UEM EDGENTA BERHAD ANNUAL REPORT 2021 1 2 3 4 5 6 7 MANAGEMENT DISCUSSION & ANALYSIS 75 74 and employees who expect us to exercise diligence in keeping the information we manage safe and secure. The UEM Edgenta Digital Transformation Innovation (“DTI”) department is responsible for overseeing cybersecurity and data protection related matters at the UEM Edgenta Group level. The DTI's coverage excludes Operon Middle East and UEMS. UEM Edgenta ensures strong management of information security of its employees, customers and suppliers through our IT General Governance policy. The policy was last reviewed in November 2021. UEM Edgenta also complies with the Personal Data Protection Act 2010 or any Non-Disclosure Agreements (“NDA”) that we have signed with clients. Meanwhile our Singapore Operations has achieved ISO 27001:2013 credentials for information management and will strive to maintain it through their Information Security Policy. In the year under review, we have embarked on a Cyber Security and Information Security project to establish our Cyber Security roadmap with the overall goal of obtaining ISO 27001 Information Security Management Systems certification at the Group level. We also continuously conduct training and share communications on cybersecurity topics and best practices. Beyond this, we actively monitor for any cyber threats and attacks across our operations, which include conducting vulnerability assessments to prevent possible attacks while ensuring that our security tools, hardware and software are constantly updated. At the divisional level, our Middle East Operations implemented a secure communication, file sharing and collaboration platform between employees with the wider use of MS Teams and One Drive. It also utilises Microsoft Azure and Office 365 that has advanced threat protection against malicious files, links and software. In Singapore, we upgraded our security tools to a cloud-based analytics setup and actively receive notifications for malware threats in our IT network to enable a proactive response. We also updated our HQ infrastructure to the latest hardware and software to minimise any potential threats. In 2021, there were zero substantiated complaints concerning breaches of customer privacy and loss of customer data. There were also zero cases of identified leaks, thefts or loss of customer data. Looking forward, at the Group level, we will continue to work towards establishing a Cyber Security and Information Security framework and policy as part of our remediation against overall cyber risks and information security. The goal is to obtain ISO 27001 Information Security Management Systems certification to increase our reliability for our customers. SUSTAINABILITY STATEMENT SUSTAINABILITY STATEMENT In the year under review, the Healthcare Support division reported zero incidents of non-compliance with socioeconomic laws and regulations, including legal requirements. The Healthcare Support division in Malaysia has also sourced and used four environmentally friendly detergent and supplies for private and commercial use, in compliance with the Ministry of Health’s list of approved chemicals. Going forward, our Middle East operations is pursuing Integrated Management System (“IMS”) for ISO 9001, 14001 and 45001 which would help it to manage its environmental compliance. Cybersecurity & Data Privacy UEM Edgenta relies on its information technology systems for the successful operation of its business, and it is therefore crucial to ensure our systems are protected and safe from cyberthreats which can compromise our operations and data privacy. Failure to do so can affect our reputation with clients In the year under review, we continued to communicate our anti-bribery and anti-corruption policies and procedures to our employees and business partners. Examples of initiatives we carried out in 2021 included: • Launching the Risk, Integrity & Compliance Resource Page • Annual Management Dialogue (“AMD”) • Conducting an annual management dialogue on integrity • Organising the UEM Edgenta Integrity Day 2021 • Launch of Risk, Integrity and Compliance Mandatory E-Learning (dual language) • Launch of Whistleblowing Microsite (Dual Language) • Awareness Training on ISO 37001:2016 ABMS for all employees • Knowledge Sharing Session with staff from business units on S17A Corporate Liability Provision and ABAC guide In 2021, there was no internal disciplinary action taken due to non-compliance with Anti-Bribery and Anti-Corruption policies involving UEM Edgenta employees. Compliance with Quality Management Systems Beyond our efforts to combat bribery and corruption, we are also committed to ensuring that we comply with all the requirements established under internal policies and procedures, as well as the International Quality Management Systems that we are certified for. In this context, the Group has dedicated teams to carry out Quality Assurance/Quality Control, and Health, Safety and Environment audit activities. Some of the certifications that the Group has obtained include: ISO 9001:2015 – Quality Management System 1 ISO 45001:2018 – Occupational Health and Safety Management Systems 2 ISO 14001:2018 – Environmental Management System 3 ISO 13485:2016 – Medical Devices Quality Management System 4 ISO/IEC 17025:2017 – Laboratory Management System 5 Acting with Integrity Upholding good business ethics practices is a crucial part of UEM Edgenta’s value creation process as we are cognisant that the risks related to corruption and bribery as well as poor governance can have an adverse impact on our operations. At UEM Edgenta, the BGRC is assisted by the Risk, Integrity & Compliance