First Gen’s intellectual capital is composed of the following: intellectual properties and programs; organizational knowledge acquired from employee training, webinars, and operation; and systems and processes initiated and implemented for the continuous improvement of the Company and its operating assets. These capitals are essential in maintaining First Gen’s competitiveness and helping the Company adapt to the dynamic and changing business environment. As a result, First Gen invested in digital solutions to effectively and efficiently carry out its business processes while maintaining reliable and secured data and information. These solutions helped maintain communication, collaboration, approvals, and flow of information in First Gen and concerned external stakeholders both in the office setting and work-from-home arrangement.
Even at the height of the pandemic, First Gen managed to secure its ISO 9001:2015 Quality Management System certification after a rigorous recertification audit in December 2020. Risks related to intellectual capital such as information security risk and information technology risk were assessed, and mitigations were developed and implemented. Management recognized that future work and talent trends will entail further digitalization, worker mobility, and remote work arrangements.
“Management recognized that future work and talent trends will entail further digitalization, worker mobility, and remote work arrangements.”
Thus, the Company provided the following to ensure employee productivity in the new work environment:
Access to data and information by providing all the necessary communications tools (i.e., mobile phones and laptops) and internet connectivity;
Appropriate digital solutions and platforms for reporting, collaboration, information dissemination, and approvals;
A strengthened information security management system; and
New work protocols considering the current situation such as return-to-work guidelines and remote internal and third-party auditing.
First Gen continuously adopted best practices in the energy industry to operate and manage its assets. The Company maintained and disseminated procedures and guidelines to help the employees in its systematic implementation.
As improvements in the processes take effect, these references are updated and made available to all employees through the Company’s portals and dashboards.
The Information Technology Governance Council (ITGC) is responsible for prioritizing and approving information technology (IT) investments and projects. The ITGC also ensures the effective delivery of IT value and that the benefits align with Company priorities. The IT Group is responsible for the acquisition or development, dissemination, and implementation of IT solutions, projects, and policies. The group is also responsible for the Company’s legal and regulatory compliance on:
Software licenses - ensuring that the Company only uses licensed software.
Data Privacy Act (DPA) – ensuring that all agreements and contracts with external parties contain appropriate DPA disclosures.
Information security (Infosec) – ensuring that all IT initiatives go through socialization and health-check with corporate Infosec unit.
COMPANY’S INVESTMENT IN DIGITALIZATION
The Company invested in new IT solutions to ensure that the business deliverables, processes, and collaboration are implemented effectively in the work-from-home arrangement. This investment enabled the IT group to implement appropriate platforms and solutions employees can utilize.
In 2020, First Gen invested PHP273.7 million for the new technology solutions adapted and implemented to enhance business operations, data security, remote configurations, health and safety, communication, collaboration, and approval.
| OPERATIONS | |
|---|---|
| Power Economics and Power Trading Data Warehouse | A solution that: (1) provides a single repository of all Power Economics and Power Trading data, e.g., a single source of truth; (2) automates and improves data ingestion and data transformation processes; and (3) automates and improves operational and ad-hoc data and report generation. |
| IBM Maximo | An enterprise asset management solution for maintaining and operating all assets of EDC with modules on work planning & scheduling, purchasing, inventory, and monitoring and tracking of asset locations. |
| Asset Strategy Optimization (ASO) | A system used to perform the basic risk-based processes following the Reliability Centered Maintenance (RCM) strategy applicable to all of EDC's facility assets. |
| DATA SECURITY | |
| Menlo Security | A solution that eliminates all web and email security risks through isolation and works by moving the web browsing processes. |
| REMOTE PROCESSING | |
|
Desktop Central and True Stack (Unified Endpoint Management tools) |
A set of endpoint management tools used to provide remote IT support in the work-from-home setup. |
| HEALTH AND SAFETY | |
| Advanced Social Distancing (ASD) System | A system that actively promotes social distancing among individuals who are working together using card tags that have visual, audible, and vibration alerts upon close contact. |
| Nisoft Eclipse 3 | An integrated safety management system configured to align with EDC's new safety rule system. |
| COMMUNICATIONS / COLLABORATION | |
| DocuSign eSignature | A platform that automates and streamlines the way First Gen and other FPH subsidiaries send, sign, and manage agreements, contracts, and other documents. |
| KissFlow | A cloud-based forms automation solution that automates business processes and tracks performance. The system allows online logging, routing, approval, and monitoring that can cut the turnaround time of processed documents. |
| Slack | A channel-based communication and messaging platform where employees can work together more effectively and find the information they need to do their work. |
| Zoom | A cloud-based video communications application that allows employees to set up virtual video and audio conferencing, webinars, live chats, screen-sharing, and other collaborative capabilities. |
“First Gen developed the Information Security Program to safeguard its information assets, information systems, and industrial control systems.”
