Strengthening  Governance

 

We are a people-driven organization committed to health and wellness, reinforcing safety and well-  being especially during the pandemic.


 
nurturing-governance-banner

DMPI is committed to the highest standards of corporate governance and supports the principles advocated by the Philippine Stock Exchange and the Securities and Exchange Commission.

DMPI has a strong corporate governance structure that ensures that Management is accountable to the shareholders and stakeholders and operates in an ethical and responsible manner. The Company’s Board of Directors directs the long-term strategy of the Company, evaluates the performance of Management, reviews material issues, and provides guidance on matters relating to governance. 



 
PSE2

Preferred share listing in the PSE led by Director Edgardo M. Cruz Jr. and COO Luis F Alejandro

 

Ethics and Integrity

 

 

 

 

 

 

 

Del Monte Philippines Inc. (DMPI) is committed to the highest standards of corporate governance as it supports the principles of openness, integrity, and accountability advocated by the Philippine Stock Exchange, Inc. (PSE) and the Securities and Exchange Commission of the Philippines (SEC).

The Board of Directors and Management are committed to using their best endeavors to align the Company’s governance framework with the recommendations of the ASEAN Corporate Governance Scorecard and the SEC’s Philippine Code of Corporate Governance for Publicly Listed Companies.

DMPI has a manual on Corporate Governance that embodies the Company’s governance framework. The Company’s Board has approved DMPI’s policy with respect to related party transactions and interested party transactions, which have been implemented.

DMPI has an Interested Person Transactions policy, which prescribes the monitoring procedures and approval requirements for any transaction of the Company and its subsidiaries with any interested person such as a director, the Chief Executive Officer, any controlling shareholder, or associates of these persons.

The Company has a Code of Business Ethics which directors, management, and all employees abide by. All employees are required to provide information on related party and conflict of interest.

DMPI has a stringent policy against fraud and corruption. The Code of Business Ethics is supplemented by the Employee Code of Conduct and Supplier Code of Conduct, which guides employees and suppliers in making decisions every day.

Training on the Code of Business Ethics, and Employee Code of Conduct and Supplier Code of Conduct is part of the onboarding of new employees which includes conflict of interest, anti-corruption, fraud and related party.

The Company’s whistleblower line is accessible to employees, suppliers, customers and other third parties through a specified phone number. The whistleblower program is translated in the country’s regional dialects.

DMPI has a Business Continuity Plan (BCP), headed by the Chief Operating Officer to ensure continuous operations and supply of products to the market. The BCPs are reviewed annually to prevent threats and disruptions. The Company’s BCPs were implemented during the COVID-19 pandemic.

Del Monte performs internal audits to assess corporate, facility, and subsidiary processes to ensure compliance with policies and to mitigate risk of breaches, fraud, and both financial and reputational damage.

DMPI’s Internal Audit department identifies audit areas by reviewing external audits’ scope, process, and audit results as a basis of further audit, if required.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 
Governance 2

 

Data Protection, Privacy, and Cybersecurity

 

In this Information Age where data is considered the new currency, data protection, privacy, and cybersecurity have never been more important. As data processing evolves and companies increase their reliance on big data, the risks of data breaches and potential misuse of personal and sensitive information have become more apparent and, in many cases, have given rise to new laws and regulations worldwide.

In response to this challenge, the Company has strengthened its commitment to protecting the personal data of its various stakeholders, including its employees, shareholders, customers, contractors, business partners, and suppliers. The Company has adopted a Data Privacy Manual which codifies the Company’s commitment to ensuring the free flow of information to promote innovation and growth, and for the proper management of its businesses, while at the same time ensuring that the subject’s fundamental right to privacy is respected.

With evolving privacy laws and regulations, the Company needs to more carefully navigate the changing legal environment while remaining steadfast in its commitment to data privacy. The same applies to cybersecurity laws and regulations which have also become increasingly more complex. Companies can be subjected to fines, injunctions, government audits, and, in more serious cases, criminal liability.

In the Philippines, Del Monte implemented sets of guidelines and procedures based on its Information Security Manual that adopted the standards of Information Security Management System (ISMS) and principles of the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

DMPI upgraded its Email Exchange and Active Directory to the latest version, Implemented Sophos Endpoint Security with encryption, patching of critical servers from known high-risk vulnerabilities, implemented email security protocols, and upgrade of Cisco ISE version.

To protect DMPI’s network, email system, and endpoint devices from threats and exploits, the Company implemented a combination of network firewalls and FireEye’s Advanced Persistent Threat protection as its perimeter defenses.

The email system is protected by FireEye’s Email Threat Prevention system that safeguards against advanced, targeted, and other evasive attacks hiding in email traffic. Email security protocols are also implemented such as Sender Policy Framework (SPF), Domain-based Message Authentication, Reporting and Conformance (DMARC), and Domain Keys Identified Mail (DKIM) to provide added security and authentication against phishing and email spoofing attacks.

DMPI implements Cisco Identity Services Engine (ISE) to automate the management of security and network access policies for endpoint devices. Cisco ISE provides full visibility into everything connected to the network in real-time.

Coupled with the Cisco AnyConnect Secure Mobility Client, Cisco ISE scans devices trying to connect to the network for security-related compliance requirements including operating system, security settings, anti-virus, anti-malware, etc. Non-compliant devices are prevented from accessing the network even if proper user IDs and passwords are provided.

Endpoints are protected by Sophos Advanced Endpoint Security solution with detection and response capabilities. These solutions are superior in the category to traditional solutions that rely on signatures for malware detection, making them insufficient in detecting zero-day exploits which have no signatures in the existing malware database yet. Endpoint encryption is also implemented to strengthen data protection.

DMPI periodically conducts awareness to users and employees on threats and shares tips and reminders to avoid exploits and comply with best practices and standards.

IT regularly tests its firewalls at least once a month as part of network operations responsibility. Vulnerability Assessment and Penetration Testing is being done annually by a third party. The results are reported monthly between a managed IT operations partner and DMPI’s IT department. No material cybersecurity breaches were noted in FY22.

Internal Audit conducted a control self-assessment of DMPI’s back-up policy and procedures of individual user files excluding server files. The audit is part of the other components of Information Technology General Controls that the external auditor has not covered. IA’s review involves conducting surveys on regular employees and third party partners to determine appropriateness of its back-up policy and procedures related to individual user files.

Based on the audit results, Internal Audit secured approval from management to provide Box Cloud storage with unlimited size to department executive assistants of each major divisions.

 
>