SUSTAINABILITY REPORT Cont’d Our Initiatives As part of the Group’s efforts to strengthen risk management practices, several key initiatives were rolled out in FY2022. These include: • Establishing a risk dashboard with key risk indicators to provide an overview of the thirteen (13) most important risks faced by Press Metal, highlight potential threats to the business, and enable decision-makers to take appropriate actions to manage and mitigate these risks • Conducting risk related activities such as awareness and reassessment workshops for our corporate headquarters, PMBtu, PMS, PMAR, and PMBA, to introduce the risk management concept as well as identify and evaluate the key risks faced by the entities with the purpose to integrate the ESG risks • Identifying, assessing and incorporating the sustainability impacts into the risk assessment parameters and applied standardised criteria to identify and evaluate both enterprise risk and sustainability matters by leveraging the ERM Framework • Reviewing and updating risk profile of ESG CUSTOMER DATA PRIVACY GRI 3-3, GRI 418-1 Why is this important? Protecting customer data privacy is crucial as it involves safeguarding sensitive and personal information of individuals or companies’ trade secrets from unauthorised access or misuse. With the widespread use of technology and the internet, companies collect and store vast amounts of consumer data. Any leakage and breaches of such data as well as cyber-attacks can be detrimental to both Press Metal and our customers. It can result in severe consequences such as identity theft, financial fraud, and other forms of harm. Press Metal has a legal and ethical responsibility to protect our customer data and comply with the applicable laws and regulations. Our Approach We demonstrate our strong commitment to safeguarding data through our Information Technology (“IT”) Policy, which serves as a comprehensive rulebook for authorised users. Our IT Policy prioritises the responsible use of IT facilities and emphasises the need to protect them from any damage or liability that may arise from unlawful or inappropriate usage. Press Metal adopts a robust and wide range of IT-based systems to ensure the safe storage of data. This includes firewalls and other protection mechanisms. We subscribe to Malaysia’s Personal Data Protection Act 2010 (“PDPA”) to manage all pertinent data; data collected will be treated with the utmost care and sensitivity, and used only for the purposes it has been lawfully authorised. The firewall and internal network are updated periodically, and continuous improvements are made to our IT governance and cyber security, where applicable. Our Initiatives Press Metal engaged independent vulnerability tester in FY2022 to conduct cybersecurity vulnerability assessment based on the Vulnerability Assessment and Penetration Testing (“VAPT”) security risk rating methodology. The assessment aimed to ascertain that the risk mitigation controls, particularly on the external infrastructures and network, are in line with the industry trend and best practices. Our IT Department has been engaging in yearly cybersecurity vulnerability assessments to uphold a healthy network and infrastructure security posture. Our Performance In FY2022, zero (0) complaints on data breaches were received. Besides, VAPT post-assessment was conducted by an independent vulnerability tester to validate the remediation of the identified findings. ANNUAL REPORT 2022 114
RkJQdWJsaXNoZXIy NDgzMzc=