The Company continues to evaluate various technologies, for both power generation and related applications, to support a decarbonized and regenerative future.
COMPANY’S INVESTMENT IN INFORMATION SECURITY
First Gen is committed to observing the data protection laws and regulations in all the jurisdictions the Company conducts its business in. It developed the Information Security Program (ISP Program) to safeguard its information assets, information systems, and industrial control systems. The ISP Program, which covers cybersecurity, is designed to enable current and new business and technology initiatives while maintaining a relentless focus on protecting the First Gen and its operations.
First Gen is guided by its Information Security Management System (ISMS), which is essential in maximizing the value of the Company’s information security-enabled business investments and in protecting its information assets, information processing facilities, and connected services. The ISMS provides directives ensuring information security strategies, plans, and programs are aligned and consistent with the Company’s business objectives.
First Gen’s Information Security Governance Committee (ISGC) oversees the following information security governance responsibilities:
Align information security strategy with the information technology (IT) and operational technology strategy according to business objectives;
Require business case studies of security projects and assess the value of security- enabled programs and initiatives;
Create a post-project review of information security projects and initiatives;
Maximize IT or operational technology resources for information security-related programs, projects, and initiatives;
Develop information security plans and strategies for technology-related program integration; and
Integrate information security standards with project life cycle management.
First Gen implements the ISP Program through the following capabilities, processes, controls, and technology solutions:
Governance and Controls
The evolving technology landscape also presents an increase in complex cybersecurity threats. It is critical for the Company to effectively govern existing and emerging risks in a systematic manner consistent with the risk appetite and tolerance of the Company’s Senior Management and Board of Directors. Governance and Controls provides the framework and capabilities to achieve that objective.
Information Technology and Operational Technology Cybersecurity
The Infosec team, together with the IT and Technical Services teams, covers the function to build, enhance, and sustain strategic cybersecurity controls to detect and defend the organization against cybersecurity threats and attacks.
Identity and Access Management
This program implements access standards and controls across First Gen’s infrastructure and applications. These controls authenticate users, permit authorized access, maintain segregation of duties, and ensure timely changes through on- boarding, termination, or transfer processes.
Training and Awareness
Regularly conducting Information Security Training and Awareness ensures that all employees know their respective responsibilities in protecting the organization’s information assets.
Moreover, First Gen intends to have: a) a network security service to oversee and administer the Company’s security processes and assets; b) a system detailing the level of protection needed to secure organization data; and c) an information asset inventory detailing the level of protection needed to secure organizational data. The Company also intends to a) raise consciousness among users on the potential information threats that might put the Company's data at risk; b) restrict privileged access and permission; c) review the security weaknesses in the Company’s computer networks, systems, hardware, applications, and other parts of the IT and operational technology infrastructures; and d) establish an overall combination of the framework, high-level and low-level policies, standards, guidelines, and procedures for tackling security risks in the organization, with the main focus of ensuring business continuity by minimizing all security risks to information assets, IT, and operational technology, and limit security breach impacts to a bare minimum.