CYBER-READINESS AND DATA PRIVACY

With cyber-attacks becoming more prevalent, targeted and complex, we are adopting industry best practices and moving beyond technology defence towards a more holistic and risk-based cybersecurity framework. The objective is to establish a robust foundation to identify and protect our critical assets and more importantly, be able to detect and respond to threats.

Using proven security solutions, we ensure sensitive data is encrypted to safeguard critical information. Data recovery strategy and measures, such as backup, are in place to minimise downtime and ensure critical information can be made quickly available for business continuity.

CDL has developed a Cybersecurity Framework to detect, protect against and respond to cyber-attacks and crimes, and the CDL Computer Security Policies and Standards was updated on cybersecurity compliance. Besides embracing the Next Generation Anti-Virus software, Advanced Email Security Protection solution, Enterprise Class Firewalls and Intrusion Protection System to protect our information assets, our Information Technology (IT) department has also deployed the User Behaviour Analytical solution to enable the identification of abnormal user computing behaviours or activities. In addition, IT puts in place a series of online cybersecurity training and conducts periodic phishing attacks to increase our employees’ vigilance.

Employee Training and Communication

Annually, 100% of our full- and part-time employees are required to complete a compulsory online declaration to acknowledge that they are aware of, have read, and are compliant with CDL’s corporate policies and guidelines. Available anytime, awareness bulletins are published on CDL’s intranet for a quick refresher on key elements of CDL’s stance against corruption. In 2019, CDL’s zero tolerance on corrupt business practices and extortion was communicated to 100% of employees. Fraud risk awareness training and assessments covering topics such as bribery and conflicts of interest were also conducted for selected front-line business units.

New hires, as part of their orientation programme, are required to learn about CDL’s Code of Business Conduct and Ethics, as well as other related corporate policies including Anti-Corruption, Fraud, Competition, and Whistle-Blowing. They are also required to complete a self-paced, interactive e-learning module (accessible to all employees as well) that provides information and guidance to recognise, address, resolve, avoid, and prevent instances of corruption. In 2019, 100% new hires were educated with anti-corruption knowledge.

DATA PRIVACY

Information security materials are made available to better educate stakeholders on prevailing risks, especially in the handling of sensitive corporate data. Since 2014, we have implemented a Data Privacy Policy which informs stakeholders on how CDL manages personal data in compliance with the Singapore Personal Data Protection Act (No. 26 of 2012). Customers and business partners can get in touch with our Data Protection Officer by mail, email and phone on matters concerning their personal data with CDL. The Data Privacy Policy is made available to the public on our corporate website.

CDL’s Social Media Guidelines advocate employees’ responsibility on the use of social media, including taking precautions for the protection of information privacy.

In 2019, there were no substantiated complaints concerning breaches of customer privacy, theft, leak and loss of customer data or critical information.