本页仅为文字内容,不可回答。

ESG Research 2019 - Industry specific (cybersecurity)

Please answer all the questions and mark the source (ESG/ AR and page number) at the comment box ^^
Your Name
    ____________
Stock Code
    ____________
Company Name
    ____________
Part 1 Materiality
The company identified cybersecurity as a material ESG topic
Yes
No
The company mentioned cybersecurity in...
ESG Report - Materiality Matrix
ESG Report - CEO Message
ESG Report - Other Section (Please specify)
Annual Report - Risk Management
Annual Report - Directors Report
Annual Report - Other Section (Please specify)
N/A
Part 2 Governance
There was a Board-level oversight of cybersecurity issues
Yes
No
The company described the managements role (including committee) in managing cybersecurity issues
Yes
No
Level of management regarding cybersecurity issues (with responsibility disclosed)
Board of Directors
Top Management e.g. CEO, CFO
Committee/ Working Group
Department
Officer/ Other Individuals
N/A
Part 3 Strategy
Did the company identify any cyber risks/ key threats of cyber risks over the short/ medium/ long term?
Yes
No
Did the company describe any impacts of cyber risks on the companys businesses, strategy and financial planning?
Yes
No
Did the company mention any strategies of managing cyber risks?
Yes
No
Part 4 Risk Management
Did the company disclose any company policies for cyber risk management?
Yes
No
Did the company describe the process ofidentifying, assessing and managing cyber risks?
Yes: with a structured response plan dedicated to cyber risks
Yes: incorporated into the companys business risk model
Yes: with a general description
No
Did the company conduct simulation exercises for cyber risk management?
Yes
No
Did the company set targets to manage cyber risks? (Directional/ Quantitative)
Yes
No
Any awareness-building campaign e.g. employee training?
Yes
No
Did the company adhere to any national/ international standards with respect to cyber/ information security?
Yes
No
The company adhered to...
ISO27001 Information Security Management System
ISO27002 Information Security System
GB/T 22081 《信息安全管理使用規則》
Other national/ international standards (please specify)
N/A
Part 5 Reported Incident and Follow Up
Any reported incident relating to cybersecurity within the company?
Yes, during the reporting year
Yes, in past years
No
Any reported incident relating to cybersecurtiy within the industry ?
Yes, during the reporting year
Yes, in past years
No
Did the company mention how they responded/ improved to prevent similar incidentsin the future?
Yes
No
N/A (no reported incident within the company/ industry)
举报