Security Practices

Security planning and implementation to protect our people, manage operational security risks, and respect the rights of communities where we operate.

Material Topic Information

Why it matters

Geopolitical conflict has the potential to impact our activities in some areas and security forces are required to protect our assets and operations.

Ambition

To conduct our business globally in line with our Values, protecting our Fortescue Family as well as the rights of our community members that may be impacted by security operations.

Contributing to SDG's

Salient Human Rights Issues

Materiality

Security Practices at Fortescue

Ensuring the safety and security of our people, assets, operations, and information is a fundamental responsibility at Fortescue. Our security practices are designed to protect these critical elements while respecting the human rights of individuals and fostering trust within the communities where we operate. With an expanding global footprint and emerging operational challenges, we are committed to implementing security measures that align with international standards, promote human rights and ensure operational resilience.

FY25 Highlights

During FY25, Fortescue made progress in enhancing its security practices. The Security team conducted comprehensive risk assessments across key locations, ensuring that potential threats were identified and mitigated.

We also advanced our alignment with the VPSHR by developing tools such as the Global Security Providers Code of Conduct and a Security Provider Self-Assessment Questionnaire. These initiatives ensure that third-party security providers adhere to Fortescue’s standards and international human rights principles.

Additionally, Fortescue published its first Annual VPSHR Report, providing transparency on our progress in aligning with the principles and demonstrating accountability to stakeholders. For more information, see the 2024 Annual VPI Report in our Document Library.

8

Security personnel completing mandatory training on our human rights policies or procedures

35.9%

Eligible security personnel having completed the training within the past two years

543

Employees completing the International Humanitarian Law online training module to date

FY25 Performance

A full breakdown of our FY25 Security Practices data is provided in our FY25 ESG Databook located in our Document Library.

Read our FY25 ESG Databook

Impacts, dependencies, risks and opportunities

Fortescue’s security practices safeguard employees, assets, and communities while respecting human rights. Effective management reduces risks like geopolitical conflicts and regulatory non-compliance, while alignment with international frameworks, such as the Voluntary Principles on Security and Human Rights (VPSHR), builds trust, ensures operational resilience, and promotes leadership in responsible security practices.

Fortescue’s security practices impact employees, contractors, and the communities in which we operate. Positive impacts include enhanced safety, and the prevention of security incidents that could disrupt local communities and business activities. By aligning with the VPSHR, we ensure that private and public security engagements are conducted responsibly and with respect for human rights.

We acknowledge, however, that if not managed responsibly, security activities could result in unintended negative consequences, including the infringement of human rights. This risk is particularly relevant in high-risk regions where security measures must be carefully calibrated to avoid harm. To prevent such outcomes, we prioritise regular training, robust governance frameworks, and ongoing stakeholder engagement to ensure our practices align with both local and international standards.

Security-related risks include geopolitical conflicts, regulatory non-compliance, and the potential for human rights violations. Operating in high-risk environments or engaging third-party security providers without proper oversight could expose Fortescue to reputational, legal, and financial risks. Additionally, the global mining and energy sectors have historically faced challenges related to unnecessary use of force by security personnel, underscoring the importance of implementing rigorous controls and adhering to international principles.

By aligning our security practices with international frameworks like the VPSHR, Fortescue has the opportunity to demonstrate leadership in responsible security management. This alignment not only enhances our reputation but also strengthens relationships with stakeholders, including communities, suppliers, employees, and regulators. Ongoing training and capacity-building initiatives provide opportunities to improve security outcomes and foster a positive security culture across our operations.

Our Security Practices Strategy

Fortescue’s security practices strategy is built on three foundational pillars:

Risk Management: Comprehensive assessments are conducted at the country, threat, and security levels to identify vulnerabilities and implement effective mitigations.
Human Rights Alignment: integrating VPSHR into key aspects of security management, from policy development to training and stakeholder engagement.
Continuous Improvement: Policies, standards, and procedures are regularly reviewed and updated to ensure alignment with evolving risks and global best practices.

Underpinning this strategy are the Global Security Policy and the Global Security Standard, which provide a structured and risk-based approach to managing security across our operations. These documents outline the systems, controls, and expectations necessary to safeguard Fortescue’s people, assets, and reputation while respecting human rights.

A Closer Look

Managing Security Practices

Fortescue’s approach to security management combines robust governance, risk-based decision-making, and a strong commitment to human rights. This framework ensures that security measures are implemented effectively while aligning with local laws, international standards, and Fortescue’s sustainability goals.

