55 GHL SYSTEMS BERHAD 199401007361 (293040-D) ANNUAL REPORT 2022 ,&: */5&3/"- $0/530- 130$&44&4 (Cont’d) *OGPSNBUJPO 5FDIOPMPHZ $POUSPMT BOE 4FDVSJUZ (Cont’d) C 1BZNFOU $BSE *OEVTUSZ %BUB 4FDVSJUZ 4UBOEBSE i1$*%44w PCIDSS is an actionable framework established by Payment Card Industry Security Standards Council (“PCISSC”) to ensure the safe handling of cardholder information at every step. PCIDSS covers systems, policies and procedures around the following: t #VJMEJOH and maintaining a secure network and systems t 1SPUFDUJOH DBSEIPMEFS EBUB t .BJOUBJOJOH B WVMOFSBCMF management program t *NQMFNFOUJOH TUSPOH BDDFTT DPOUSPM NFBTVSFT t 3FHVMBSMZ NPOJUPSJOH BOE UFTUJOH networks t .BJOUBJOJOH BO JOGPSNBUJPO TFDVSJUZ QPMJDZ The Malaysia operations obtained its first Certificate of PCIDSS compliance in 2012 by meeting all the requirements set by the standards. During the year, the Company was reassessed by a qualified security assessor from PCISSC; as part of the annual certification exercises and continues to be PCIDSS compliant on the latest 3.2 version. During the year, the Company’s overseas subsidiaries in the Philippines and Thailand were both certified PCIDSS version 3.2 compliant. The Company acknowledges that maintaining high information technology security controls is critical to its business operations and will continue to implement best practices embedded within the security standards. D 1FSTPOBM %BUB 1SPUFDUJPO 1PMJDZ The Group has implemented a Personal Data Protection Policy as companies within the Group process personal data in the course of their business activities and operations. The Group recognises the importance of protecting the rights and privacy of individuals, and is committed to protecting the same. In preparing this Personal Data Protection Policy, the Board has taken steps to ensure conformity, to the extent possible, with the principles underlined in the Malaysian Personal Data Protection Act 2010. E *5 4FDVSJUZ 'SBNFXPSL The Group had established a framework based on the standards issued by National Institute of Standards and Technology (NIST) with emphasis on identifying risks, building resilience, detecting cyber threats and responding effectively to cyber-related events. F $ZCFSTFDVSJUZ "XBSFOFTT 5SBJOJOH The Group had initiated annual cybersecurity awareness training for all employees of the Group to prepare the employees from cyber-attacks. The training was conducted on GHL online training platform with a test at the end of the training to gauge employees’ understanding. To further enhance employees’ cybersecurity awareness, the Group had conducted a phishing simulation for all employees of the Group to train the employees in recognising and reporting the potential phishing attacks that might compromise key corporate data and systems. )VNBO $BQJUBM B 1FSGPSNBODF "QQSBJTBM &NQMPZFF 5SBJOJOHT An annual appraisal system has been implemented for the employees at all levels within the Group. The Group enforces dialogue between management and subordinates for continuous improvement on employees’ performance. Arising from this appraisal, training-need analysis is performed to identify the required training for employees, to address the required areas of improvement identified. STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL CONT’D
RkJQdWJsaXNoZXIy NDgzMzc=