This is Gold Fields Information, Communication and Technology (ICT)
ICT governance remains a key focus area for the Gold Fields Group, the responsibility of which was delegated to the Audit Committee by the Board of Directors. The Audit Committee also works with the Risk Committee on related ICT matters. In the Group’s 2019 risk register, Cybercrime/Loss of ICT data was ranked as the No 10 risk.
Gold Fields’ ICT Charter defines the overall direction and governance for ICT across the Group. The Vice President and Group Head of ICT, Strini Mudaly, is responsible for executing ICT governance procedures in line with this Charter, and reports to the Audit Committee at each meeting. The Committee reviews his report, which includes the results of all review and testing conducted by management and GFIA.
Gold Fields adopted the Control Objectives for Information Technology (COBIT) as a governance framework, and regular assessments are conducted to determine the maturity of ICT governance processes.
Gold Fields’ ICT at its various operations is operating at an overall maturity level of between three and four out of five, indicating that the Group’s ICT governance framework and processes are established and predictable. Areas of ICT risks across the Group were defined as part of the Group’s overall risk management framework, and formal policies and procedures are documented and updated regularly for these areas.
Given the nature of cyber security and the rising global cyber risk, cyber security has now become a key component of the Group’s ICT governance and risk agenda. Gold Fields further enhanced its cyber security management controls during 2018 and 2019, by achieving the ISO 27001 Information Security Management System certification for all its mines and corporate offices. The Group has also installed operational technology cybersecurity monitoring platforms to safeguard critical infrastructure.
The ICT Governance, Risk, Architecture, Standards, and Security Compliance (GRASSC) Committee is responsible for ensuring compliance and adherence to the Group’s ICT policies and procedures. The ICT GRASSC Committee reviews compliance to the governance framework quarterly and recommends improvements as appropriate.