BUSINESS OPERATION AND PERFORMANCE CORPORATE GOVERNANCE FINANCIAL REPORTS AND FINANCIAL STATEMENTS APPENDIX Operation Level - Comprising the operation relating to information supervision, giving supporting, analyzing, evaluating, controlling information access, prioritizing importance of each information. Information problem solving, controlling information quality and security in case there is a change of and to comply with information supervision standard, policy and framework, following indicators and being responsible and performing duties of operational officers. Furthermore, in supervising organization information, the Company has executed the following actions: Data Governance Framework: referencing the DAMA International’s Data Management Body of Knowledge (DAMA-DMBOK) standard to allow the information supervision working team being able to push forward and use as working framework for information supervising, including monitoring information management to ensure that it is transparent, create confidence in operating the business, verifiable and result in quality, security and full integration of information, as well as allowing information which is important to the company to be managed correctly in accordance with the life-cycle framework of information. Specifying confidential ity level and security maintenance of the Company’s information to ensure that the management of important information of the Company are being carried out orderly, concisely, systematically and in accordance with the PDPA with an objective to put in place policy and confidential maintain of the Company’s information. (3) Integrated Operation for Corporate Governance, Risks Management and Internal Control and Supervision of Operation to be in Compliance with the Laws, Rules and Regulations (Integrated GRC) GC placed importance on the integration of corporate governance, risk management and internal control and compliance with laws, rules and regulations or GRC to support the satisfaction of business objectives effectively while being transparent and verifiable and lessen the risks that may affect the business. GC has created working team responsible for driving GRC forward involving departments and working teams and allowing their full participation in establishing system and providing advice, suggestion, improvement and guidelines in accordance with GRC integration principles covering all group companies including subsidiaries. The working team responsible for GRC operation can by divided into four (4) working units consisting of (i) People and Communication, (ii) Process, (iii) Technology and (iv) Subsidiary, and work through the Integrated GRC Dashboard. GC has promoted understanding and perception on Integrated GRC among Executive and employees of the Company and GC Group subsidiaries through various communication channels, in order to serve as concrete and effective guideline. It has also made such communication from Executives to employees (tone at the top) through the Company’s CEO Townhall activity. Due to COVID-19 situation, the working format has been changed and the Company has adjusted ways to better communicate to employees by holding Integrated GRC (UP e-Learning) training to the Company’s employees and subsidiaries so they understand the main principles and connection of GRC work, Control Self-assessment & Compliance Universe workshop to process owner of the Company and group companies which are subsidiaries so that they can identify and connect risks and evaluate the adequacy of internal control systems involving operation, reporting and compliance control at the operation level, as well as preparing GRC e-Newsletter and GRC Health Check to assess the perception, understanding and effectiveness of adopting the GRC for use within the Company and group companies which are subsidiaries. As for the Process work unit, the GRC team has created FiT Project which serves as Subject Matter Expert (SME) and helped considering and providing advice on GRC related issues to initiatives of the Workstream, as well as participated in determining counter measures to resolve the risks found in the detailed study phase prior to the initiatives’ proposal for further approval. Under the situation with constantly occurring new challenges, GC keeps aiming to improve the integrated GRC continuously to create connection of operation between the GRC working teams and to use the same database in order to concretely lessen the redundancy of work and providing chances for Executive and employee to acquire work experiences so to have capacity to support the growth of the Company together alongside cultivation of desirable working culture in accordance with the integrated GRC, ultimately to build confidence among the Company’s stakeholders. 131