EGCO Group stipulated and published IT security and cybersecurity policy for every employee, including external parties providing services for EGCO Group, to use as an operational guideline on IT-related tasks, ensuring full compliance with related laws.

The Company conducted training for employees on a regular basis to ensure that employees have knowledge and understanding on IT security, cybersecurity, and relevant cybersecurity regulations. As well as being aware and prepare for cyber threats to effectively protect themselves and the organization from cybercriminals. In 2022, EGCO Group conducted PDPA AWARENESS training on Personal Data Protection Act B.E. 2562 and PDPA in Practice Training: A Business Case Study and Guidelines of Regulatory Agencies.

Under EGCO Group’s IT security management, every employee is responsible for monitoring and preventing information abuse. Hence, EGCO Group conducts performance assessment according to security prevention as well. The Company established whistleblowing process to encourage employees to report any risks that could harm the business of the Company through an internal System/Service Investigation Request (SSIR) or through designated whistleblowing channels. Additionally, non-compliance acts will face disciplinary actions as well as legal penalties if found guilty of conduct violations.