Constance Hotels Services Limited | Annual Report 2025

First page Previous page 64 Next page Last page

125 ANNUAL REPORT 2025

Intelligent Guest Experience

Patch and Vulnerability Management

By combining innovation with strong governance and cybersecurity, the Company is building a secure and intelligent digital ecosystem that supports sustainable growth while maintaining the trust of guests and stakeholders.

Charters, Codes and Policies were reviewed and is ongoing, as part of CHSL’s governance review exercise and were approved by the respective Committees before being submitted to the Board for approval. This review formed part of a periodic governance reassessment that was due in 2025. The Organisational Chart, Statement of Major Accountabilities, and Position Statements of Key Senior Governance Positions are monitored on an ongoing basis and remain subject to periodic review to ensure continued alignment with the Company’s governance framework and operational requirements.

One of the Company’s flagship digital initiatives is the development of a unified and intelligent guest experience platform. The platform provides: – A single digital view of guest activity and itineraries – Automated guest communications before and during the stay – Digital services such as spa, restaurant, and golf bookings – Personalised offers and targeted upselling opportunities – Integrated operational workflows for hotel teams

Effective patch management is a critical component of the Company’s cybersecurity strategy. A modern automated patch management system has been deployed across the IT environment to ensure timely installation of security updates for operating systems and applications.

7.5. Charters, Policies and Codes Overview

This proactive approach:

– Reduces exposure to cybersecurity vulnerabilities – Improves system stability and reliability – Supports compliance with international security standards – Minimises the risk of service disruptions By maintaining up-to-date systems, the Company significantly reduces potential attack surfaces across its infrastructure. Advancing ISO 27001 Information Security Management During the year under review, the Company continued its journey toward strengthening its Information Security Management System (ISMS), aligned with the ISO/IEC 27001 international standard.

The documents listed in the following table, approved by the Board on the recommendation of the relevant Committees, are applied throughout CHSL. During the year under review, a few

This platform enhances guest engagement while improving coordination between resort departments.

Data-Driven Guest Engagement

Charters

Policies

The Company is also implementing advanced customer relationship management capabilities through integrated digital platforms that support:

Board of Directors

– Anti-Money Laundering and Combating the Financing of Terrorism & Proliferation – Anti-Trust – CCTV (Closed Circuit Television) – Conflicts of Interest and Related-Party Transactions ◊ – Contract Management

– Board of Directors’ Charter ☼

▪ Director Letter of Appointment ▪ Board and Director Self-Evaluation Questionnaire ▪ Board Committees Self-Evaluation Questionnaires ▪ Board of Directors and Key Executives Succession Planning ▪ Board Strategic Plan Audit and Risk Management – Audit and Risk Management Committee Charter ☼ – Internal Audit Charter – Information Technology Steering Committee Charter Corporate Governance – Corporate Governance Committee Charter ☼ – Compliance Charter ▪ Compliance Officer Handbook ▪ Compliance Officer Accountabilities ▪ Compliance Officer Professional Standards and Guidelines – Data Protection Steering Committee Charter – Sustainability Charter – Fondation Constance Charter Nomination and Remuneration – Nomination and Remuneration Committee Charter ☼ ▪ Nomination and Appointment Process ☼ Board Committees

– Guest 360° profiles – Personalised marketing campaigns – Loyalty management systems – Partner and travel agent portals – Data-driven marketing automation

– Cookie & Privacy Policy ☼ – Corporate Sustainability – Data Protection – Dividend – Donations – Equal Opportunity – Gift – IT Information Security ◊

The implementation programme covers a comprehensive set of controls addressing:

These capabilities enable the Company to deliver more personalised guest experiences while strengthening long-term guest relationships.

– Organisational governance – Personnel security – Physical security – Technological safeguards

Responsible Use of Artificial Intelligence

– Nomination – Procurement – Remuneration – Risk Management – Share Dealing – Social Media Use

As generative AI technologies become more widely adopted, the Company continues to monitor their use across the organisation to ensure responsible implementation. Policies and governance mechanisms are being introduced to ensure that only approved AI platforms are used, thereby protecting sensitive corporate and guest information.

Key milestones include the development of a structured risk register, implementation of security controls across operational environments, and the establishment of internal audit processes to monitor ISMS performance.

Codes

Digital Transformation and Artificial Intelligence

Future Initiatives

– Code of Ethics and Conduct for Employees ◊ – Code of Ethics and Conduct for Directors ◊ – Code of Ethics and Conduct for Business Partners – IT Code of Practice ◊

In parallel with strengthening cybersecurity, the Company continues to invest in digital platforms that enhance the guest journey and improve operational efficiency. Artificial intelligence and automation technologies are increasingly integrated into business processes across the organisation.

Technology will continue to play a defining role in the future of the Company.

Future initiatives will focus on: