Investors Global website directory Contact us Region Select Customer Tools

Cybersecurity

 

Information security at Avery Dennison

Last updated: November 2025

 

At Avery Dennison, we understand that safeguarding your information is not just a commitment—it's an ethical and legal obligation. The confidentiality, integrity, and availability of information are vital to our operations and the services we deliver to our customers. Our security framework of policies, processes, and procedures is designed to address the evolving threat of cyber attacks and is appropriate to our organizational risk profile.

Secure by design

 

Security isn't just a feature; it's a core principle guiding our innovation and operations. Security considerations are integrated into the development process for our products and services from the outset to deliver for our customers.

 

Policies and standards


We protect our customers, partners, employees, and operations through robust global policies and standards, ensuring consistent protection worldwide.

 

Commitment to zero trust

 

Zero Trust architecture principles are implemented across our enterprise, moving away from traditional perimeter-based security towards a model that verifies every access request, regardless of its origin.

 

 

Employee awareness

 

Cybersecurity and data protection risks are rising with each new emerging technology. We invest in training and awareness programs to empower our employees to be the first line of defense.

 

Data security

 

We implement strong technical and organizational measures to protect personal and confidential data against unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, and regular security assessments.

 

Compliance

 

Our digital products and platforms undergo rigorous independent audits to maintain security certifications, such as SOC 2, and to demonstrate compliance to industry security standards.

Contents

1. Information security policy

2. Foundational security programs

a. Identity and access management

b. Data and information protection

c. Security operations

d. Risk management

3. Cybersecurity awareness and training

4. Vendor security risk management

5. Compliance and reporting

1. Information security policy

Avery Dennison maintains and implements a comprehensive information security program designed to ensure the confidentiality, integrity, and availability of all information held by Avery Dennison, including its customer and supplier data, by ensuring that:

  • Information will be protected against unauthorized access or misuse.

  • Confidentiality and integrity of information will be secured and maintained.

  • Availability of information and systems is maintained for service delivery.

  • We will comply with regulatory, contractual, and legal requirements.

  • We maintain physical, logical, environmental, and communications security.

  • When information is no longer needed, it is disposed of in a suitable manner.

2. Foundational security programs

We maintain robust programs to manage security across the enterprise:

  • Identity and access management (IAM)

    Avery Dennison's Identity and Access Management (IAM) program is critical for ensuring that only authorized users can access systems and facilities. All users are identified, authenticated, and continuously verified prior to and while accessing Avery Dennison systems and facilities. Access roles are structured using the Principle of Least Privilege, providing only the minimum permissions necessary for business needs. To secure this access, users must utilize Multifactor Authentication (MFA), and the sharing of login credentials is strictly prohibited. 

  • Data and information protection

    We are committed to maintaining the confidentiality, availability, and integrity of information throughout the organization. Data is classified and protected based on sensitivity and criticality, in accordance with our data classifications model. 

  • Security operations

    We maintain a continuous monitoring, identification, classification, and remediation of vulnerabilities. Access to Information Assets is actively logged and monitored. Networks and Information Assets are monitored for anomalous activities, abnormal traffic, and deviations from expected behaviors. Our Incident Response Program is in place to promptly identify, declare, and respond to incidents.

  • Risk management

    Avery Dennison carries out regular IT risk assessments in order to identify and classify information security risks and implement mitigating actions based on severity and in a timely manner.

3. Cybersecurity awareness and training

All members of the Avery Dennison workforce must understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. Users receive security awareness training on a regular basis and additional training is delivered to targeted individuals based on job responsibilities.

4. Vendor security risk management

We ensure that Avery Dennison assets to which third parties have access are protected. Our Third-Party Risk Program drives a comprehensive due diligence process when selecting and evaluating third-party service providers. The program includes the evaluation of third-party security controls and requires contractual assurance for their security responsibilities, controls, and reporting.

5. Compliance and reporting

Compliance with the Information Security Policy is mandatory. We have toll-free hotlines available in every country in which we do business to make it easy to report potential violations. Potential violations can also be reported at averydennison.com/guidelinereport. Our GuideLine is operated by an independent third party and accepts reports in any language to accommodate our workforce, customers, and suppliers worldwide.