SUSTAINABILITY STATEMENT SECTION 3 49 Al-`Aqar Healthcare REIT | Annual Report 2024 ROBUST CORPORATE GOVERNANCE Risk Management Risk management at Al-`Aqar REIT is overseen by the BARC, with support from the Enterprise Risk Management Committee (“ERMC”). Together, they integrate risk management into day-to-day operations, identifying risk parameters, profiles, treatment options, action plans and indicators. Quarterly risk assessments are conducted and documented in a comprehensive risk register Board Audit and Risk Committee • Overseen the risk management framework and policies, including keeping abreast with new or emerging trends, review, monitor and assess the control effectiveness of the key risks including sustainability and climate-related risks • Oversees the operationalisation of risk management strategies as well as framework and policies • Report any comprehensive risk to BARC • Conduct quarterly risk assessments, documented in a comprehensive risk register Enterprise Risk Management Committee • Manage day-to-day risk inherent in business activities as guided by the established risk strategies, frameworks and policies • Responsible for controlling risks by using business control and compliance frameworks, implementing internal control processes and adequate control Risk Owners Data Privacy and Cybersecurity As a healthcare REIT, our focus is on safeguarding customer and patient information and preventing any down-time due to cyberattacks and threats. As the digitalisation of services become increasingly prevalent, robust data privacy and cybersecurity measures are essential to modernising our and ensuring business continuity. We ensure data security by adhering to the Personal Data Protection Act (“PDPA”) and applying a user access rights matrix. A Cyber Security Procedure provides guidance during data breaches, while annual Data Recovery tests verify the effectiveness of backup systems, ensuring data resiliency. Additionally, the Manager implements business continuity strategies in digital transformation to adapt to the evolving REIT sector. In FY2024, we recorded zero complaints regarding breaches of customer privacy or data loss. DIGITAL TRANSFORMATION STRATEGY Installed backup software and data protection software Utilised VPNs to protect network connections Usage of Microsoft 365 cloud storage to protect the data Implemented IT disaster recovery plan, drills, and data recovery tests
RkJQdWJsaXNoZXIy NDgzMzc=