55 MANAGING OUR KEY ESG RISKS GOOD GOVERNANCE SUSTAINABLE ECONOMIC GROWTH ENVIRONMENTAL STEWARDSHIP EMPOWERING PEOPLE AND COMMUNITIES APPENDIX Our suite of IT policies forms a fundamental aspect of IT governance which guides our management approach towards cyber risks and responses to security incidents. Key Policy and Framework • Cyber security is a formal risk component of Kenanga’s Enterprise Risk Management Framework. • Cyber Security Policy has been developed based on regulatory guidelines such as Bank Negara Malaysia Risk Management in Technology (RMiT). • The Group Confidential Information Policy has been established and incorporates various privacy legislation that includes Financial Service Act 2013, Securities Industry (Central Depositories) Act 1991, BNM Management of Customer Information and Permitted Disclosure and Personal Data Protection Act (“PDPA”) 2010. • The policy provides governance for all data usage by Kenanga Group i.e., including Paynet related application/ system (such as RENTAS and FAST), whereby data asset is currently categorised in three (3) different classifications: Regulated Confidential, Unregulated Confidential and Public. • Sensitive data discovery is included in Information Asset Inventory, which is covered by the embedded rules in the Data Loss Prevention (“DLP”) tool. The DLP rules are also consistent with the Group Confidentiality Information Policy. OUR APPROACH CYBER SECURITY WHY IT MATTERS As we transition towards a future defined by digital innovation, cyber security issues have increasingly become more relevant and urgent to organisations. We aim to address cyber risks by actively monitoring developments in the cyber world and strengthening our cyber security measures across our operations. GRI 418 Our DLP Framework has been structured to outline data protection measures for sensitive data across different mediums to address cyber threats. Supporting our DLP Framework is Kenanga Group’s Cyber Security Policy as outlined by Bursa Malaysia, Bank Negara Malaysia and the Securities Commission Malaysia Guidelines on IT and Cyber Security. The Group’s DLP project was launched in 2019 to provide us with greater visibility over data processes within Kenanga. Through this project, we can monitor the location of confidential data, determine how it is being used and undertake measures to prevent data loss. The Framework also outlines data protection measures for sensitive data across all endpoint devices and data egress channels, aligned with our DLP Framework & Group Confidential Information Policy. All activities have been monitored and alerts will be prompted when the DLP system detects customers’ data or confidential information is being shared to external parties or copied to external mediums. In order to proceed with the activity, the users will need to provide reasons and justification, which will be documented by the Data Officers and Data Governance team. To further promote transparency and improve customer awareness, we also published a Privacy Notice on our corporate website which specifies the scope in which we utilise customers’ data. Data Loss Prevention Framework SUSTAINABLE ECONOMIC GROWTH
RkJQdWJsaXNoZXIy MTc1ODMy