RISK Our main strategic business risks are reviewed at every Audit & Risk Committee (ARC) meeting and the Chair of ARC produces an annual report of the Committee’s activities for consideration by the Board. Risk Impact HowWeManage Risk Our customers’ homes and our assets are not safe or compliant with legislative requirements • Risk of injury to people • Disruption to service delivery • Poor customer service • Financial consequences • Criminal and/or civil prosecution • Regulatory consequences • Reputational damage • Landlord compliance regime in place • Servicing and maintenance procedures • Standardised approach to fire regulation • Estate inspections include health and safety • Director of Property, Building Safety & Compliance in place to manage function • Data review and audit on system-held data • Independent compliance audits • Monthly reporting to Senior Management Team • Performance reporting to Operations Committee We are subject to a successful cyber attack • Service disruption • Data lost and/or corrupted • Fraudulent transactions lead to financial loss • Regulatory consequences • Data protection is compromised • Information Commissioner’s Office fines/sanctions • Individual and/or class legal actions • Reputational damage • Monitoring of network capacity and security infrastructure via external provider • Multifactor authentication pilot completed but further tests required • Vulnerability testing including penetration testing • Programme being rolled out for attaining Cyber Essentials certification • Restricted external access to corporate systems • Blocked legacy authentication • Mandatory annual cyber security training for all staff 18 ARHAG
RkJQdWJsaXNoZXIy NDA3NTg=