SECTION 2: OUR STRATEGIC CONTEXT 60 OUR INITIATIVES In 2023, we strengthened our data and systems infrastructure to promote work efficiency and data security. We enhanced our data server security by moving data warehousing offsite, improving accessibility and scalability and reducing on-premises security breach risks. We also adopted Microsoft Office 365, which enabled better data centralisation, change tracking, retrieval and sharing. Staff training was conducted to promote the adoption of our new SOPs and systems. We also adopted stricter folder and file privacy access based on superior approval to promote data security. 1 New Data Systems and SOPs The Group conducted a thorough analysis and assessment of our data management systems and performed penetration tests twice this year with third-party experts to evaluate system resilience against cyberattacks. This better understanding of our strengths and weaknesses has led to the establishment of procedures, regular reviews and continuous monitoring to ensure that changes and troubleshooting are implemented promptly and as intended. Cybersecurity Risk Management 2 We enacted policies to strengthen data and cybersecurity governance, including the Personal Data Protection Policy, Intellection Property Protection Policy and Email Policy. The Group also established procedures such as limiting email attachment size to reduce data exposure risks. Suppliers and external partners are evaluated to ensure their data handling procedures and security precautions meet our compliance requirements. Upholding Strong Governance 3 GOING FORWARD Under our System & SOP Transformation strategy, we plan to upgrade our ERP system with updated security guidelines, enhance inventory optimisation tools, review computer system threat defence mechanisms, expand secure data analysis tools and engage competent personnel to maintain data security. For Risk Assessment & Mitigation, we will conduct more regular data access audits, cybersecurity threats and risk analysis, form emergency response plans, SOPs and prevention systems and implement regular data backups and recovery protocols. Lastly, to enhance our Policy & Governance strategy, we will ensure continuous compliance with the latest data privacy regulations, conduct regular policy reviews, provide employee training on data protection and backup procedures, form a data ethics committee and explore more stringent measures to ensure the robustness and compliance of third-party vendor data. . There were ZERO substantiated complaints concerning breaches of customer privacy and losses of customer data in 2023. . SUSTAINABILITY STATEMENT
RkJQdWJsaXNoZXIy NDgzMzc=