My EG Services Berhad Annual Report 2020

MY E.G. SERVICES BERHAD Regisration No. 200001003034 (505639-K) 70 In addition to the above protocols and practices, MYEG in FY2020 has further strengthened its operations and systems in relation to cyber threats by continuously updating our IT policy and procedures to be in compliance with the ISO / IEC 27001 Information Security Management System and NIST Cybersecurity Framework. Our policy and procedures safeguard our business operations and IT infrastructure from cyber threats through collaboration and compliance from each and every team member. These implemented measures have proven effective in keeping our platforms and services operational. The Group is also in full compliance with the PDPA. We are currently not a member of the Global Network Initiative. No data breaches occurred during the year under review. BUSINESS MODEL GOVERNMENT CONCESSIONAIRE "OZ DIBOHF JO HPWFSONFOU QPMJDJFT PS EFMBZT JO EFDJTJPO NBLJOH PS FWFO B DIBOHF JO HPWFSONFOU EVF UP QPMJUJDBM TIJGUT NBZ JNQBDU UIF (SPVQ T àOBODJBM BOE OPO àOBODJBM WBMVF DSFBUJPO DBQBCJMJUJFT 8IJMF HPWFSONFOU SFMBUFE EJHJUBM TFSWJDFT SFNBJO JNQPSUBOU UP .:&( T CVTJOFTT NPEFM UIF (SPVQ JT OPU PWFSXIFMNJOHMZ EFQFOEFOU PO JUT F HPWFSONFOU TFSWJDFT BT JUT TPMF JODPNF HFOFSBUPS 5IF (SPVQ BMTP DPNNBOET BO FYUFOTJWF SBOHF PG DPNNFSDJBM CBTFE QSPEVDU PGGFSJOHT BMPOHTJEF JUT F HPWFSONFOU QPSUGPMJP PG TFSWJDFT MYEG looks to continue expanding its portfolio of commercial services. Hence, the Group’s foray into healthcare and related services. Further details are provided in the Management Discussion and Analysis section of this report. MYEG’s IT Security Protocols and Practices: Data transmitted through our networks is encrypted using the latest encryption technologies to ensure confidentiality. Deployment of firewalls, antivirus and antimalware systems, access management systems and vulnerability systems throughout the entire IT infrastructure. Regulations, standard operating procedures and enforceable regulations for use of corporate systems, confidential data, email, mobile devices and passwords. The use of external hardware appliances such as thumb drives and other media are also restricted within MYEG premises. Websites and social media portals with high risks in cyber security are restricted to prevent malicious attacks via the exploitation of vulnerabilities. Adherence to Payment Card Industry Data Security Standard in the handling of credit card information for our e-services transactions. Compliance with Malaysia’s Personal Data Protection Act (“ PDPA ”) in dealing with personal information collected in the course of commercial transactions. Regular audit and penetration test to ensure the robustness of the entire IT infrastructure. Constant training is provided to employees to ensure that employees are aware of the security standards that we need to adhere to. MATERIALITY MATTERS (CONT’D)