MANAGEMENT APPROACH Oversight and Responsibilities Sands’ board of directors and the company’s cybersecurity and privacy steering committee are responsible for overseeing our information security program. The board oversees the company’s management of information security risks through its audit committee. The cybersecurity and privacy steering committee is a multidisciplinary executive governance body that manages the information security program. It is responsible for the program’s design, implementation, maintenance and enforcement, as well as reporting on activities to senior leadership. In addition, the chief security officer oversees, directs and leads all security initiatives and operations across the company, including executive protection, cybersecurity, physical security, privacy and fraud prevention. Policies • Global Privacy Policy • Confidential Information Policy Targets and Commitments We are committed to protecting the privacy and personal information of our guests and Team Members. Our information security management system, including global cybersecurity operations and vulnerability management, is ISO 27001:2013 certified. Strategy Through policies and standard operating procedures, the company implements appropriate administrative, technical and physical safeguards that are aligned with operational directives. Training and Communications All Team Members are introduced to our information security and cybersecurity policies and procedures at their company orientation and participate in subsequent annual training covering data loss prevention, mobile device security and the IT Acceptable Use Policy. We also provide additional documentation to assist Team Members in implementing and maintaining the information security program, such as guidelines, playbooks, training materials, guidance documents, instruction manuals, and education and awareness communications. Evaluation and Adjustments We assess, test and monitor the effectiveness and suitability of the information security program’s safeguards on a routine basis and adjust the program as appropriate to address material changes to the company’s operations and business plans, or other circumstances that may have a material impact on the effectiveness and suitability of the program. Customer Privacy 2022 Customer privacy breaches reported 4 Customer privacy breaches reviewed 4 Customer privacy breaches under investigation 0 Substantiated complaints concerning customer privacy (received from outside parties) 1 Substantiated complaints concerning customer privacy (received from regulatory bodies) 0 Cybersecurity Incidents 2022 Information security/cybersecurity incidents 0 Data breaches 2 Customers/employees affected by breach 166 Fines/penalties paid in relation to information security breaches or other cybersecurity incident $0 PR I VACY AND CYBERSECUR I T Y APPENDIX GOVERNANCE SOCIAL ENVIRONMENT OUR PERFORMANCE INTRODUCTION OUR STRATEGY 83 CLOSING
RkJQdWJsaXNoZXIy MTYzNzU=