SUSTAINABILITY REPORT 2020

Close
Home / 2020 Sustainability Report / ThaiBev Sustainability Approach
GRI 102-19, GRI 102-20, GRI 103-1, GRI 103-2, GRI 103-3, GRI 418-1
Information Technology and Cyber Security
ThaiBev received the ISO/IEC 27001:2013 Information Security Management System Certification dated 28 September 2020 and plans to expand the scope to cover the entire system.
Information technology has rapidly advanced. It allows easy, convenient, and fast access. But at the same time, cyber espionage for electronic information has increased drastically and is a major cyber threat. ThaiBev values information security for all stakeholders, consumers, customers, employees, raw material suppliers, and other stakeholders related to the company both directly and indirectly. Therefore, there is a strong need for cyber risk management mechanisms that can prevent access to information that could damage the business. Therefore, ThaiBev understands the importance of bolstering the company’s information technology security and has created plans to respond to many different threat scenarios.
Cyber Risk Management Approaches
ThaiBev has implemented cyber risk management and information security protocols meeting top international standards, like ISO 27001 and NIST Cybersecurity Framework. These cyber security frameworks include prevention plans, detection, and rapid responses to threats in compliance with global standards. There are 5 main processes, including:
  • Identify
    Identify risks to specify the scope and method to assess cyber risk
  • Protect
    Establish standards to control and prevent information technology system risks
  • Detect
    etect, analyze, and monitor suspicious cyber activities, and issue alerts
  • Respond
    dentify management’s approach to respond to and address risks
  • Recovery
    Identify measures for damage recovery to continue business operations
The Board of Directors and executives at ThaiBev, contribute to the identification of strategies related to information technology security, together with cyber security and procedures, so they are in line with corporate guidelines and international standards.

Additionally, the Sustainability and Risk Management Committee is also responsible for ensuring information security and cyber. The ThaiBev Information Technology Committee ensures that the Company’s information technology and cyber risks can be managed effectively and that all potential negative impacts on the organization and its business opportunities can be mitigated.
Information Technology Security Policy

It focuses on information security, including cyber security and other aspects of information technology. It does this through rules, regulations, and guidelines that seek to protect ThaiBev’s information technology property from unauthorized access, as well as through clear corporate policy directions, including by ensuring that the organizational structure and corporate strategy are in accordance with the information technology security policy.
Personal Data Protection Corporate Practices
ThaiBev follows laws on personal data protection according to the Personal Data Protection Act, and on the protection of cyber security through the Cyber Security Act B.E. 2562. In addition, ThaiBev issues corporate rules and regulations on personal data protection in 2020 to serve as a strict guideline for executives and employees.
ThaiBev’s Incident System on Information Technology Security
ThaiBev has established an Incident system for information technology security. Employees can file a complaint by telephone or email. The email address is ITSecurity@thaibev.com.
Year 2021 Target
  • 100% data breach prevention
  • 100% prevention of customer data from being misused

*ThaiBev understands the importance of information technology security and knows that it has a significant impact on business operations. Therefore, we have set up a new approach to prevent threats in the area of information technology by installing a highly efficient computer antivirus system, setting new effective regulations for periodic inspection and system monitoring, regularly deploying up-to-date computer antivirus systems, closely monitoring and solving problems with related information technology equipment, closely following up and resolving all incidents, including those related to information technology hardware, and establishing a strong standard of corporate information technology security practices. This resulted in a significant drop in the average number of computer virus attacks on the ThaiBev system - 70% more effective from March 2020 onwards.

Insight

Nantika Ninvoraskul
Senior Vice President
Thai Beverage Public Company Limited
ThaiBev considers information security as one of the most critical parts of the organization and includes it on executive management agendas, including at the Board of Directors meetings and the Sustainability and Risk Management Committee meetings.

In addition, the Company has an Information Technology Committee that defines strategies, goals, and operations in information technology in accordance with the organization’s overall strategy. There is also a working group responsible for personal information security, consisting of teams from various departments in the organization, such as the Office of Legal Affairs and the Office of Human Capital. These set overall operational guidelines, including best practices regarding personal information security, as well as training and education for employees and stakeholders