Due to digitalization, information technology has been evolving to facilitate cloud storage. On the other hand, the risk for cybersecurity threat becomes significantly higher. IT system disruption and data breaches, especially customer data can severely damage the Company in terms of finance, reputation, and customer trust. Therefore, it is crucial for the Company to have a preventive policy in place to ensure business continuity.
The Company used the “ISO/IEC 27001 Information Security Management” as a guideline for developing the Information technology and Cybersecurity Policy which is applied across the entire organization. Leaks of company data and cyber-attack on the Company’s database are considered as one of emerging risks. Therefore, cybersecurity is built into enterprise risk management. The audit committee takes responsibility to oversee cybersecurity issues, focusing on regulatory compliance and risk management associated with the digital technology utilization. Furthermore, the Company conducts the Disaster Recovery Plan (DRP) exercise annually for the Company’s critical data, namely financial data and enterprise documents. The effectiveness of response plan is then accessed by the third party as a part of the business continuity management system certification.
Download Global Information Security Officer (GISO) Appointment (PDF)