62 CapitaLand Ascott Trust Non-Financial Risks Material Risks Key Mitigating Actions Business Interruption Exposure to sudden and major disaster events such as fires, prolonged power outages or other major infrastructure or equipment failures which can cause business interruption and significantly disrupt operations at the properties. • Put in place business continuity plans and standard operating procedures for crisis management at each property to respond to any disruption. • Ensure business interruption insurance coverage is adequately purchased. Climate-related Physical risks include coastal and fluvial flooding, tropical cyclones, extreme cold, extreme heat and wildfire. Transition risks encompass the potential impact of more stringent regulations, carbon price shifts, changes in electricity prices and increased expectations from customers and stakeholders. • Conduct an assessment of physical and transition risks and opportunities, and health and safety related risks in the evaluation of new investments/ capital expenditure decisions. This includes implementing a shadow internal carbon price. • Review the mitigation and adaptation efforts, which include future‑proofing the portfolio, enhancing the operational efficiency of CLAS' properties and implementing measures to drive decarbonisation across its value chain. Cybersecurity and Information Technology Ongoing business digitalisation exposes the business to IT-related threats, which may result in compromising the confidentiality, integrity and availability of CLAS’ information assets and/or systems. • Continuously review threat landscapes, and institute measures to minimise vulnerability exposure and manage threat vectors, including enhanced protection controls for systems that hold personal data. • Conduct regular mandatory IT Security Awareness Training to minimise human-related risks in the information security chain. • Conduct IT Security Incident Management Procedure test, third‑party vulnerability test and annual Disaster Recovery Plan exercise to validate IT infrastructure/management system security resilience and ensure timely recoverability of business-critical IT systems. • Maintain Board oversight with regular updates to ARC on the state of cybersecurity risk activities and key control improvements, with periodic review and updates of the Group-wide IT Security Policy. Risk Management
RkJQdWJsaXNoZXIy NTkwNzg=