Home / Governance & Economic
INFORMATION TECHNOLOGY AND CYBER SECURITY
ThaiBev recognizes the importance of corporate IT protection. Each employee in the organization has a responsibility to support IT security. With this in mind, ThaiBev has launched new initiatives to provide more IT-related support to its employees, business groups, and other related parties. The aim is to ensure that all employees participate in data protection and IT security. This also means not infringing on or violating the rights of data owners, especially those who are stakeholders in the organization.
Management Approach
ThaiBev has implemented cyber risk management and information security protocols in line with international standards such as ISO 27001 and NIST Cybersecurity Framework. These cyber security frameworks include prevention plans, detection, and rapid responses to threats in compliance with global standards.
IDENTIFY
Identify risks to specify the scope and method to assess cyber risk
PROTECT
Establish standards to control and prevent information technology system risks
DETECT
etect, analyze, and monitor suspicious cyber activities, and issue alerts
RESPOND
dentify management’s approach to respond to and address risks
RECOVERY
Identify measures for damage recovery to continue business operations
The Board of Directors and executives at ThaiBev, contribute to the identification of strategies related to information technology security, together with cyber security and procedures, so they are in line with corporate guidelines and international standards.

Additionally, the Sustainability and Risk Management Committee is also responsible for ensuring that it has addressed information security and cyber security among ThaiBev's potential risks.
Mr. Thapana Sirivadhanabhakdi
Mr. Thapana Sirivadhanabhakdi is a member of ThaiBev’s Board of Directors and member of the Cyber Security Committee and Sustainability and Risk Management Committee (SRMC).

His past and current working experience includes Committee in the ThaiBev IT Security which manages and adopts effective defenses to protect the organization in any event of a cyberattack and ensures the business is ready to respond to any cyber threats as planned.

From 2007 to 2008, he was the leader of the ThaiBev Group SAP implementation team who designed and developed secure work processes for ThaiBev group and Pan International purchasing module, including IT security module which later receives ISO 27001 certification.

Mr Thapana also joins TCC Technology in 2001 and continues to serve as the Chairman of the Board of Directors. With his aptitude for successfully leading management teams and proven IT Digital literacy, Mr Thapana brings the TCC Technology group to serve customers as their most trusted digital solutions partner for all professional end-to-end digital technology platforms of IT strategy, IT Infrastructure, Information Technology service delivery, delivery of cloud services and IT security services.
ThaiBev’s Chief Information and Security Officer (CI&SO)
Mr. Kosit Suksingha
ThaiBev’s Chief Information and Security Officer (CI&SO) is the senior-level executive who is responsible for to ensure information assets and technologies are well protected.

As the secretary of the Sustainability and Risk Management Committee,Mr. Kosit Suksingha also serves as ThaiBev’s Chief Information and Security Officer (CI&SO) to oversee cybersecurity within the Company and ensure strategic alignment with the Sustainability and Risk Management Committee.
Strategies
  • Maximize IT Security Protection by proactively managing Cyber/IT Security risks in all ThaiBev’s systems.
  • Prioritize IT Security Risks as one of the most important corporate risks and periodically review IT security issues in the SRMC meeting.
  • 100% of employees receive IT Security Protection training
  • Ensure that the Personal Data Protection is executed by all employees and comply with Personal Data Protection Act, B.E. 2562 (2019).
IT Security Policy
ThaiBev has formulated the IT Security Policy since 2020 to define the direction, principles, and framework of IT/Cyber security management requirements including proactively creating knowledge and understanding for employees to comply with policies, standards, operational framework operating procedures, advice, including laws relating to computer systems correctly and appropriately.


ThaiBev Received the ISO/IEC 27001:2013 Information Security Management System Certification in 2020 and 2021.

Information Technology Security Policy
It focuses on information security, including cyber security and other aspects of information technology. It does this through rules, regulations, and guidelines that seek to protect ThaiBev’s information technology property from unauthorized access, as well as through clear corporate policy directions, including by ensuring that the organizational structure and corporate strategy are in accordance with the information technology security policy.
Personal Data Protection Corporate Practices
ThaiBev follows laws on personal data protection according to the Personal Data Protection Act, and on the protection of cyber security through the Cyber Security Act B.E. 2562. In addition, ThaiBev issues corporate rules and regulations on personal data protection in 2020 to serve as a strict guideline for executives and employees.
Towards 2025 and Beyond
  • Expand ISO/IEC 27001 IT security scope to cover the entire ThaiBev Group.
  • Implement ThaiBev Global IT Security Platform and leverage the platform to overseas subsidiaries.
  • Continuously Improve IT Security Infrastructure
Significant Achievement in FY2021
In addition to the 8 projects mentioned above, ThaiBev has had significant achievement in:
  • Expanded ISO/IEC 27001 IT security scope in FY2021 to cover ThaiBev's facilities and backup sites including active directory, physical and environmental management, network devices management, and IT service support.
  • Received External Assurance Certificate in IT Security & Vulnerability Analysis from Lloyd’s Register International (Thailand) Limited in 2021.
  • Increased the frequency of Business Continuity Plan (BCP) testing from annually to semi-annually from the year 2020 onwards.
0%
Virus Infected in 2021
2
Business Continuity Plan assessments per year
2021 Highlight

  • IT Security Awareness
  • Cyber Security Process Improvement, the Security Operation Center to monitor and detect any threats or any malfunctions of the entire IT system 24 hours.
  • Vulnerability Process Improvement by identify security weaknesses in networks, systems, and applications from any intruders, with an external IT security verification certificate from Lloyd's Register International (Thailand) Limited
  • Anti-Virus Optimization
  • Two-Factor Authentication (2FA)
  • High Performance VPN for 100% WFH users
  • Mail Gateway Improvement
  • Secured Network of COVID-19 Public Vaccination Centers at Samyan Mitrtown and The Street.