Department (“RICD”) in overseeing corruption, fraud, malpractice and unethical conduct within the organisation. The BGRC is chaired by an independent non-executive director. Through our Anti-Bribery & Anti-Corruption (“ABAC”) Guide, UEM Edgenta takes a zero-tolerance approach to bribery and corruption and is committed to adhering to the highest standards of ethical behaviour in the conduct of all its business dealings and relationships. This is an essential guide to managing bribery and corruption risk. In addition, we conduct a periodic Corruption Risk Assessment of every department. We are also governed by the Code of Conduct, which is aimed at curbing bribery and corruption, where, among others, we require our personnel to declare any conflict of interest. This Code of Conduct is also extended to our business partners. UEM Edgenta is committed towards addressing any violations to the Code of Conduct, as well as any applicable law, regulations or policies. We have put in place several procedures to mete out specific and appropriate disciplinary actions against any unethical or improper practices. UEM Edgenta also has a Whistleblowing Policy & Procedure as well as confidential or anonymous whistle-blowing or equivalent channels to notify of breaches of Company codes or policies. Material whistleblowing cases are reported to the Board of Directors who have a supervisory overview of the ethical environment within UEM Edgenta. Over the short term, the RICD targets to strengthen integrity and governance practices are: Integrity: • Implementing training for employees and senior management/ Board; • Organising an Integrity Day for employees and business partners; • Organising Anti-Bribery Management System (“ABMS”) Technical Training for representatives of departments; • ABMS Awareness Training for the Board and senior management; • Periodic communication on integrity issues to all employees; and • 100% completion and pass rate by all employees for the Integrity E-Learning Module. Governance & Compliance: • Embarking on MS ISO 37001: 2016 ABMS certification; • No major non-compliance reporting; • 100% Conflict of Interest declaration by employees which must be vetted by the Head of Department in a timely manner; and • Periodic revision of Corruption Risk Assessment by every department. Complaint Management & Investigation (Detection & Verification): • Independent Whistleblowing Channel; and • Independent Investigation Team. For more information about Our Material Matters, please refer to pages 52 to 53. Materiality assessments are undertaken to identify UEM Edgenta’s actual and potential sustainability risks and opportunities. Our corporate strategy and business planning consider these material matters in view of providing mitigating actions. These material matters are reviewed every year to ensure continued relevance, and to help us refine our strategies so as to better manage our risks and leverage current opportunities. Our methodology is guided by Bursa Malaysia’s Sustainability Reporting Guidelines (2nd edition) and the GRI Standards. Materiality assessment process The Group’s materiality assessment process is based on a three-step approach in accordance to the GRI standards. The first step is to review and identify, followed by prioritisation and finally, validation. In FY2021, UEM Edgenta conducted an internal survey to understand and gather feedback on the relative importance of various Economic, Environmental, Social (“EES”) matters to the Group. We reviewed our material matters through analysing internal and external factors such as business operating environment, emerging trends, COVID-19 impact, risks and opportunities, regulatory requirements, peer benchmarking, and analyst reports, as well as insightful internal and external stakeholder feedback. Following that, the Group prioritised the sustainability matters based on their influence to stakeholders to impact to the Group through a materiality assessment workshop. The result of the workshop was a materiality matrix which prioritised the material matters accordingly. This was then submitted to the senior management, BGRC and Board for validation and approval. Materiality matrix In 2021, 11 EES matters were identified as major drivers of our sustainability efforts. Of these, four had economic impact (business ethics, economic development, supply chain management, and innovation); two had environmental impact (climate change & energy and environmental management); and five had social impact (human rights assessment, occupational health & safety, customer satisfaction, employment culture, and local community). By focusing on these matters, we were able to better manage our stakeholders’ expectations and create long-term value for them in a manner that is consistent with our business strategies and objectives. For more information about Our Stakeholder Engagement, please refer to page 46. The Group strives to actively and regularly engage with stakeholders. We invest in maintaining an open and transparent dialogue with them to gain insights into their expectations of ESG aspects related to our business. This helps us set our business priorities, whilst responding to their needs more effectively, and ultimately, enable us to deliver long-term value to all stakeholders. BUSINESS ETHICS Stakeholder Engagement UEM Edgenta has a broad range of stakeholders who we impact and, who in turn, impact us. They include clients and partners; the Government and regulators, industry and business associates; shareholders, investors; supply chain partners; media, community; and our Board as well as employees. Materiality Assessment
RkJQdWJsaXNoZXIy NDgzMzc=