Upholding Good Governance and Economic Resilience Press Metal Aluminium Holdings Berhad SECTION 5 • DELIVERING SUSTAINABLE VALUE FOR OUR STAKEHOLDERS 130 All data collected, processed, utilised, and stored from stakeholders such as employees and customers are managed in accordance with local regulatory standards. This includes adherence to Malaysia’s PDPA 2010 alongside internal policies and frameworks that are designed to uphold data privacy and security. Information stored is handled with the utmost care and sensitivity, ensuring its use remains confined to explicitly authorised purposes while preserving its confidentiality. All IT department personnel are required to sign a Data Security Agreement annually, reinforcing their commitment to safeguarding IT systems and protecting sensitive data from potential threats. Through these multifaceted efforts, our IT framework remained robust, ensuring continued protection against emerging cyber risks. OUR VALUE CREATION Press Metal embarked on a series of strategic initiatives aimed at fortifying our IT risk management practices, thereby enhancing the resilience of our operations. These efforts allowed us to navigate the complexities of an increasingly digital landscape and to safeguard our technological infrastructure. Strengthening Our Cybersecurity Measures To protect organisational and customer data, enterprise-grade cybersecurity solutions have been adopted along with enhanced IT security procedures and protocols to mitigate cyber risks. This robust framework encompassed the deployment of dual-layer firewalls, privileged authentication module controls, high-availability servers, and backup and disaster recovery systems. In addition, multi-level security access controls had been enforced, further bolstering data integrity through restrictive permissions given to authorised personnel and minimising exposure to vulnerabilities. Our commitment to continuous protection was reinforced through scheduled monitoring and assessments of our IT infrastructure, which enabled continuous protection through preemptive identification and resolution of potential weaknesses. Aligned with industry’s best practices, the Group adopted international IT compliance frameworks, and amid refining to align with the Cyber Security Act 2024. Increasing Awareness on Cybersecurity Press Metal remained resolute in cultivating a culture of cybersecurity awareness and compliance, through workshop engagements to stay abreast of evolving data privacy regulations. Regular updates from our trusted service providers for vulnerability testing allowed our defences to align to the latest developments in the cybersecurity landscape. Employee awareness and vigilance were pivotal to mitigating cyber threats, therefore, we had implemented training programmes to promote best practices across our workforce. In FYE2024, these efforts were elevated through targeted initiatives, including specialised training sessions for the Board of Directors, a cybersecurity awareness video made accessible to all employees, and participation in the Trusted Information Security Assessment Exchange (“TISAX”). To enhance cybersecurity resilience, employees at all levels received regular email updates on IT best practices, keeping them well-informed of the latest developments in the digital landscape. Complementing this initiative, we conducted quarterly social engineering assessments, such as email phishing tests, across the Group. These exercises served as both a diagnostic tool and a learning opportunity where employees who fell short will be reminded to identify suspicious communications.
RkJQdWJsaXNoZXIy NDgzMzc=