIST CSF Functions: Identify, Protect, Detect, Respond, and Recover, with special emphasis on becoming a cyber-resilient organization.
The company places a constant focus as well on personnel awareness at all levels, with specific plans that are redesigned every year to ensure high impact, growing education amongst employees, and a strong first line of defence. The other projects and initiatives aim at achieving and maintaining the target maturity levels and keeping risks at acceptable levels, in line with the Company’s risk profile. A cyber-security insurance policy is in place as a last line-of-defence strategy.
At Almirall, our Information Security Program is integrated with Data Privacy, is guided by the principles of security-by-design and security-by-default, and covers third-party risk management with a risk-oriented approach.