SUSTAINABILITY STATEMENT ROBUST CORPORATE GOVERNANCE (CONT’D) Risk Management (cont’d) For the review this year, the Manager retained the updated ERM Policy and Framework, effective December 1, 2022. They take into account the re-classification of Risk Category to include ESG Risk, Market Risk and Partnership Risk. The Manager has conducted the risk assessment for suppliers’ environmental and social issues, labour issues, health and safety issues, tax issues, and finally data protection. There was no high risk identified during the course of the assessment. Risk owners, who are designated at the Risk Identification stage, are tasked with reporting the progress of risks and associated mitigation plans at weekly Management Committee meetings. Risk owners communicate with the employees regarding the risks. They also identify the risks to their operations and the associated mitigation plans, presenting them to the ERMC and/or at weekly Management Committee meetings. The ERMC holds quarterly meetings to ensure effective communication of risks and mitigation plans. Subsequently, the updated Risk Profiles were presented at the quarterly BARC meetings. Data privacy and cyber security have grown increasingly important as digitalisation of services has become more common, bolstered by the need in a post-pandemic world. To ensure the safety of our customers and to safeguard patient data, the REIT has implemented a user access rights matrix and ensured adherence to the Personal Data Protection (“PDP”) Policy. A Cyber Security Procedure, aimed at embedding essential cyber security measures to ensure the appropriate actions can take place during a potential data or security breach, has been put into place. Since the implementation of these measures, there have been no complaints regarding breaches of customer privacy or loss of data. The Manager has maintained various business continuity measures in relation to digital transformation, allowing the Fund to continuously adapt to a changing business environment in the COVID-19 endemic stage. IT disaster recovery plan, drills, and data recovery tests Usage of Microsoft 365 cloud storage Installation of Acronis as a data backup DIGITAL TRANSFORMATION STRATEGY Utilisation of VPNs to protect network connections 85 1. Corporate Overview 3. Strategic Performance 5. Governance Structure 2. The Driving Forces 4. Sustainability Statement 6. Financial Reports
RkJQdWJsaXNoZXIy NDgzMzc=