Home / Governance & Economic
Information Technology and Cyber Security
ThaiBev recognizes IT Security risk as one of the risks the organization must closely monitor. Also, corporate stakeholders’ personal data needs to be handled with special care, in accordance with its IT Security Policy, Personal Data Protection Policy, company regulations and the Personal Data Protection Act (PDPA).
Management Approach
ThaiBev has implemented cyber risk management and information security protocols in line with international standards such as ISO 27001 and the NIST Cybersecurity Framework. These global frameworks deliver principles and best practices of cyber risk management to enhance the security of the organization and helps the organization effectively plan, prevent, detect and respond to threats quickly and systematically, enabling businesses to continue to operate.
Mr. Thapana Sirivadhanabhakdi
Mr. Thapana Sirivadhanabhakdi is a member of the Board of Directors of ThaiBev since 2003, a member of the ThaiBev Sustainability and Risk Management Committee (SRMC), and a member of the ThaiBev Cyber Security Committee.

Mr. Thapana Sirivadhanabhakdi possesses extensive experience in cybersecurity, having worked in various roles. He served on the ThaiBev Cybersecurity Committee, overseeing the implementation of effective defenses against cyber-attacks to safeguard organizations. Additionally, he led the ThaiBev Group SAP implementation team from 2007 to 2008, designing secure work processes and earning ISO 27001 certification for the IT security module.

In 2022, Mr. Thapana advocated for the transformation of accounting functions, establishing the Accounting Shared Services Center (ASSC) at Thai Beverage Group. This initiative consolidated resources, tools, and business processes, resulting in robust governance and control of cybersecurity. Furthermore, he played a crucial role in setting up the Digital and Technology Capability Center to drive technology adoption within both Thai Beverage Group and TCC Group, with cybersecurity being a key area of focus.

Since 2021, he has actively chaired TCC Technology Co., Ltd., a prominent provider of managed hosting services, infrastructure, IT security, and technology solutions in Thailand and internationally.
ThaiBev’s Chief Information and Security Officer (CI&SO)
Mr. Kosit Suksingha
ThaiBev’s Chief Information and Security Officer (CI&SO) is the senior-level executive who is responsible for to ensure information assets and technologies are well protected.

As the secretary of the Sustainability and Risk Management Committee,Mr. Kosit Suksingha also serves as ThaiBev’s Chief Information and Security Officer (CI&SO) to oversee cybersecurity within the Company and ensure strategic alignment with the Sustainability and Risk Management Committee.
  • Maximize IT Security Protection by proactively managing Cyber/IT Security risks in all ThaiBev’s systems.
  • Prioritize IT Security Risks as one of the most important corporate risks and periodically review IT security issues in the SRMC meeting.
  • 100% of employees receive IT Security Protection training
  • Ensure that the Personal Data Protection is executed by all employees and comply with Personal Data Protection Act, B.E. 2562 (2019).
ThaiBev’s Cyber Security Committee
ThaiBev’s governance structure for cyber security strategy and review start with the CEO who leads formulation of short- and long-term strategy to the Board of Directors. At the executive level, Chief Information & Security Officer (CI&SO) and Data Protection Officer (DPO), is the owner of all assurance activities related to the availability, integrity, and confidentiality of customer, business partner, employee, and business information.

ThaiBev's IT Security Risk Management Structure

IT Security Policy and Personal Data Protection Policy
ThaiBev formulated its IT Security Policy and Personal Data Protection Policy to proactively create awareness among employees and related parties to comply with policies, operating procedures, and laws relating to Information Technology Security to cover and protect all stakeholders of the organization.
It focuses on information security, including cyber security and other aspects of information technology. It does this through rules, regulations, and guidelines that seek to protect ThaiBev’s information technology property from unauthorized access, as well as through clear corporate policy directions, including by ensuring that the organizational structure and corporate strategy are in accordance with the information technology security policy.
ThaiBev Cybersecurity Roadmap towards 2025

ThaiBev Received the ISO/IEC 27001:2013 Information Security Management System Certification in 2020, 2021 and 2022.

ThaiBev's vulnerability analysis and Penetration Test process has been certified by a 3rd party international firm which is LRQA, the world’s leading provider of professional IT security certification services.
2022 Highlight

IT Infrastructure Standard Blueprint

ISO 27001 Certification

IT Security Awareness Training for employees

Messaging, System and Network Monitoring 24x7

Server Farm Security

Vulnerability Assessment with Third-Party Assurance

Penetration Testing with Third-Party Assurance

Establishing personal data protection policies and practices

Providing consent form templates for personal data protection.

Offering awareness training about data privacy protection to employees.

Regularly auditing security and personal data protection.

Setting up the ThaiBev PDPA communication channels