GHL System Berhad Annual Report 2020

58 G H L S Y S T E M S B E R H A D 1 9 9 4 0 1 0 0 7 3 6 1 ( 2 9 3 0 4 0 - D ) STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D KEY INTERNAL CONTROL PROCESSES (Cont’d) 5. Information Technology Controls and Security (Cont’d) b. Payment Card Industry Data Security Standard (“PCIDSS”) (Cont’d) The Malaysia operations obtained its first Certificate of PCIDSS compliance in 2012 by meeting all the requirements set by the standards. During the year, the Company was reassessed by a qualified security assessor from PCISSC; as part of the annual certification exercises and continues to be PCIDSS compliant on the latest 3.2 version. During the year, the Company’s overseas subsidiaries in the Philippines and Thailand were both certified PCIDSS version 3.2 compliant. The Company acknowledges that maintaining high information technology security controls is critical to its business operations and will continue to implement best practices embedded within the security standards. c. Personal Data Protection Policy The Group has implemented a Personal Data Protection Policy as companies within the Group processes personal data in the course of its business activities and operations, recognises the importance of protecting the rights and privacy of individuals, and is committed to protecting the same. In preparing this Personal Data Protection Policy, the Board has taken steps to ensure conformity, to the extent possible, with the principles underlined in the Malaysian Personal Data Protection Act 2010. 6. Human Capital a. Performance Appraisal & Employee Trainings Annual appraisal system is implemented for the employees at all levels within the Group, enforcing dialogue between management and subordinates for continuous improvement on employees’ performance. Arising from this appraisal, training-need analysis is performed to identify the required training for employees, to address the areas of improvement identified. b. Talent Retention & Succession Planning Talent plays a pivotal role in achieving the business objectives of the Group. Necessary processes have been put in place to assess talent for career development and succession planning. Roles and responsibilities are clearly defined in the job description for each position. Continuous improvement approach is implemented in the areas of operational efficiencies as well as manpower productivity. 7. Corporate Governance a. Code of Ethics and Conduct A set of Code of Ethics and Conduct, setting out expected ethical standards and code of conduct, has been established, which is binding on all employees in the Group, and is available on the official website www.ghl.com . b. Whistle Blowing Policy The Group has implemented a Whistle Blowing Policy to provide an avenue for employees and all stakeholders to report any suspected acts that are in breach of the Group’s code of ethics, internal policy, and applicable laws or regulations in a confidential manner. This policy ensures that the corporate culture of integrity, transparency and accountability are upheld across the Group. The policy also guarantees an employee or stakeholder making a report of improper conduct in good faith shall not be subject to reprisal action or discrimination of any kind by the Company. The Board and ARC Chairman are primarily responsible to ensure that all whistleblowing reports are properly followed up.