pg. 105 Sustainability Statement Integrated Annual Report 2025 REGULATORY COMPLIANCE (CONT’D) Regulatory Compliance FY2023 FY2024 FY2025 Incidents of non-compliance with regulations resulting in a fine or penalty 0 0 0 Incidents of non-compliance with regulations resulting in a warning 0 0 0 Total monetary value of significant fines 0 0 0 Total number of non-monetary sanctions 0 0 0 Cases brought through dispute resolution mechanisms 0 0 0 DATA PRIVACY AND CYBERSECURITY Risk Area Risk Rating Risk Tolerance Level Data privacy & cybersecurity risk is a risk due to the potential loss, unauthorised access, or breach of personal and confidential data. Al-Salām REIT considers matters related to data privacy and cybersecurity a key concern. Recognising that data breaches may lead to leakage of confidential data, including information key to the REIT’s operations and that of its customers’ private information, the REIT implements numerous measures and safeguards to ensure all data and the REIT’s digital wellbeing remains protected. To solidify this commitment, the REIT has developed the Personal Data Protection (“PDP”) Policy, which is aligned with the Personal Data Protection Act 2010 and outlines the REIT’s approach to data management and protection, and is aligned with data protection regulations. Among the REIT’s approaches to data protection, the REIT utilises a User Access Rights Matrix that limits access to sensitive information to authorised personnel. In cases of a security or privacy breach, the REIT will deploy its Cyber Security Procedures alongside its Data Recovery Procedures, which detail established protocols on handling data breach events and protocols for data recovery. Through these initiatives, the REIT did not undergo any instances of data breaches or losses of customer data, showcasing the resilience of its data privacy and cybersecurity controls. In cases of a security or privacy breach, the REIT will deploy its Cyber Security Procedures alongside its Data Recovery Procedures, which detail established protocols on handling data breach events and protocols for data recovery. Through these initiatives, the REIT did not undergo any instances of data breaches or losses of customer data, showcasing the resilience of its data privacy and cybersecurity controls. Digital Transformation Strategy Installed backup software and data protection software Utilised VPNs to protect network connections Implemented IT disaster recovery plan, drills, and data recovery tests Usage of Microsoft 365 cloud storage to protect the data As of 2025, there is zero substantiated complaints concerning breaches of customer privacy and losses of customer data. FY2023 FY2024 FY2025 Number of Substantiated complaints concerning breaches of customer privacy and losses of customer data 0 0 0 SUSTAINABILITY STATEMENT
RkJQdWJsaXNoZXIy NDgzMzc=