ESG Report 2024

19 The Group has established a clear information security incident handling process to ensure that each step of the incident, from discovery, reporting to handling, is efficiently coordinated. A dedicated team follows up on the progress and compiles reports until the incident is fully resolved within a closed-loop management process, ensuring that the issue is properly addressed. Information Security Incident Discovery Officer Identifies and reports Information Security Team Leader Initiates accessing and reporting General Manager Digitisation Centre I ssues work instructions Information S ecurity Team Follows up on the progress and compiles reports Complete Information Security Reporting Channels The Group is aware that the possibility of accidents cannot be completely eliminated even with the implementation of protective measures. Therefore, the conducts regular or irregular audits at least once a year, focusing on confirming the management of established information security facilities and monitoring potential risks in areas that have not been developed. Upon completion of the audit, the audited entity is required to submit a rectification plan, and a confirmation of repairs will be conducted once the rectification is completed. In addition, the Group commissions a third-party independent organisation to conduct an audit of the information system and information security system every year to verify the compliance and effectiveness of the internal management system. Group’s Audit Centre Environmental, Social and Governance Report 2024 The United Laboratories International Holdings Limited