We incorporate security and human rights management into our ESG strategy and plans and operational activities and abide by the Voluntary Principles on Security and Human Rights (VPs).
Guided by the ISO 31000 risk assessment process, we have assessed the implementation of baseline security risk standards and risk levels for our projects against security risk assessment models recognized by the international security industry, as well as elements set by international security experts, and formulated corresponding mitigation measures. We have formulated the Security and Human Rights Policy, the Guidelines on the Principles of the Use of Security Force Overseas, the Guidelines on Security Facilities and Security Forces for Overseas Projects, and other security management policies, baseline security standards, and crisis management plans.
We use media monitoring and risk intelligence platforms to collect, process, analyze, and generate risk intelligence. We issue timely security risk alerts to employees based at our overseas projects, as well as employees on international business trips, and carry out travel risk management. At the same time, such information also provides objective and credible benchmarks for the design of security systems, and viable intelligence for management decisions.
The project security risk assessment (SRA) is a comprehensive assessment of assets, threats, risks, and security weaknesses of the project site. Based on the implementation of the baseline security standards, the SRA will identify the special risks faced by a specific project and the weaknesses in the existing PPS. The SRA will determine the priorities of the risks to be addressed, give risk mitigation advice, and put in place extra security measures, to minimize risks faced by the project.
The SRA process shall be guided by ISO 31,000 and carried out according to the security risk assessment model recognized by the international security industry and the elements specified by international security experts. The assessment is conducted by personnel or security providers with professional qualifications.
All overseas subsidiaries whose security work is led by Zijin shall follow the following project security risk assessment process:
We regularly conduct internal audits and on-site inspections to assess the compliance and implementation of security policies and related regulations by our subsidiaries. In the audit process, on-site security inspection may be conducted where conditions allow based on the actual risk levels and priorities.
The process and frequency of on-site inspections shall be based on the level of the threats and risks faced by the sites. Projects in moderate- and high-risk countries/regions shall be inspected every month. We will carry out regular inspections of security personnel, processes, and equipment, and record non-compliance with regulations/standards. The following content shall be recorded in the inspection report: