52 Environmental, Social and Governance Report 2022 PILLAR 3: CORPORATE PERFORMANCE Risk Management & Compliance IT AND CYBERSECURITY We recognise the risks of rising and complex cyber threats globally. As we accelerate our digitalisation processes to optimise business efficiencies, technology-related risks arising from both internal and external sources continue to pose a threat to our business. In managing cybersecurity risks, ESR has an Information Security Management System (ISMS) with processes in place to address technology and data security controls. The ISMS Committee is led by the Group’s IT director and comprises of senior IT leaders across the business entities in the enlarged Group. The Committee develops the Group’s information security governance framework, oversees the system’s operations and ensures that appropriate safeguards have been put in place to strengthen the resilience of our IT operations against cyberattacks. To further strengthen our cybersecurity, vulnerability assessments are frequently conducted to test our systems. The establishment of a Security Operations Centre (SOC) monitored by a third-party service provider, together with Group IT, observes external events that may have an impact on ESR’s network and data. The SOC continuously monitors and improves our security position while preventing, detecting, analysing and responding to potential cybersecurity incidents. By reviewing our IT disaster recovery plan and examining the robustness of our IT system, we seek to protect key information systems and ensure recoverability of critical business back to an operational-ready environment. In addition, ESR has put in place a comprehensive set of IT policies and procedures. This includes the governing of information accessibility, confidentiality and security to prevent any leakage of confidential information. Training on IT security awareness is conducted regularly to remind employees to keep abreast of any potential security breaches and phishing scams.
RkJQdWJsaXNoZXIy MTIwODcxMw==