Information Security and Data Privacy

Risk

Loss or leakage of the Company’s and relevant stakeholders’ personal and business information, whether caused by human error or cyber threats, has an unavoidable impact on system stability, the Company’s reputation and image, and stakeholder confidence. If the information is used improperly, it can seriously harm the data owner and cost the Company’s customers and business partners. 

Opportunity

Efficient management of personal and business information enables the Company to reduce the risk of legal and regulatory violations, increase transparency in management, enhance the organization's credibility, and instill confidence in stakeholders. This results in continuous confidence in working with the Company or selecting its products and services, making business operations sustainable and reliable in the long run. In addition, the Company will obtain in-depth data to improve and develop products and services to create future competitive opportunities.

Management Approach

The Company has established an Information Security Policy to ensure that directors, executives, and employees adhere to guidelines for maintaining confidentiality and using information properly. This policy covers sensitive information related to the Company or its stakeholders. Additionally, the IT Security Policy provides instructions on using computer and network systems, aligning with the Personal Data Protection Policy that meets international standards and legal requirements, such as the Personal Data Protection Act (PDPA).

The Company prioritizes the development of cybersecurity measures to protect the information of the Company and its key stakeholders, including employees, customers, business partners, suppliers, and contractors. Accordingly, the Company has established goals for cybersecurity operations and data security. These goals include implementing a data leakage prevention system across all business units (100%) and ensuring there are no complaints regarding personal data leakage.

The Company focuses on reducing the likelihood and impacts of incidents and cyber-attacks on its information technology system. A working group has been set up to review the security system’s structural architecture, identifying vulnerabilities in critical work systems, to ensure that sensitive components in every system are continuously monitored.

The Company mandates that data users strictly adhere to the policy and terms of use. To support compliance, it provides training on measures to manage and maintain the security of personal information. Additionally, the Company has raised awareness and fostered a fundamental understanding of information security and cyber threat trends among executives and employees. This training enables them to handle and use data safely, exercise caution, and prevent cyber-attacks. Security measures include using information technology systems that require password-protected access and regularly changing passwords within a specified period. Last year, on 26 October 2023, the Company conducted Cyber Security Awareness training for employees. This training addressed the dangers of social media, including discussions on criminal activities intertwined with technology, cybersecurity vaccines, and online police reporting.

If a stakeholder identifies an incident of non-compliance with regulations, a violation of personal data, or a leakage of stakeholder information, they may file a trace or complaint through the Company’s complaints channel. In 2023, the Company received no complaints related to violations of personal data, leakages of stakeholder information, or any incidents of company information leakage or cyber-attacks.

Start building the Future
with Amata

AMATA

Contact us for more details.

Thailand
+66 38 939 007
Vietnam

+84 251 3991 007 (South)
+84 203 3567 007 (North)

Myanmar
+95 1 230 5627
Laos

+85 620 5758 0007

© AMATA CORPORATION PCL. All rights reserved.  Web by Toneyes  Web by Toneyes