EGCO Group stipulated and published IT security and cybersecurity policy for every employee, including external parties providing services for EGCO Group, to use as an operational guidelines on IT related tasks, ensuring full compliance with related laws.

The Company organizes training regularly for employees to develop better understanding of cybersecurity as well as related laws and regulations. It is also to raise awareness of cyber threats and effective prevention.

Under EGCO Group’s IT security management, every employee is responsible for monitoring and preventing information abuse. Hence, EGCO Group conducts performance assessment according to security prevention as well. The Company established whistleblowing process to encourage employees to report any risks that could harm the business of the Company through an internal System/Service Investigation Request (SSIR) or through designated whistleblowing channels. Additionally, non-compliance acts will face disciplinary actions as well as legal penalties if found guilty of conduct violations.