CIM FINANCE. INTEGRATED REPORT 2022 | 83 is maintained by the Company Secretary and is available for consultation by shareholders upon written request to the Company Secretary. In addition, the Group has adopted a Related Party Policy which sets out the framework of riskmanagement put in placewith regard to the identification, monitoring and reporting of related party transactions. The Policy’s underlying principles are derived fromtheGuidelines of the Bank ofMauritius on related party transactions and the Listing Rules. The Code of Ethics of the Group also sets out instances which could lead to a conflict of interest and the procedure for dealing with such potential conflicts. For the year under review, only one Director, namely Mr. Colin Taylor dealt in the shares of the Company and disposed of 283,300 shares. The direct and indirect interests of Directors in the shares of the Company are set out in the table on page 81. 2.10 INFORMATION, INFORMATION TECHNOLOGY (IT) AND INFORMATION SECURITY POLICY TheBoardoversees information governancewithin the organisation and ensures that the performance of information and information technology (IT) systems leads to business benefits and creates value. The Group has adopted various IT policies, namely a Firewall Policy, which was implemented to mitigate the risks associated with security threats, and a Data Privacy Policy, which complies with the requirements of the Mauritian Data Protection Act 2017 andwas set up to protect and ensure the confidentiality of personal or sensitive personal data. The Group has also adopted a Data Retention and Disposal Policy to minimise data storage amount and retention time. Matters of importance with regard to information security policies are also taken up by the Risk Management Committee and recommendations are submitted to the Board for approval. The Board, through its committees, ensures that proper policies have been implemented for the protection of the Company’s information assets. Policies have also been set up to protect the integrity, ensure the confidentiality and control the usage of and access to the information essential for the smooth running of the Company’s business activities. Mitigation actionswere takenbymanagement following the advent of the COVID-19 outbreak tominimise information security risks. Management also ensured that all employees were provided with the appropriate tools to ensure a smooth transition to teleworking, thus guaranteeing business continuity. Furthermore, awareness sessions are held for staff on cybersecurity risks through Saba, the e-learning platform of the Group, thus contributing to the improvement of the Information Security framework. The Board approvesmaterial investments in information technology and security according to the business needs of the Group, as set out in the annual budget. 2.11 BOARD PERFORMANCE REVIEW Following recommendations made by the Corporate Governance and Conduct Review Committee, the Board approved a board evaluation framework that will allow the company to transition in a smoothmanner, over a threeyear period, froman internally led Board evaluation to an externally- led exercise to ensure the Company complies with best practices in terms of board evaluation. The evaluation for this year was conducted internally by way of a questionnaire circulated to each Director to obtain their views on the effectiveness of the Board, to assess their contribution to the Board’s performance and to identify areas of improvement. The results have been analysed by the Corporate Governance and Conduct Review Committee, and no major issues were noted. These results have been reported at Board level at the Company’s board meeting held in December 2022.
RkJQdWJsaXNoZXIy MzQ3MjQ5