6 GOVERNANCE 251 Human Rights Policy was approved on 26 March 2025 with commitment to ten (10) principles which focuses on maintaining fundamental rights of employees. MANAGEMENT INFORMATION SYSTEM UEM Edgenta reinforces its digital resilience through a cybersecurity governance framework, integrating robust access controls and regular security audits to safeguard its critical infrastructure and sensitive data. By balancing the adoption of cloud technology with a proactive and adaptive security posture, the Group maintains a continuous cycle of risk assessments to address the evolving threat landscape and unknown vulnerabilities. This comprehensive approach ensures that UEM Edgenta not only meets stringent compliance standards but also remains at the forefront of technological advancement, fostering a secure environment that effectively protects its most vital digital assets from emerging risks. While UEM Edgenta accelerates AI adoption to enhance service delivery and efficiency, cybersecurity remains paramount. The integration of these advanced technologies is coupled with rigorous protocols to protect against AI-specific threats, ensuring that technological progress is built upon a framework of robust cybersecurity and operational resilience. As a core component of its risk diversification strategy, the Group has successfully transitioned from a single-cloud environment to a multi-cloud architecture. This strategic migration reduces the Group’s reliance on any single service provider, thereby mitigating the risk of large-scale infrastructure outages and ensuring a higher degree of redundancy and operational availability for critical business functions. To further strengthen the Group’s defensive perimeter, relevant technologies have been implemented to facilitate the centralised management of endpoints. This allows the Group to maintain oversight and control over all hardware and devices in a consistent and controlled fashion. In addition, UEM Edgenta conducted a Security Posture Assessment (“SPA”) to systematically quantify the risk environment across its digital landscape. This assessment provided a data-driven baseline for the Group to prioritise its risk treatment plans and allocate resources effectively, ensuring that management’s focus remains on the areas of highest impact to business continuity. DISASTER RECOVERY PLANNING The Group’s Business Continuity Management (“BCM”) framework integrates comprehensive Disaster Recovery Planning (“DRP”) to ensure the availability and security of cloud-based data, systems, and applications. By prioritising quick data restoration and systematically modernising aging infrastructure, UEM Edgenta maintains operational agility and minimise downtime during unforeseen events. This holistic approach, which balances the optimisation of recovery protocols with ongoing technological upgrades, reinforces the Group’s resilience against disruptions and ensures that business interests are safeguarded within an increasingly complex digital landscape. To verify the efficacy of existing protocols, UEM Edgenta will continue to conduct DRP simulation exercise to validate the Group’s ability to recover critical systems and applications within the established recovery objectives. It serves as a vital assurance of the Group’s operational readiness and its ability to maintain business interests during a crisis. JOINT VENTURES AND ASSOCIATES The disclosures in this statement do not include the risk management and internal control practices of the Group’s joint venture and associate companies, as the Board does not have any direct control over their operations. The Group’s interests in these entities are safeguarded through the representation on the Boards of the respective companies where management accounts and periodical reports are received and reviewed, as well as deliberation on proposals related to these companies. Such representation also provides the Board with information for decision-making on the continuity of the Group’s investments based on the performance of the Group’s joint venture and associate companies. INTERNAL AUDIT The Group has established its own Internal Audit Department (“IAD”) to carry out the internal audit function of the Group. IAD reports functionally to the Audit Committee (“AC”) and administratively to the Managing Director/Chief Executive Officer. The IAD regularly reviews the Group’s systems of internal controls and evaluates the adequacy and effectiveness of the controls, risk management and governance processes implemented by the management.
RkJQdWJsaXNoZXIy NDgzMzc=