Axiata Sustainability

ADVANCING ACCOUNTABILITY

How our governance practices drive long-term value​

Data Privacy & Cyber Security

The privacy and security of our customers, employees and other stakeholders is central to our reputation and the trust that we engender as an organisation.

Our Group-wide data privacy practices deliver a robust approach to securing information assets across the Group and are stringently overseen by the Board Risk and Compliance Committee, supported by the Risk and Compliance Department. Furthermore, Data Privacy Officers (DPO) have been appointed at each of our OpCos, supporting the uniform implementation of necessary practices while driving the enhancement of OpCo-level data privacy capabilities.

In ensuring continuous compliance at all levels, due diligence exercises of our vendors’ data-handling processes are regularly carried out. We also updated our Employee Code of Conduct and reviewed our Supplier Code of Conduct in 2021 to achieve full alignment with our expectations.

Outlook

Now in Phase Two of our Privacy Programme, and completing the first year of execution of our cyber security Digital Trust & Resilience 2023 (DT&R 2023) programme, our improvements in cyber and privacy maturity ratings have reaffirmed our efforts in data privacy and cyber security. However, we will continue to execute, capacity-build and enhance awareness of this risk to our business, service reliability and safety for our customers.

  • Ensuring Our Capabilities & Procedures Keep Pace

With heightened risks surrounding data, digitisation, connectivity and consumer privacy in the wake of the COVID-19 pandemic, our DPOs and OpCo-level Privacy Champions work to ensure that our technical capabilities and risk management procedures keep pace. We also engage external analysts and organisations such as GSMA, ITU, Gartner and the World Economic Forum for insights into emerging risks and industry trends in data privacy and cyber security.

Read the Data Privacy and Cyber Security topic in our Sustainability and National Contribution Report 2021 to learn about the specific risks we identified in 2021.

  • Robustly Protecting Privacy

Our Privacy Commitment, based on the principles of T.R.U.S.T. (Transparent, Rights, Use, Security and Transfer), form the basis for strong security and privacy governance in our technology, processes and people.

In aiming to achieve consistent and holistic data privacy protection across the Group, our OpCos take responsibility for identifying and managing localised risks, with mitigation actions supported by our established Group-level committees. Additionally, continuous efforts are undertaken at the Group level to engage employees on the importance of data privacy and provide use-case scenarios which they can use to address any potential issues they may face.

Our average Privacy Maturity Level in 2021 was 2.67/5.00, an improvement of 91% compared to 2020

  • Delivering Next Generation Cyber Security

2021 was the first year of our Digital Trust & Resilience 2023 (DT&R2023) cyber security strategy, a coherent and defensible cyber security programme based on a clear vision and strategic goals to build consumer trust and confidence in Axiata as The Next Generation Digital Champion.

This first year saw us leverage advanced technologies such as AI and data analytics, enhancing our ability to swiftly detect threats, deliver fast response times and maintain consistency across our divisions and activities. We also launched new technical standards for cyber security across Cloud, Telco and Application Development.

Complementing DT&R2023, we promote a cyber-savvy culture within our workforce through training and awareness initiatives, better equipping our teams to mitigate against emerging risks.

Our average Cyber Security Maturity in 2021 was 3.7/5.0, an improvement of 6% compared to 2020

Description of our material matters

Our material matters are determined through a bi-yearly process of materiality assessment, detailed below:

1. Review Of Material Matters

We review and update our material matters in response to changes in our business landscape, risk environment, internal policies, KPIs, emerging local and global sustainability trends, regulatory developments and stakeholder opinions. Our review also incorporates peer benchmarking.

2. Stakeholder Engagement

We conducted a structured stakeholder prioritisation exercise by leveraging insights from our dialogue with various stakeholders on our material matters. This allows us to identify the influence and dependence of key stakeholders on the Group. We then engage with the prioritised stakeholders to obtain their feedback on material matters.

3. Sustainability Impact Assessment

Upon identification of our material matters, we conducted workshops within the Group to further prioritise materiality matters from the business perspective.

Description of sustainability material matters - Next Generation Digital Champion

Material matter

Description

Material matter

Description

Sustainable Business Growth

Consideration of Economic, Environmental and Social (EES), and positive direct and indirect value creation in our strategic investment decisions to enhance our shareholder returns

Network Quality & Coverage

Enhancing network quality and coverage through continuous improvements in efficiency, availability and reliability

Digital Inclusion

Providing affordable and innovative products and services in bridging the digital gap

Digitisation & Modernisation

Technological innovation to enhance key internal business functions, improve process efficiency and effectiveness, and promote innovation and business continuity

Description of sustainability material matters - Environment

Material matter

Description

Material matter

Description

Climate Action

Internal controls and monitoring mechanisms to manage environmental impacts

Resource & Waste Management

Towards circular economy within our operations as well as the solutions we can provide our customers and supply chains waste management

Description of sustainability material matters - Social

Material matter

Description

Material matter

Description

Fair Employment & Welfare

Fostering fair recruitment practices by embracing diversity and inclusion in the workforce, and offering employees fair compensation and benefits

Talent Development

Promote development and uplift competencies of employees to respond to the rapidly changing and complex business environment

Employee Health, Safety & Wellbeing

Providing for the health, safety and wellbeing of our employees in ways that address key challenges and bring value to their livelihood in the workplace

Customer Service

Delivering a differentiated user experience for customers, and offering the most affordable products and services relative to customer promise in our highly competitive markets

Supply Chain Management

Consideration of EES factors across supply chain management and processes

Community Development

Financial and non-financial contributions to support local communities, underprivileged and underserved groups

Emergency & Disaster Response

Providing society in times of emergency and disaster, through the contribution of our business streams in disaster response

Description of sustainability material matters - Governance

Material matter

Description

Material matter

Description

Business Ethics & Compliance

Enhance business integrity compliance within the ambit of Malaysian and international laws on bribery and corruption

Data Privacy & Cyber Security

Protection of all data, information and intellectual property against cyber security breaches

Regulatory & Political Risk

Management of the evolving changes in the regulatory landscape and political context