TRAINING The Managers’ employees undergo appropriate training and development to ensure all are well-informed about the core values and principles that shape the way CLI works and functions. Employees learn about these by attending the online orientation modules on the Staff Orientation App and CapitaLand Immersion Programme when they first join, and via e-learning courses such as “CapitaLand Core Values” where specific examples and applications of the company’s core values in the workplace are shared. Employees also attend training pertaining to ethics, code of conduct and enterprise risk management, which includes sharing of FBC incidents and how prevention and detection can be carried out. In FY 2023, 100% of the Managers’ key management personnel, and 81% of CLAS’ employees1 participated in FBC or anti-corruption training. 99% of the employees who participated in FBC or anti-corruption training were full-time equivalent and 1% were part-time employees. About 90% of the employees were from CLAS’ properties in Asia Pacific, while the other 10% were from CLAS’ properties in Europe (including UK). Additionally, CLAS’ Boards recognise the importance of continual training and development for CLAS’ directors. In FY 2023, the training programmes attended by the directors included the Sustainability Training for Directors of REIT Manager organised by REITAS, as well as various seminars in relation to board matters, audit and risk committee matters such as business interruption risk, cybersecurity, environmental health and safety and global sanctions compliance policy. PERSONAL DATA PRIVACY AND PROTECTION CLAS respects the confidentiality of personal data and privacy of individuals and is committed to complying with the Singapore Personal Data Protection Act (Act 26 of 2012) and other applicable data protection laws, including the European Union General Data Protection Regulation where applicable. In alignment with its Personal Data Protection Policy, CLAS adopts a pragmatic “data-light, data-tight” approach in its business conduct, where personal data is collected only for what is required in business or in activities conducted by the organisation, and the personal data will be properly destroyed once there is no business or legal purpose. CLAS does not collect personal data randomly or indiscriminately without purpose and does not disclose personal data unless prior consent has been obtained. CLAS has administrative, physical and IT security measures to protect personal data. CLAS’ Personal Data Protection Policy is publicly available on DiscoverASR’s website. There were no substantiated complaints reported in FY 2023 regarding breaches of privacy and loss of personal data. BUSINESS CONTINUITY MANAGEMENT The Managers have implemented a Business Continuity Management programme that puts in place prevention, detection, response and business recovery and resumption measures to minimise the impact of adverse business interruptions or unforeseen events on CLAS’ operations and has in place a Business Continuity Plan (BCP). Under the BCP, Management has identified the critical business functions, processes, and resources, and is able to tap on a pool of CLI employees who are trained under a Business Psychological Resilience Programme to provide peer support to colleagues following the occurrence of adverse events. As part of the BCP, periodic desktop exercises and drills, simulating different scenarios, are carried out to stress-test the effectiveness of processes, procedures, and escalation protocols. This holistic approach under the BCP serves to ensure organisational and staff preparedness and readiness to deal with adverse business disruptions such as acts of terrorism, cyberattacks, data breaches and epidemics. This approach aims to minimise financial loss to CLAS, allowing the Managers to continue to function as the managers of CLAS and mitigate any negative effects that the disruptions could have on the Managers’ reputation, operations, and ability to remain in compliance with relevant laws and regulations. The Managers have also acquired insurance policies for CLAS on business interruption events. INFORMATION TECHNOLOGY AND CYBERSECURITY CLI has in place policies and procedures which set out the governance and controls of IT and cybersecurity risks. This is under the purview of Group Technology and overseen by a member of the CLI Management Council. The cybersecurity policy is available to staff on our Intranet. To build a resilient cyber infrastructure and network, CLI reviews its cybersecurity strategy against existing and evolving threat landscapes and institutes measures to minimise exposure to vulnerability. Mitigating actions include conducting IT Security Awareness Training for staff, an annual Disaster Recovery Plan exercise to ensure timely recoverability of business-critical IT systems and engaging independent security service providers to conduct vulnerability assessments to further strengthen the IT systems. SUSTAINABILITY REPORT 2023 70
RkJQdWJsaXNoZXIy NTkwNzg=