Cybersecurity & AI Governance

The Company has implemented an Information and Cybersecurity Policy aligned with ISO/IEC 27001, covering both Information Technology (IT) and Operational Technology (OT) systems. Oversight is provided by the Global Information Security Officer (GISO) and the Information Security Management System (ISMS) Committee to ensure consistent policy enforcement and risk management across all business functions.

To further enhance digital governance, the Company introduced an AI Governance Policy outlining the ethical and responsible use of AI. Additionally, the launch of the Security Behavior and Cultural Program (SBCP) fosters a security-conscious culture across the organization. Looking ahead, the Company continues to strengthen cybersecurity and AI governance through 3 key areas:
1. Responsible AI Governance: Deployment of an AI Governance Policy with clear principles for the ethical and responsible use of AI technologies across business operations.
2. Unified Digital Governance Framework: Establishment of a unified governance framework that integrates IT, OT, and AI technologies under s single oversight structure.
3. Adoption of Global Standards: Implementation of the latest international standards, including ISO 42001:2023 AI Management System (AIMS) and ISO27001:2022 Information Security Management System (ISMS)

Together, these initiatives reflect Banpu’s commitment to building a resilient, secure, and ethically digital governance in support of long-term business sustainability.