41061 Unite AR22 HI-RES WEB-READY - Flipbook - Page 85
STRATEGIC REPORT
GOVERNANCE
FINANCIAL STATEMENTS
OTHER INFORMATION
PRINCIPAL RISK
OPERATIONAL
4
Risk Description:
• Major health and safety (H&S) incident in a property or a development site.
Objective
Minimise the risk of
an incident that could
impact the safety
of our customers,
contractors and
employees
Events that may
trigger the risk
• Catastrophic fire or other
incident at a property
• Incident at construction site
involving Unite employees or
third party contractors
Potential impact
• Fatality or injury
• Reputational damage and
loss of trust in Unite as
reliable partner
How we monitor
and negotiate
• Board supervised Health & Safety
Committee in place
• Highly skilled and experienced H&S
team in place
• Customer Leadership Team and
Property Leadership Team focused
on H&S
• Expert external assurance on
development safety risk and
preparing for Building Safety Act,
Fire Safety Act changes
• Visible leadership for Safety &
Wellbeing driven by our senior
leaders
• Use of audits and external
consultants
• Comprehensive cladding
replacement programme
underway
PRINCIPAL RISK
TECHNOLOGY
5
Risk Description:
Significant loss of personal or confidential data or disruption to the corporate systems
either through cyber attack or internal theft/error.
• The risk of falling victim to a cyber attack – either targeted or random.
•
Maintain a secure
IT footprint that
discourages attacks
and informs us when
issues have been
detected
• Lack of security controls in
place in the IT landscape
•
Inadequate incident
response plan
• Increase in phishing activity
• PC security update failures
– patches not deployed to
all machines
• Significant loss of personal or
confidential data or disruption
to the corporate systems
• Reputational and/or financial
damage with increased
scrutiny including sanctions
and fines
• Defined governance structure for
information security
• Technical security controls aligned
to SANS CIS Critical Security
Controls and certified under
CyberEssentials+ scheme
• Full suite of awareness activities
• Agreed Information Security
Strategy & Technical Security
Roadmap
• Information security and data
protection policies in place
• Scheduled internal phishing
campaigns
• Mimecast intercepts potentially
harmful emails
• Monitoring of emerging
cyber threats
• Information security incident
management procedures in place
83
