Construction Industry Council - Annual Report 2024

ANNUAL REPORT 2024 165 OUR SUSTAINABILITY JOURNEY Access to highly confidential information is strictly limited to authorised personnel, with redistribution and duplication prohibited. Sensitive electronic data is protected through encryption, with additional password security for highly confidential files. Encrypted channels are used for data transfers. Large volume of data transfers require prior approval from the Information Technology and the Legal departments. For secure disposal, magnetic media is erased or degaussed, physical storage devices are destroyed, and data is permanently deleted from servers and cloud platforms. To further strengthen cybersecurity, we have adopted advanced tools and controls, such as Azure Information Protection (AIP), Data Leak Prevention (DLP), Data encryption, and Access control management. This standard and these control measures are reviewed and updated annually to ensure continued alignment with emerging threats and best practices. Education and Awareness We recognise that people play an important role in safeguarding data and mitigating privacy risks. To this end, we provide comprehensive data privacy training to all staff members and identify role- based training for Personal Data Champions. These training programmes focus on increasing awareness of data security risks and equipping employees with the tools and behavioural guidelines necessary to effectively protect our stakeholders. Cybersecurity As the cyber threat landscape continues to evolve, we remain vigilant in protecting the integrity of its data and systems. We have invested in robust cybersecurity measures and continuously updated our practices to meet the highest industry standards, safeguarding the interests of our stakeholders and the public. Cybersecurity Measures In March 2024, we introduced the Information Classification and Handling Standard, which governs information management across its lifecycle. This standard defines roles and responsibilities for protecting information and outlines the processes for identifying, classifying, registering, handling, securing, maintaining, and disposing of information. Information is now categorised into four levels: • Highly Confidential (Highest) • Confidential • Internal • Public (Lowest)