Target and Progress Target Performance Data Protection: To achieve full compliance with PDPA requirements Zero incidents of PDPA breaches detected In FY 2025, CLAR engaged in various risk management initiatives including: • Risk Management Workshop The Manager conducted an annual risk management workshop to identify key risks that may impact CLAR’s strategic and business objectives. Employees were briefed on CLAR’s strategy and the prevailing risk environment, and key managers discussed and assessed the most significant risks to CLAR. Other employees applied their learning through an interactive exercise and shared their perspectives on key risks. This reinforces a strong culture of risk awareness across CLAR. • Strengthening Risk Awareness and Ethical Conduct To reinforce robust governance practices, ongoing training on key risk and compliance topics, including data protection, anti‑money laundering, and the prevention of fraud, bribery, and corruption, was provided to all employees. This ensures that employees are well‑equipped to uphold responsible and ethical business conduct. In addition, as part of strengthening risk awareness, CLI also conducts periodic simulations to enhance awareness of cybersecurity to reduce related risks. CLAR’s Endeavours and Initiatives Cybersecurity & Data Privacy With increased exposures to cybersecurity and IT risks, CLAR recognises that the protection of personal data is increasingly critical. CLAR adheres to the Personal Data Protection Act 2012 (PDPA), General Data Protection Regulation (GDPR) and establishes enhanced security controls for systems containing personal data, in line with CLI’s group-wide Personal Data Protection Policy. More information about “Cybersecurity and Information Technology” and “Regulatory & Compliance” risks, together with CLAR’s mitigating actions, can be found in the Risk Management section on pages 98 to 103 of CLAR's AR 2025. Sustainability Report 2025 49
RkJQdWJsaXNoZXIy NTM2MDQ5