Home / ThaiBev's Sustainability
Data Security and Privacy
Cybersecurity helps protect against cyberattacks that could impact an organization’s operations, thereby affecting all its stakeholders. ThaiBev recognizes the importance of cybersecurity and personal data privacy and has included it as one of our ten corporate materiality issues since 2020.

Furthermore, the Cybersecurity Committee has been set up as a dedicated team to manage cybersecurity risks. Holding an executive management position, Chief of Digital and Technology (D&T), acting as ThaiBev’s Chief Information and Security Officer (CI&SO), is responsible for managing potential risks to prevent direct and indirect effects on the company’s operations, including establishing information security rules that align with the organization’s strategic goals. In addition, he is in charge of overseeing the organization’s adherence to international cybersecurity and data privacy standards, including ISO 27001 and NIST standards, in order to maintain the highest possible degree of cybersecurity and data privacy protection.
Management Approach
A comprehensive framework and set of processes identify, assess, monitor, and manage cybersecurity risks within ThaiBev. Additionally, we deploy strategic planning, policies, procedures, and technological measures to protect the organization’s information assets from potential cyber threats. This framework also conforms to global standard guidelines such as IS0 27001 and the NIST Cybersecurity Framework, which offer cyber risk management best practices and principles to improve an organization’s security and facilitate efficient prevention, detection, and response to attacks, allowing firms to continue operating without any major obstructions.

Furthermore, ThaiBev is fully aware that personal information leakage, illicit use of information or cyberattack instances can result in legal sanctions, including compensation to the victims, as well as reputation damage and confidence from stakeholders and customers. Thus, the personal data of all stakeholders must be managed with great care in compliance with the Personal Data Protection Act (PDPA) and company policies to avoid violations of human rights, legal penalties, and corporate reputation risk.
ThaiBev’s Cybersecurity Committee
ThaiBev’s cybersecurity governance structure begins with the CEO, who leads on the design of short- and long-term strategies for the Board of Directors. At the executive level, the Chief Information & Security Officer (CI&SO) and Data Protection Officer (DPO) are in charge of all assurance efforts relating to the availability, integrity, and confidentiality of customer, business partner, employee, and business information. To prevent IT system failures and serious cybersecurity events, processes with defined delegation of responsibility are in place.

The CEO-led Cybersecurity Committee was formed to supervise cybersecurity operations within ThaiBev and communicates on a regular basis with the Sustainability and Risk Management Committee (SRMC), since the company considers cybersecurity threats as one of its strategic risks.

The Cybersecurity Committee keeps an eye on cybersecurity threats and develops plans, strategies, and guidelines for managing those threats. It must abide by the risk management policy of the ThaiBev group, which is overseen by the SRMC. To guarantee that all cybersecurity occurrences are tracked, examined, and appropriately mitigated, the Cybersecurity Committee also periodically reports its performance and progress to the SRMC and the Board of Directors.

Mr. Thapana Sirivadhanabhakdi

Mr. Thapana Sirivadhanabhakdi is a member of the Board of Directors of ThaiBev since 2003, a member of the ThaiBev Sustainability and Risk Management Committee (SRMC), and a member of the ThaiBev Cyber Security Committee.

Mr. Thapana Sirivadhanabhakdi possesses extensive experience in cybersecurity, having worked in various roles. He served on the ThaiBev Cybersecurity Committee, overseeing the implementation of effective defenses against cyber-attacks to safeguard organizations. Additionally, he led the ThaiBev Group SAP implementation team from 2007 to 2008, designing secure work processes and earning ISO 27001 certification for the IT security module.

In 2022, Mr. Thapana advocated for the transformation of accounting functions, establishing the Accounting Shared Services Center (ASSC) at Thai Beverage Group. This initiative consolidated resources, tools, and business processes, resulting in robust governance and control of cybersecurity. Furthermore, he played a crucial role in setting up the Digital and Technology Capability Center to drive technology adoption within both Thai Beverage Group and TCC Group, with cybersecurity being a key area of focus.

Since 2021, he has actively chaired TCC Technology Co., Ltd., a prominent provider of managed hosting services, infrastructure, IT security, and technology solutions in Thailand and internationally.
ThaiBev’s Chief Information and Security Officer (CI&SO)
Mr. Kosit Suksingha
ThaiBev’s Chief Information and Security Officer (CI&SO) is the senior-level executive who is responsible for to ensure information assets and technologies are well protected.

As the secretary of the Sustainability and Risk Management Committee,Mr. Kosit Suksingha also serves as ThaiBev’s Chief Information and Security Officer (CI&SO) to oversee cybersecurity within the Company and ensure strategic alignment with the Sustainability and Risk Management Committee.
CYBER SECURITY INCIDENT PROCESS FLOW


