CORPORATE GOVERNANCE AND CYBERSECURITY


Strong corporate governance is critical in operating effectively, efficiently and in a manner that increases value to our stakeholders. We continuously strive to strengthen our corporate governance regime, including ensuring that the provisions of Aristocrat’s Constitution, the Corporations Act, ASX Listing Rules and Regulations that apply to Aristocrat are complied with in full.

Our Board of Directors is focused on effective oversight of the business, including through four Board Committees as well as sub-committees, while maintaining a sound and transparent governance framework with corporate governance issues being a standing agenda for all Board meetings.

The Board determines the management policies of Aristocrat and delegates decision-making authority to the Executive Leadership Team to conduct business operations in accordance with Aristocrat’s governance principles and framework.

Further information about Aristocrat’s approach to corporate governance can be found at this link

Corporate Governance

Cyber security

Aristocrat takes an enterprise-wide view of our cyber risks and mitigation strategies in recognition of the escalating cyber threats faced by all businesses and the increasing sophistication and number of potential risks.

Aristocrat places particular emphasis on educating our employees to be conscious of cyber security risks and to ensure compliance in following our security procedures and protocols.  Updated cybersecurity training is planned to be implemented across Aristocrat into 2019. Cybersecurity management also requires broad engagement across the business to effectively manage threats.  A cross-functional, global cyber team oversees and drives Aristocrat’s cybersecurity agenda.  This team recently oversaw a comprehensive review to identify risks, and prioritise and implement improvements across the global business, with detailed engagement of the Executive Management team.

Among the many recent measures to mitigate against cyber threats was our implementation of a Universal Digital Identity for Aristocrat employees and the deployment of a cyber monitoring service to identify cyber theft.

 

General Data Protection Regulation (GDPR)

In May 2018 new EU legislation for consumer privacy protection came into effect globally for all businesses either located in the EU or those businesses transacting with or marketing to EU citizens. Aristocrat and its operating businesses worked hard to ensure we are fully compliant with GDPR legislation.

 

Crisis management

In 2018 we conducted a comprehensive review of Aristocrat’s crisis management capability, with the result that our Crisis Management Plan has been updated and expanded to include technology-related threats.  Our refreshed Crisis Management Plan also introduces enhanced measures to ensure effective management of a crisis, including identification and management of additional risks, exposures and stakeholder interests.  An important focus of this work has been forming central and regional Crisis Management Teams (CMT) and equipping them with in-depth training, authority and resources to expedite the company’s incident response.  This year, Aristocrat’s CMT was trained in managing human impacts (employees and community), company reputation and corporate assets.  Both our central and regional CMT have been empowered to make strategic decisions, provide direction and guidance to response teams and to the wider organisation.