Cyber Security and Data Protection
Supporting the SDGs Goals

Goals and Performance Highlights
Goals
- Personal data is protected from leakage, and measures are in place to prevent cyber threats.
Management Approach and Value Creation

Cybersecurity Governance Structure
The company has established a governance structure for cybersecurity and personal data protection under the oversight of the Board of Directors and relevant committees, such as the Risk Management Committee, Audit Committee, and Corporate Governance and Sustainability Committee. This ensures that the company’s operations comply with applicable laws, international standards, and good corporate governance practices.

Cybersecurity Management
The company places strong importance on information security management to protect its technology systems and critical organizational data from cyber threats. The company has established an Information Security Policy and clear guidelines to ensure appropriate management of access rights to information systems, based on employees’ roles and responsibilities.
In addition, the company continuously monitors and assesses potential cyber threats, while strengthening its information technology security systems and measures in line with international standards. These efforts help ensure that business operations can continue securely and efficiently.

Security Testing
To strengthen the security of its information systems, the company regularly conducts security testing and assessments of its IT infrastructure. These include Vulnerability Assessments and Penetration Testing to identify potential weaknesses that may lead to security risks.
The results of these assessments are analyzed and used to continuously improve the company’s security measures, enhancing its ability to prevent, detect, and respond to cyber threats effectively.

Customer Data Protection
The company places strong importance on the protection of personal data of its customers, business partners, and employees. Personal data is managed in compliance with relevant laws and regulations, including the Personal Data Protection Act B.E. 2562 (PDPA).
The company has established appropriate measures to control data access, storage, and usage, along with clear guidelines to ensure that personal data is handled in a transparent and fair manner. These practices help safeguard the rights of data owners while strengthening trust among customers and stakeholders.