This is Gold Fields 
Information, Communication and Technology (ICT)
Gold Fields prioritises robust ICT governance, guided by its ICT Charter and overseen by its Audit Committee together with the Risk Committee. We have made significant strides in mitigating cyber risks, as shown by our improved risk ranking from 10th to 14th in our 2023-2024 risk register. This highlights the successful implementation of proactive risk management and mitigation practices and strengthened controls.
The Vice President and Group Head of ICT (CIO) leads the implementation of ICT governance procedures aligning with our ICT Charter and reporting regularly to the Audit Committee.
Our comprehensive ICT governance framework, adhering to the Control Objectives for Information Technology (COBIT), NIST Cybersecurity Framework (CSF) 2.0, and CIS Critical Security Controls, ensures the maturity and effectiveness of our processes. We have established formal policies and procedures to address ICT risks across the company globally.
Recognising the risk of escalating global cyber threats, cybersecurity remains at the top of our ICT governance and risk agenda. We are committed to protecting critical operations, sensitive data, and infrastructure from cybercriminals.
Gold Fields has consistently maintained its ISO 27001 certification, recently transitioning to the latest 2022 version. We work to uphold a robust information security posture. Furthermore, we have implemented advanced cybersecurity monitoring platforms to safeguard our critical infrastructure
Our proactive approach includes regular security assessments, penetration testing and a fully integrated Security Operations Centre operating 24/7. We remain vigilant in adapting and enhancing our defences to counter evolving cyber threats.
Information security is a core element of our overall business strategy, and we are committed to protecting our assets and maintaining the trust of our stakeholders.
