By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
Cookies Settings
Data Privacy & Cybersecurity

 

 

 

 

Significance & Commitment

The Company is committed to safeguarding confidentiality, integrity, and availability of information. This commitment is supported by a robust governance framework and effective risk management that aligns with international standards and regulatory requirements. Data protection is integral to the strategy to ensure business continuity and alignment with future business directions.

Management Approach

The Company announced the Information and Cybersecurity Policy, which draws upon the ISO/IEC 27001 framework. This policy marks a significant step in weaving cybersecurity management seamlessly into enterprise risk management. To ensure cybersecurity is effectively managed, we have appointed a Global Information Security Officer (GISO) to oversee data privacy and cybersecurity strategy across the organization. This comprehensive approach extends to both Information Technology (IT) and Operational Technology (OT), with a focus on ongoing vulnerability identification, third-party risk management, and cybersecurity awareness. In addition, the Information Security Management System (ISMS) Committee has been established to ensure that related policies and practices are consistently implemented across business functions.

At the board level, cybersecurity is overseen by 2 dedicated board-level committees: the Audit Committee and ESG Committee.
Audit Committee – Oversees the integrity of internal controls, including cybersecurity and IT audit findings.
ESG Committee – Integrates information security into ESG reporting and sustainability goals.

At management level, cybersecurity responsibilities are under the supervision of the Sustainability Committee, which incorporates secure digital transformation into long-term business strategies. To support the Sustainability Committee, 2 sub-committees at management level have been established: Risk Management Committee and Business Continuity Management Committee.
Risk Management Committee – Evaluates cyber risks and ensures mitigation measures are in place across business units.
Business Continuity Management Committee – Ensures cyber resilience and readiness to respond to disruptive events.

Additionally, the Company conducts an annual Disaster Recovery Plan (DRP) exercise, focusing on critical data such as financial and enterprise documents, with the effectiveness of the response plan assessed by a third party as part of the business continuity management system certification.

To further strengthen digital governance, we have appointed a senior executive with a dedicated mandate for Global Enterprise Architecture and Cybersecurity. This role collaborates closely with GISO and Digital Management Team to enhance cyber resilience and ensure alignment with international standards.

In line with the evolving scope of the Information Security Management System, we conduct both internal and third-party audits annually, including certification under ISO/IEC 27001:2022. This continuous assurance process not only validates the effectiveness of our cybersecurity framework but also reinforces our commitment to strong digital governance, regulatory compliance, and stakeholder trust. By embedding internationally recognized standards into our operations, we demonstrate transparency, resilience, and proactive risk management.

In addition, the Company emphasizes security and privacy risk management concerning third-party engagements while also intensifying cybersecurity awareness efforts to prevent threats arising from evolving technologies.

Download Global Information Security Officer (GISO) Appointment (PDF)

Download Information & Cybersecurity Policy

Download Artificial Intelligence Policy

© 2025 บริษัท บ้านปู จำกัด (มหาชน) | Banpu Public Company Limited. All rights reserved.