The Board and executive management are well informed about the role of technology and information and its impact on Remgro’s business, taking into account the relatively limited technology needs of an investment holding company.
The ROTIG Committee considers the technology and information risk register on a regular basis, while the progress on technology and information and control-related projects are monitored directly by the Audit and Risk Committee itself. The Board exercises oversight over these committees and is satisfied that technology and information is properly managed and that it is aligned with the objectives of the Remgro Group’s business.
Remgro has a Technology and Information Governance Policy that is reviewed annually and is supplemented by governance-based policies such as the Acceptable Technology and Information Use Policy and Information Confidentiality Policy. During the year under review, the Technology and Information Governance Policy was reviewed in light of the principles and recommended practices of King IV.
The head of Technology and Information reports to the Remgro CFO and technology and information-related matters are addressed by a Technology and Information Steering Committee, comprising the head of Technology and Information and five other members of senior management. This committee also reports to the ROTIG Committee on the progress regarding technology and information-related projects. The ROTIG Committee in turn considers and monitors the progress on technology and information-related projects. The Technology and Information Steering Committee is also responsible for monitoring adherence to the Technology and Information Governance Policy.
Remgro has outsourced its Technology and Information operations to credible service providers through compre-hensive Service Level Agreements. The Service Level Agreements of the service providers, which deals with, inter alia, key deliverables such as system and user support, system availability, cyber-risk management, virus protection, telephony and other general controls, is reviewed annually and its compliance monitored. Technology and information service management is based on the international Information Technology Infrastructure Library (ITIL) framework.
Technology and information risk management is fully integrated and included in Remgro’s combined assurance process. A business continuity plan has been formalised and successful tests performed on the back-up and disaster recovery processes. Detailed feedback on the Remgro Group’s technology and information risks is provided to the ROTIG Committee and the Audit and Risk Committee.
Information security policies are in place throughout Remgro regulating, inter alia, the processing and protection of own and third-party information. When required, specialist skills are insourced to assist with information technology services.
An overview of the key areas of focus during the reporting period and planned areas of future focus can be found in the Risk and Opportunities Management Report.