Annual Report 2020

RISK MITIGATION B. OPERATIONAL 1. System Outages Outages of mission-control systems which are required for the continuity of flight operations. 2. Value Chain Disruption A failure in the airport systems that supports the aircraft refuelling, baggage handling, immigration, customs and quarantine processes which may lead to significant delays and business operational disruptions. 3. Cyber Threats These arise from different information system channels that bring about threats such as ransomware, phishing, data leakage, hacking and inside threats. These threats can cause significant damage and losses to the Group. 4. Safety Threats Increasing exposure to operational safety hazards and risk as the Group increases routes, flights and passenger volumes. The Group mitigates this risk by developing, implementing and testing the specific backup and failover systems to reduce this system outages. The Group has also put in place alternative sites that exist in the different geographical area in the event these mission- control systems fail at any one location. A Business Continuity Management Plan with the relevant Crisis Management Plan has been put into place to ensure this. The Group mitigates this risk by constant monitoring and communicating with the airport authorities so that any potential service disruptions can be prevented. The Group does periodic testing at these different airports and hubs through its Business Continuity Management Plan to ensure that there is minimal disruptions. The Group mitigates these risks by having a dedicated information security team that focuses on detecting, containing and remediating these cyber threats. The Group adopts a robust information security system that revolves around the ISO/IEC 27001 process and methodology to secure the information systems. Regular security assessments, penetration tests and source code reviews are performed on the systems to ensure cyber resilience. The Group mitigates this risk through a robust Safety Management System that is emphasized through the Safety Review Board (“SRB”) which ensures that rigid safety targets are obtained through the safety and quality standards. The Group places emphasis on digital tools that captures data for safety risk analysis that promotes continuous improvement. The Group is subject to routine mandatory Safety Audits for its operating licenses. The Group has completed all IATA Operational Safety Audits with the relevant certification for Malaysia, Thailand, Indonesia and Philippines. Statement onRiskManagement & Internal Control 154 AIRASIA GROUP BERHAD