Information technology has rapidly advanced. It allows easy, convenient, and fast access. But at the same time, cyber espionage for electronic information has increased drastically and is a major cyber threat. ThaiBev values information security for all stakeholders, consumers, customers, employees, raw material suppliers, and other stakeholders related to the company both directly and indirectly. Therefore, there is a strong need for cyber risk management mechanisms that can prevent access to information that could damage the business. Therefore, ThaiBev understands the importance of bolstering the company’s information technology security and has created plans to respond to many different threat scenarios.
ThaiBev has implemented cyber risk management and information security protocols meeting top international standards, like ISO 27001 and NIST Cybersecurity Framework. These cyber security frameworks include prevention plans, detection, and rapid responses to threats in compliance with global standards. There are 5 main processes, including:
Identify risks to specify the scope and method to assess cyber risk
Establish standards to control and prevent information technology system risks
etect, analyze, and monitor suspicious cyber activities, and issue alerts
dentify management’s approach to respond to and address risks
Identify measures for damage recovery to continue business operations
The Board of Directors and executives at ThaiBev, contribute to the identification of strategies related to information technology security, together with cyber security and procedures, so they are in line with corporate guidelines and international standards.
Additionally, the Sustainability and Risk Management Committee is also responsible for ensuring information security and cyber. The ThaiBev Information Technology Committee ensures that the Company’s information technology and cyber risks can be managed effectively and that all potential negative impacts on the organization and its business opportunities can be mitigated.
It focuses on information security, including cyber security and other aspects of information technology. It does this through rules, regulations, and guidelines that seek to protect ThaiBev’s information technology property from unauthorized access, as well as through clear corporate policy directions, including by ensuring that the organizational structure and corporate strategy are in accordance with the information technology security policy.
ThaiBev follows laws on personal data protection according to the Personal Data Protection Act, and on the protection of cyber security through the Cyber Security Act B.E. 2562. In addition, ThaiBev issues corporate rules and regulations on personal data protection in 2020 to serve as a strict guideline for executives and employees.
ThaiBev has established an Incident system for information technology security. Employees can file a complaint by telephone or email. The email address is ITSecurity@thaibev.com.