Governance

Security is not only about safeguarding physical assets but also about creating an environment where employees, contractors, and communities feel safe and supported. At the core of our approach is alignment with the VPSHR, which guide us in conducting security operations responsibly and sustainably.

Governance of security practices is under the oversight of the Safety and Sustainability Committee, reporting to the Board. This committee ensures that security-related policies and practices are aligned with Fortescue’s broader sustainability objectives.

Throughout FY25, operational execution was led by the Chief Operating Officer. From FY26, this will be led by the CEO Metals and Operations. Support is provided by the Security team and the Global Policy and Insights team who together, work to assess risks, implement protective measures, and ensure the integration of human rights considerations into all security activities.

Policies and Standards

The Global Security Policy and Standard are implemented alongside our Human Rights Policy and Code of Conduct and Integrity, which are available in our Document Library.

Fortescue's Global Security Policy sets out our commitment to maintaining the security of our personnel, assets, reputation and information in a manner that respect human rights. Fortescue will achieve this commitment by:

fostering a positive security culture
assessing security risks and implementing security measures to address these risks
monitoring security and threats
implementing the Voluntary Principles on Security and Human Rights (VPSHR) including ensuring engagements with private and public security providers align with the VPSHR and comply with local laws
implementing systems for the effective reporting and investigations of incidents
implementing review and quality assurance processes to monitor compliance and strive for continuous improvement.

All Fortescue employees, suppliers, contractors, consultants and other business partners are expected to adhere to the Policy and Fortescue's CEOs are responsible for ensuring the Policy is implemented.

In FY25, Fortescue published a new Global Security Standard, setting out the security management systems, controls and expectations requires to safeguard Fortescue’s people, assets, operations and reputations. It helps to ensure a structured and risks-based approach to security that is aligned to international standards, local laws and Fortescue’s human rights commitments. The Standard is implemented by Fortescue's Security team.

The Standard applies to all Fortescue activities, subsidiaries, joint ventures where we have operational control, and third-party providers providing security relates services to or on our behalf.

Processes and Procedures

Identified security risks are captured in Security Risk Management Plans. Assessments and Management Plans are updated periodically and as changes to security environment are identified, informed by ongoing tactical and operational intelligence relevant to the location and nature of our activities.

Security services across Fortescue’s Australian operations are delivered under contracted arrangements, including labour hire engagements for site-based personnel. We engage trusted third-party security providers to support our international operations. Providers are vetted through a rigorous process aligned with the VPSHR and are required to adhere to the Global Security Providers Code of Conduct.

Fortescue's Human Rights Policy sets out our commitment to operating in a manner consistent with the United Nations Guiding Principles on Business and Human Rights (UNGPs). In respecting human rights, the UNGPs sets the expectations for businesses to respect International Humanitarian Law in situations of armed conflict.

Fortescue adopts a risk based approach to activities in conflict and high-risk operating environments. Conflict and high risk operating environments are identified through country, threat and security risk assessments. Security and conflict criteria are also considered in a range of Fortescue's human rights assessments as set out in Fortescue's Human Rights Standard.

Fortescue maintains a register of threat ratings for locations where we have activities. This register is is updated based on monitoring of global events and insights from third party providers to support our internal assessments.

In FY25, Fortescue maintained international interest in regions such as Morocco, Gabon and Brazil, where operating environments may present elevated security, geopolitical and/or regulatory risks.

In our supply chain, we conduct supply chain mapping as part of our enhanced due diligence approach for high risk categories. Suppliers are required to complete our Supply Chain Traceability Questionnaire which helps us to identify if the goods supplied contain gold, tin, tantalum, tungsten or other materials of interest, their quantities and their source country. If risks are identified, our mitigation actions may include chain of custody requirements and verification provisions in our contracts with suppliers.

Compliance

Fortescue complies with all relevant security-related legislation. We work to continuously improve our alignment with the UN Guiding Principles on Business and Human Rights and our implementation of the VPSHR.

Reporting

We disclose our security practices related data in accordance with GRI Standards '410 Security Practices 2016'.

In April 2025, we published our first Annual VPSHR Report outlining our actions to align to the VPSHR. Fortescue's 2024 VPI Annual Report is available in our Document Library.

Our Actions

Fortescue takes a proactive approach to managing security risks and aligning practices with international standards. In FY25, we conducted comprehensive risk assessments across key locations, including regions with heightened geopolitical and regulatory risks. These assessments informed protective measures and ensured that potential threats were effectively mitigated.

Training and awareness

Human rights and modern slavery training for security personnel remained a priority. Additional training modules are under development to further enhance awareness and capacity. We continued to make available an online International Humanitarian Law: Security and Conflict online training module developed with Australian Red Cross.

