Cybersecurity and Personal Data Protection
Sahamitr Pressure Container PLC places significant priority on protecting cybersecurity and personal data to mitigate the risks associated with the loss of crucial information, which can have a detrimental impact on credibility and business operations. As a result, the company has established governance and policies for information security, cybersecurity, and data privacy. This includes the integration of cyber threat risk management and privacy protection.
Cybersecurity and Personal Data Protection Governance and Policy
The company has a Board of Directors and executive management with direct working experience overseeing the strategic level, work processes, and controls, integrated into enterprise risk management as follows:
- The Risk Management Committee is responsible for considering the company’s risk management, including cyber threats, and collaborates with the Audit Committee regarding potential risks.
- The Audit Committee is responsible for reviewing the internal control system.
- Internal Auditors ensures that the company implements appropriate internal controls against risks.
Additionally, the company has established a Personal Data Protection Policy as the basis for safeguarding personal data. This policy ensures the full protection of the rights of customers, shareholders, employees, and other stakeholders in compliance with personal data protection laws. The Personal Data Protection Policy, along with its related topics, is published on the company’s website: https://www.smpcplc.com/all-pdpa-policy/
The topics covered in the policy include:
- Personal Data Protection Policy
- Personal Data Protection Policy for Website Users
- Request Form for Personal Information
- Privacy Notice for Employees
- Privacy Notice for Customers, Partners, and External Visitors
Integrated Cyber Threat Risk Management and Privacy Protection
Given the company’s increasing dependence on technology for business operations and the complex nature of cyber threats, it is inevitable that the company is exposed to potential risks from cyber threats and the protection of personal data. These risks can result in damage to computers, computer systems, and related information. Cyber threats pose a significant risk to the company’s operations, particularly it is key systems such as network. These systems contain personal information held by the company. There may also be financial consequences, such as ransom demands, fines from legal prosecutions, or loss of income or profit.
The company has established cyber security risk management and personal data protection measures, integrating them into risk management practices throughout the organization in accordance with the principles of Good Corporate Governance. The company has also planned and increased investment to develop working systems that support new technologies and protect against cyber threats, including:
- Improving the computer network and server infrastructure to ensure smooth system operation.
- Implementing stringent security control measures such as a computer security system (Firewall), access controls for specific information, and a backup center network to support emergency situations and ensure business continuity.
- Conducting Penetration Tests (Pentests) to assess risks and identify vulnerabilities in various systems by simulating attacks and attempting to hack into computer systems. These tests are performed by experts who have received ISO standard.
