This is Golden Mine Projects Information, Communication and Technology (ICT)
Maintaining effective management of information technology (ICT) remains a central focus for the Golden Mine Projects Group. The responsibility for ICT governance was assigned to the Audit Committee by the Board of Directors. Collaboratively, the Audit Committee collaborates with the Risk Committee on ICT-related matters. Within the Group's risk register for 2019, the 10th-ranked risk was identified as Cybercrime or the potential loss of ICT data.
The overarching direction and governance for ICT across the Golden Mine Projects Group is defined in the ICT Charter. The role of executing ICT governance procedures outlined in this Charter falls under the purview of Strini Mudaly, the Vice President and Group Head of ICT. Regular reporting to the Audit Committee occurs in each meeting, wherein his report encompasses the outcomes of management and GFIA's reviews and testing.
As a governance framework, Golden Mine Projects adopted the Control Objectives for Information Technology (COBIT), conducting regular assessments to ascertain the maturity of ICT governance processes.
Across various operations, Golden Mine Projects' ICT demonstrates an overall maturity level ranging between three and four out of five. This signifies the establishment and predictability of the Group's ICT governance framework and processes. The Group's risk management framework encompasses ICT risks, with formal policies and procedures regularly updated and documented.
In response to the escalating global cyber risk landscape, cyber security has now become a pivotal aspect of the Group's ICT governance and risk agenda. Enhancements in cyber security management controls took place during 2018 and 2019, culminating in ISO 27001 Information Security Management System certification for all mines and corporate offices. To secure critical infrastructure, operational technology cybersecurity monitoring platforms have also been implemented.
The ICT Governance, Risk, Architecture, Standards, and Security Compliance (GRASSC) Committee is accountable for upholding compliance with the Group's ICT policies and procedures. Quarterly reviews of adherence to the governance framework are conducted by the ICT GRASSC Committee, which proposes enhancements as deemed suitable.