It focuses on information security, including cyber security and other aspects of information technology. It does this through rules, regulations, and guidelines that seek to protect ThaiBev’s information technology property from unauthorized access, as well as through clear corporate policy directions, including by ensuring that the organizational structure and corporate strategy are in accordance with the information technology security policy.
IT Security Policy
ThaiBev formulated its IT Security Policy in 2020 to define the direction, principles, and framework for IT security management, including proactively creating awareness among employees’ to comply with policies, operating procedures, and laws relating to information technology security.
Further details on the IT Security Policy
Personal Data Protection Policy
ThaiBev recognizes and respects privacy rights and makes every effort to protect the personal information of all ThaiBev employees and stakeholders including suppliers, consumers, and customers. In 2022, ThaiBev established its Personal Data Protection Policy to prevent improper use of personal information, and to ensure that its stakeholders’ data are properly managed and securely protected, in accordance with the personal information protection laws of the countries in which the group operates, as well as other relevant international standards.
Further details on Personal Data Protection Policy
ThaiBev Cybersecurity Roadmap towards 2025
  • Keep up with the latest trends in security protection technology, such as AI and machine learning, to further improve ThaiBev’s IT cybersecurity and personal data protection.
  • Continue to develop reliable Operational Technology (OT) Cybersecurity Protection Systems for critical infrastructure and the Industrial Control Systems in ThaiBev’s manufacturing plants and utilities by focusing on availability, data accuracy, integrity, and confidentiality to avoid disruptions to critical operations in the manufacturing sector.
  • Increase the cybersecurity protection capability of ThaiBev’s supply chain by evaluating and enhancing partners’ and suppliers’ cybersecurity standards.
  • Ensure that ThaiBev Group’s cybersecurity and personal data protection systems continue to comply with international and local standards and regulations with regular third-party certification.
  • Recognize “human-centric security” and the importance of human-factor risks in cybersecurity by investing in cybersecurity and personal data privacy training and awareness programs to educate employees on security best practices and potential threats, and reduce the risk of human error.
  • Protect and regularly assess Internet of Things (IoT) gadgets, and put effective security controls in place.
Targets
Description 2023 Performance Long-term Target (2025)
Information security breaches 0 0
Total number of clients, customers, and employees affected by the breaches 0 0
Achievements
0%
Virus Infected in 2023
Zero cases
of personal data violation

Key Projects
Continuously working on cybersecurity is an essential process for organizations in an era when technology and the use of online networks play an important role in every aspect of business. Controlling and safeguarding cyber devices and data protects an organization’s confidentiality and security. It is also important to drive organizations’ cybersecurity awareness through training so that all employees understand the significance of cybersecurity and act together to secure the organization’s information and systems. Throughout the fiscal year 2023, the IT security working team has strengthened the security of ThaiBev’s entire IT systems and networks.
ISO 27001 Certification
ThaiBev has continuously expanded the scope of ISO/IEC 27001 certification, in order to systematically strengthen the confidentiality, integrity, and availability of important information assets in the ThaiBev Group.
Zero Trust with 2FA Architecture
ThaiBev uses the latest Zero Trust security strategy, treating every attempt to gain access to the network or IT infrastructure as a threat and not trusting anyone inside or outside the network unless their identity is verified through authentication. Two-factor authentication, or 2FA, is used to provide stronger and more efficient authentication.
Phishing Simulations
ThaiBev began putting its employees through phishing simulations on a regular basis in FY2023 in an effort to gauge and improve employees understanding of phishing threats.

This involves simulating realistic phishing scenarios to evaluate how well employees can identify and respond to phishing attempts. By regularly testing and training employees, ThaiBev is confident that it can significantly reduce the risk of falling victim to real-world phishing attacks.
Cybersecurity Protection and Data Privacy Training Program
In FY2023, ThaiBev implemented this mandatory staff training program as part of its proactive approach. The objective is to ensure that employees are well-versed in cybersecurity and data privacy best practices and are ready to manage and mitigate potential risks. Employees must pass an exam with a score of not less than 90% to be considered trained. In FY2023, ThaiBev reached 100% of its target group, with over 15,000 personnel newly trained in cybersecurity protection and data privacy.
Annual Risk Assessment with External Assurance and Verification
ThaiBev has adopted a robust cybersecurity strategy that not only identifies and addresses vulnerabilities but also continually strengthens its security posture against potential threats. Third-party vulnerability assessments of server systems and network equipment are one of the most effective approaches for identifying and correcting security flaws in network and application systems. ThaiBev further strengthens the protection process by routinely assessing risks with penetration testing, to find weaknesses in the corporate system’s accessibility. These regular assessments, combined with proactive remediation efforts, are essential components of a comprehensive cybersecurity program. Additionally, the organization conducts ongoing external and internal audits of IT systems and networks on a regular basis to ensure that they have the highest level of security and resilience.
Continuous Messaging, System, and Network Monitoring
ThaiBev has installed a proactive network surveillance system for its office buildings to ensure that all systems can be in continuous, service are secure, and can detect problems before they affect users. In addition, the company regularly maintains and updates firmware for all devices in the network. The Web Application Firewall (WAF) is one of the effective new security technologies that we use to safeguard web applications from online threats and to prevent exploitation of vulnerabilities and attacks. ThaiBev Personal Data Privacy Handbook
Protecting personal data privacy of stakeholders is crucial
for maintaining trust and complying with privacy regulations. Accordingly, ThaiBev’s legal department in FY2023 prepared a handbook to help ensure that data privacy protection policies and regulations are consistently enforced across the business. Using language that is easy to understand, it allows readers to implement policies in the same way across the organization. The handbook is on an internal company website that is available to ThaiBev employees at any time
Personal Data Privacy Escalation Process Monitoring
ThaiBev’s Personal Data Privacy communication channels for stakeholder inquiries and complaints are well maintained, with conclusions reviewed by executive management in every case.
FY2023 ThaiBev Personal Data Privacy

Personal Data Violation 0 0%
Personal Data Correction Request (Edit/Delete) 822 88%
Not relevant to personal data 111 12%
Summary 933 100%
Green Cyber Security Technology
ThaiBev uses the infrastructure and networking services of STT Bangkok data center, which has received LEED Gold Certification from the U.S. Green Building Council. LEED certification is a globally recognized rating system for the design, construction, operation, and maintenance of green buildings and communities.