Data Privacy & Cybersecurity

Governance > Data Privacy & Cybersecurity

Data Privacy & Cybersecurity

Significance & Commitment

Due to digitalization, information technology has been evolving to facilitate cloud storage. On the other hand, the risk for cybersecurity threat becomes significantly higher. IT system disruption and data breaches, especially customer data can severely damage the Company in terms of finance, reputation, and customer trust. Therefore, it is crucial for the Company to have a preventive policy in place to ensure business continuity.

Management Approach

The Company used the “ISO/IEC 27001 Information Security Management” as a guideline for developing the Information technology and Cybersecurity Policy which is applied across the entire organization. Leaks of company data and cyber-attack on the Company’s database are considered as one of emerging risks. Therefore, cybersecurity is built into enterprise risk management. The audit committee takes responsibility to oversee cybersecurity issues, focusing on regulatory compliance and risk management associated with the digital technology utilization. Furthermore, the Company conducts the Disaster Recovery Plan (DRP) exercise annually for the Company’s critical data, namely financial data and enterprise documents. The effectiveness of response plan is then accessed by the third party as a part of the business continuity management system certification.

To ensure transparency, privacy, and the protection of all information, the Company, at the same time, has implemented the privacy policy to define the purpose of data collection, disclosure of information, and security of personal data. This is to ensure data protection to any persons disclosing their personal information to the Company, especially customers and the business partners. The Company has built the awareness of employees to be aware of cybersecurity and incident caused by cybercriminals, including employee’s role in protecting information assets stored in the Company own-commuter through various channels. Cybersecurity awareness is included in the orientation of new employees, and cybersecurity news is also regularly communicated to all employees via email.

Year in Review

In 2023, the Company has undertaken significant initiatives to enhance cybersecurity supervision. Among the important initiatives, Cyber-Physical System (CPS) Strengthening stands out as a key strategy. This approach involves a detailed cybersecurity assessment conducted in collaboration with the power business, leveraging external experts to ensure compliance with safety guidelines applicable to both information technology and operational technology. The insights gained from this assessment are used for the enhancement of people, process, and technology, ensuring a robust defense mechanism against potential cyber threats.

In addition, the Company has recently launched a Self-Hacking by White Hackers program. This initiative engages skilled, ethical hackers to identify vulnerabilities within the applications that the Company relies on. This proactive approach allows us to address and rectify security weaknesses promptly, ensuring the resilience of the digital assets. The outcomes of this program will enhance the Company’s quality assurance process, ensuring comprehensive coverage across all aspects of operations and aligning with the modern work practices.