OUR PROGRESS IN 2024 Fortifying Our Operating Model • Continued to adapt our operating model to address evolving challenges, opportunities, and threats to data privacy and security. • Took steps to ensure the robustness and resilience of our model in supporting our Zero Trust journey. Enhancing Our Risk Acumen and Processes • Implemented tracking and monitoring mechanisms to manage risks within our defined risk appetite and thresholds. • Revised key risk indicators and undertook other initiatives to enable deeper and more precise measurement of our risk exposure, thereby reinforcing our existing processes for data protection and ensuring adaptability to the evolving risk landscape. Continuous Commitment to Data Quality Management • Actively monitored and tracked data to ensure reliability, accuracy, and alignment with its intended purpose. • Strengthened data quality management practices to facilitate informed decision-making and regulatory compliance. Promoting Data Governance Excellence • Refreshed our Group Data Governance Framework, policies, and guidelines to align with the latest regulatory requirements, including those of regulators and the PDPA. • Strengthened our data security posture by incorporating best practices in data governance and management. Driving CapacityBuilding on Data Privacy, Cybersecurity, and Information Security • Empowered our employees as key stewards of data protection through revamped mandatory e-learning modules, ensuring relevance and effectiveness in promoting risk awareness. • Delivered regular security campaigns, classroom sessions, and targeted training during project kickoffs to enhance understanding of data privacy, cybersecurity, and information security risks. Fostering a Culture of Data Privacy and Security • Conducted training and awareness programmes across the organisation, including data leakage prevention initiatives and phishing simulation exercises. • Participated in information sharing initiatives within the industry to stay informed on the latest industry developments and emerging threats. Strengthening Our Security Posture • Undertook a range of initiatives to strengthen our security posture and defence-in-depth strategy, with the aim of ensuring that our systems, data, and processes remain resilient and secure against emerging threats and vulnerabilities. • Initiatives carried out include Zero Trust deployment, red teaming campaigns, vulnerability assessments, penetration testing, compromise assessments, and enhancements to data leakage prevention, along with ongoing outsourcing due diligence reviews and technology risk assessments. Elevating Our Data Leakage Prevention Approach • Adapted our data leakage prevention approach by leveraging leading technologies to proactively address the evolving risk landscape. • Consistently refined our policies and processes to safeguard our stakeholders’ interests and protect sensitive information. Focus Areas What We Are Doing 183 www.bankislam.com 01 02 03 04 05 SUSTAINABILITY STATEMENT 06 07 08 09
RkJQdWJsaXNoZXIy NDgzMzc=