Third party security standards

Fortescue also strengthened our engagement with third-party security providers by introducing a Security Provider Self-Assessment Questionnaire and a Global Security Providers Code of Conduct. These tools ensure that all providers align with Fortescue’s standards and the VPSHR, supporting responsible and rights-aligned security practices.

Engagement with public security forces

In FY25, Fortescue did not employ public security forces at any of our operational sites. However, should engagement with public security forces be required, Fortescue will adopt a tailored approach, guided by the requirements of the VPSHR, and will ensure any agreements include provisions aligned to the VPSHR.

Voluntary Principles on Security and Human Rights

Fortescue is proud to be a member of the VPSHR and is committed to aligning to the Principles. We joined the Voluntary Principles Initiative (VPI) in 2022 as an engaged member, and became a full member in May 2024.

The VPI is a multi-stakeholder group comprising companies, governments and NGOs committed to working together to address security-related human rights issues in the extractive, energy and related industries. Members are able to share learnings and common challenges, and develop joint approaches to address human rights challenges in security. The VPSHR guide companies on how they can conduct their security operations in a way that respects human rights. Fortescue is committed to aligning our operations to these principles.

In FY25, Fortescue delivered the following actions identified in its VPSHR Implementation Plan:

Launched Fortescue's Human Rights Standard and due diligence tools, including triggers for heightened human rights due diligence
Developed a Global Security Provider Code of Conduct
Developed a specific Security Provider Self Assessment Questionnaire.

We also commenced the development of our internal VPSHR training and supporting materials, adopting a train-the-trainer module. This will be progressed in FY26.

An internal working group meets periodically to advance actions in the VPSHR Implementation Plan and progress is monitored quarterly through Fortescue's Human Rights Steering Group.

Additional Resources

Digital Library

Date
Title
Category
6 May 2025
2024 Annual VPI Report
Download document(8.69 kb)
21 Feb 2025
Code of Conduct and Integrity Policy 2025
Download document(26.66 mb)
18 Jan 2024
Human Rights Policy 2024
Download document(1.14 kb)

Security Practices

Material Topic Information

Why it matters

Ambition

Contributing to SDG's

Salient Human Rights Issues

Materiality

Security Practices at Fortescue

FY25 Highlights

During FY25, Fortescue made progress in enhancing its security practices. The Security team conducted comprehensive risk assessments across key locations, ensuring that potential threats were identified and mitigated.

Additionally, Fortescue published its first Annual VPSHR Report, providing transparency on our progress in aligning with the principles and demonstrating accountability to stakeholders. For more information, see the 2024 Annual VPI Report in our Document Library.

8

35.9%

543

FY25 Performance

Impacts, dependencies, risks and opportunities

Impacts

Dependencies

Risks

Opportunities

Our Security Practices Strategy

A Closer Look

Managing Security Practices

Governance

Governance of security practices is under the oversight of the Safety and Sustainability Committee, reporting to the Board. This committee ensures that security-related policies and practices are aligned with Fortescue’s broader sustainability objectives.

Policies and Standards

Global Security Policy

Global Security Standard

Processes and Procedures

Risk Assessments

Managing Security Risks

Conflict and High-Risk Environments

Compliance

Fortescue complies with all relevant security-related legislation. We work to continuously improve our alignment with the UN Guiding Principles on Business and Human Rights and our implementation of the VPSHR.

Reporting

We disclose our security practices related data in accordance with GRI Standards '410 Security Practices 2016'.

In April 2025, we published our first Annual VPSHR Report outlining our actions to align to the VPSHR. Fortescue's 2024 VPI Annual Report is available in our Document Library.

Our Actions

Training and awareness

Third party security standards

Engagement with public security forces

Voluntary Principles on Security and Human Rights

Fortescue is proud to be a member of the VPSHR and is committed to aligning to the Principles. We joined the Voluntary Principles Initiative (VPI) in 2022 as an engaged member, and became a full member in May 2024.

In FY25, Fortescue delivered the following actions identified in its VPSHR Implementation Plan:

Launched Fortescue's Human Rights Standard and due diligence tools, including triggers for heightened human rights due diligence

Developed a Global Security Provider Code of Conduct

Developed a specific Security Provider Self Assessment Questionnaire.

We also commenced the development of our internal VPSHR training and supporting materials, adopting a train-the-trainer module. This will be progressed in FY26.

An internal working group meets periodically to advance actions in the VPSHR Implementation Plan and progress is monitored quarterly through Fortescue's Human Rights Steering Group.

Additional Resources

Related Topics

Human Rights

Communities

Sustainability Stories

Digital Library