57 GHL SYSTEMS BERHAD 199401007361 (293040-D) ANNUAL REPORT 2021 KEY INTERNAL CONTROL PROCESSES (Cont’d) 5. Information Technology Controls and Security (Cont’d) b. Payment Card Industry Data Security Standard (“PCIDSS”) PCIDSS is an actionable framework established by Payment Card Industry Security Standards Council (“PCISSC”) to ensure the safe handling of cardholder information at every step. PCIDSS covers systems, policies and procedures around the following: • Building and maintaining a secure network and systems • Protecting cardholder data • Maintaining a vulnerable management program • Implementing strong access control measures • Regularly monitoring and testing networks • Maintaining an information security policy The Malaysia operations obtained its first Certificate of PCIDSS compliance in 2012 by meeting all the requirements set by the standards. During the year, the Company was reassessed by a qualified security assessor from PCISSC; as part of the annual certification exercises and continues to be PCIDSS compliant on the latest 3.2 version. During the year, the Company’s overseas subsidiaries in the Philippines and Thailand were both certified PCIDSS version 3.2 compliant. The Company acknowledges that maintaining high information technology security controls is critical to its business operations and will continue to implement best practices embedded within the security standards. c. Personal Data Protection Policy The Group has implemented a Personal Data Protection Policy as companies within the Group process personal data in the course of their business activities and operations The Group recognises the importance of protecting the rights and privacy of individuals, and is committed to protecting the same. In preparing this Personal Data Protection Policy, the Board has taken steps to ensure conformity, to the extent possible, with the principles underlined in the Malaysian Personal Data Protection Act 2010. d. IT Security Framework The Group had established a framework based on the standards issued by National Institute of Standards and Technology (NIST) with emphasis on identifying risks, building resilience, detecting cyber threats and responding effectively to cyber-related events. 6. Human Capital a. Performance Appraisal & Employee Trainings An annual appraisal system has been implemented for the employees at all levels within the Group. The Group enforces dialogue between management and subordinates for continuous improvement on employees’ performance. Arising from this appraisal, training-need analysis is performed to identify the required training for employees, to address the required areas of improvement identified. b. Talent Retention & Succession Planning Talent plays a pivotal role in achieving the business objectives of the Group. Necessary processes have been put in place to assess talent for career development and succession planning. Roles and responsibilities are clearly defined in the job description for each position. A continuous improvement approach is implemented in the areas of operational efficiencies as well as manpower productivity. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D
RkJQdWJsaXNoZXIy NDgzMzc=