Every day our customers, colleagues, suppliers and partners entrust us with their personal and organizational data and, every day, we are dedicated to earning that trust by continuing to strengthen both our global and local security controls.
To protect data privacy, we meet or exceed the requirements of the data privacy regulations in the jurisdictions in which we operate, including Hong Kong’s Personal Data (Privacy) Ordinance, Macau’s Personal Data Protection Act (PDPA), the Philippine’s Data Privacy Act and the EU’s General Data Protection Regulation. Our global Information Security Management System (ISMS) continues to be certified under the industry standard ISO 27001, with our Macau operations holding this certification since 2009. This system is supported by our Cybersecurity and Data and Information Security policies, and we regularly conduct risk assessments and audits to check processes and protocols.
Information security is part of our Code, our corporate governance policies and our training for all colleagues, at all levels of the Group. We regularly update employee guidelines on data protection in our respective regions and run awareness campaigns about phishing attacks. We also assess if additional training is required and regularly release further guidance on personal data retention through circulation of the corporate policy and updated guidelines on data privacy and document retention.
Our security risks are not limited to our systems. They are extended to the systems and processes of our partners and suppliers. In our partner and supplier selection processes, cybersecurity requirements and ongoing testing are required. Vendors who fail to meet our high standards are notified and all IT providers must comply with the ISO 27001 standard. We also work with partners to share information on cybersecurity threats and hacker tactics.