Intellectual Capital Performance

Intensifying Data and Information Security
Through Digitalization

First Gen manages its information and technology infrastructure in a secure and effective manner, combined with industry comprehension, organizational systems, specialized skills, and expertise. Our processes and systems continue to shift towards digital interfaces and automation, which directly impacts security of data and information and the effective carry-out and monitoring of work deliverables with our hybrid ways of working.

Threats and vulnerabilities were determined through risk assessments done annually. Several solutions and programs that would address these threats and improve our business operations were implemented. Our Information Technology Governance Council (ITGC) is responsible for prioritizing and approving information technology investments and projects. The ITGC also ensures the effective delivery of IT value and the alignment of these benefits with Company priorities. The IT Group is responsible for the acquisition, development, dissemination, and implementation of IT solutions, projects, and policies. It is also responsible for employing solutions based on business needs, best-fit practices, and technological innovations.

First Gen invested USD6.4 million for digitalization and automation, cyber, and information security, with the 15.6 percent increase from the USD5.4 million investment in 2022.

Our information security processes and programs are governed by our Information Security Governance Committee (ISGC) headed by our Chief Information Security Officer. The ISGC provides the senior management an assurance that information security direction and intent are reflected in the security posture of the organization by utilizing a structured approach to implementing an information security program. Anchoring from our Information Security Policy approved in 2019, 24 new processes and procedures were initiated to intensify our information security: infosec awareness, phishing mindfulness, use of removable media, InfoSec incident management, infosec security management, network access control, firewall, password and IT security. With the influx of Internet of Thing (IoT) devices, our IT Group governs IoT devices to help ensure that these meet technology/security standards; and implemented creation of inventory, patching/updating, and monitoring. To mitigate the incursion of artificial intelligence (AI) tools/applications, several awareness campaigns were conducted to employees, InfoSec and IT policies developed and maintained, and continued consultations with industry experts. Moreover, we established our Information Security Management System (ISMS) through the strategy below.

Programs implemented through our ISMS include InfoSec awareness program, online assessment, online training including our third party partners, phishing test campaign, awareness ecards and logs, advisories and Infosec month celebration. Infosec assessments include vulnerability assessment and penetration testing, the software and hardware we utilize, and our processes.

To further strengthen security and data privacy, we started the Phase 1 implementation of the Records Management System. Information within First Gen is classified as either restricted, confidential, internal use, or public. All information outside of the public domain is considered sensitive information and covered by the Information Security Policy. As a primary means of sharing sensitive information with contractors and partners, contracts and other forms or agreements with our contractors and partners are covered by non-disclosure agreements. First Gen also values the confidentiality of personal data. Thus, a Privacy Notice posted on our website details how the Company uses and protects personal data in accordance with the Data Privacy Act of 2012 (DPA), its IRR, other issuances of theNational Privacy Commission (NPC), and other relevant laws of the Philippines. This Privacy Notice can be accessed through this link: https://www.firstgen.com.ph/privacy . There was no data breach or violation of informational privacy rights or any other violation of the DPA cited.

Improving Our Organizational Processes

First Gen maintains three management systems:

Quality Management System, which is certified to ISO 9001:2015,
Environmental Management System, in reference with ISO 14001:2015, and
Occupational Health and Safety Management, in reference with ISO 45001:2018.

Our processes to support the effective implementation of our business operations are based on our Quality Policy. Meanwhile, our other processes and programs to support our objective of providing a safe workplace to employees and protection of the environment are based on our Environment, Safety, and Health (ESH) Policy.

All the subsidiaries of First Gen implement their own Integrated Management Systems certified to various ISO standards. To preserve and utilize our organizational knowledge and expertise in operating our plants, these processes are documented. In 2023, the Records Management System was implemented to centralize the maintenance of our documents and records. To verify compliance with the standards and effectiveness of process implementation, internal audits by the respective companies were conducted and corporate audits were performed by the First Gen Head Office to ensure alignment of operating sites’ processes with the corporate standards. Meanwhile, third party audits were executed by the certifying bodies to validate and verify conformance to the standards.

Our processes are maintained and improved to support our mission to decarbonize and regenerate. Through our management systems, we mitigate the business risks as well as the environmental, safety, and health risks identified and ensure that we meet the legal and regulatory requirements applicable to our industry and operations and the needs and expectations of our stakeholders. First Gen’s management of our systems and alignment with sustainable processes and practices enable us to conduct efficient and safe operations. These operations ensure reliable power for our customers, comply with regulatory requirements, preserve the environment, and allow us to maintain good relationships with the community.

Our Decarbonization
Initiatives

We continue to implement programs and solutions to guarantee the minimal emissions of our plant operations through energy efficiency programs such as the use of electric-driven vehicles, the use of solar installed sources of household power at plant sites, and better management of fugitive emissions through the use of emission monitoring systems. Aligned with our ambition to reach Net Zero, we further our existing programs by expanding our RE portfolio and optimizing our operations. We also continue to scout new technologies to make way for decarbonization without compromising energy stability. We explore the use of nature-based solutions and storage technology and delve into the possibility of hydrogen to supplement natural gas and carbon capture.

Internally, we do not only dwell on exploring new technologies for decarbonization but also on upskilling our people and enjoining society to be one with our aim. In 2023, First Gen joined the FPH-wide capability building Scope 3 GHG Emissions and relevant ESG standards such as SASB. These are all preparations geared towards the execution of our programs for achieving our Net-Zero Goal.

SUMMARY OF OUR INTELLECTUAL PERFORMANCE, IMPACTS AND PLANS

STRATEGY PURSUED	WHERE WE PROGRESSED IN 2023	IMPACT MATERIALITY	FINANCIAL MATERIALITY	OUR PLANS
Enable the organization Creating stakeholder value	Entrenched digitalization to maintain a safe and reliable ISMS Capitalized in our processes, programs and promotions to uphold data and information security and privacy	The utilization of our intellectual capitals resulted to: Protection of our Company’s data security and stakeholders’ personal privacy Improved governance on our information management system Effective carry-out of our operations and utilization of other capitals through digitalization and reliable systems, and Building a culture of innovation and continuous improvement	The transformation of our culture to digitalization and tightening our security from cyberattacks affected the rise of cash flows but this investment has prevented us to greater cost that may arise from unreliable systems, and possible loss of data.	Aggressive awareness and campaigns on information and data security and system reliability Diligence in our research and monitoring on the development of technologies on hydrogen to replace natural gas and carbon capture that could potentially decarbonize power generation

STRATEGY
PURSUED

WHERE WE
PROGRESSED
IN 2023

IMPACT
MATERIALITY

FINANCIAL
MATERIALITY

OUR PLANS

Enable the organization
Creating stakeholder value

Entrenched digitalization to maintain a safe and reliable ISMS

Capitalized in our processes, programs and promotions to uphold data and information security and privacy

The utilization of our intellectual capitals resulted to:

Protection of our Company’s data security and stakeholders’ personal privacy
Improved governance on our information management system
Effective carry-out of our operations and utilization of other capitals through digitalization and reliable systems, and
Building a culture of innovation and continuous improvement

The transformation of our culture to digitalization and tightening our security from cyberattacks affected the rise of cash flows but this investment has prevented us to greater cost that may arise from unreliable systems, and possible loss of data.

Aggressive awareness and campaigns on information and data security and system reliability

Diligence in our research and monitoring on the development of technologies on hydrogen to replace natural gas and carbon capture that could potentially decarbonize power generation

Intellectual Capital Performance