Information security and data protection
We are committed to maintaining stability and reliability among our portfolio companies and make every effort to protect the personal information of our employees and customers from leakage, theft, or loss.
The Fund has organized an Information Security Committee, which provides recommendations on ensuring information security in portfolio companies and maintains constant interaction with government agencies and other stakeholders to address security issues in the information space better.
The Fund has implemented the “Basic Rules of Information Security Policy” with applications in the form of methods, guidelines, and rules that cover the required activities of information security and IT specialists and all employees to implement measures to ensure information security. GRI 3-3
Work is underway to develop a Corporate Information Security Standard that regulates a general set of rules for ensuring information security and managing the process of coordinating activities in the Fund’s group of companies. GRI 3-3
A cybersecurity risk register is formed annually, and a risk report is generated quarterly, including regarding the Fund’s group of companies.
In 2023, audits of the Fund’s portfolio companies were conducted to ensure compliance with information security requirements, and recommendations were developed for bringing into compliance and increasing the level of information security. GRI 3-3
The total number of information security incidents was 16,094 in the reporting year, with malware detection and unauthorized access/hacking accounting for 49%. All incidents are processed on time, preventing leakage of customer data. There were no incidents related to customer data.
