By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
Cookies Settings
Data Privacy & Cybersecurity


Due to digitalization, information technology has been evolving to facilitate cloud storage. On the other hand, the risk for cybersecurity threat becomes significantly higher. IT system disruption and data breaches, especially customer data can severely damage the Company in terms of finance, reputation, and customer trust. Therefore, it is crucial for the Company to have a preventive policy in place to ensure business continuity.

Management Approach

The Company used the “ISO/IEC 27001 Information Security Management” as a guideline for developing the Information technology and Cybersecurity Policy which is applied across the entire organization. Leaks of company data and cyber-attack on the Company’s database are considered as one of emerging risks. Therefore, cybersecurity is built into enterprise risk management. The audit committee takes responsibility to oversee cybersecurity issues, focusing on regulatory compliance and risk management associated with the digital technology utilization. Furthermore, the Company conducts the Disaster Recovery Plan (DRP) exercise annually for the Company’s critical data, namely financial data and enterprise documents. The effectiveness of response plan is then accessed by the third party as a part of the business continuity management system certification.

To ensure transparency, privacy, and the protection of all information, the Company, at the same time, has implemented the privacy policy to define the purpose of data collection, disclosure of information, and security of personal data. This is to ensure data protection to any persons disclosing their personal information to the Company, especially customers and the business partners. The Company has built the awareness of employees to be aware of cybersecurity and incident caused by cybercriminals, including employee’s role in protecting information assets stored in the Company own-commuter through various channels. Cybersecurity awareness is included in the orientation of new employees, and cybersecurity news is also regularly communicated to all employees via email.

Download Global Information Security Officer (GISO) Appointment (PDF)

Download Information & Cybersecurity Policy

© 2024 บริษัท บ้านปู จำกัด (มหาชน) | Banpu Public Company Limited. All rights reserved.