EGCO Group stipulated and published IT Security and Cybersecurity Policy for every employee, including external parties providing services for EGCO Group, to use as an operational guideline on IT-related tasks as appropriate, ensuring full compliance with related laws.

Information Security Awareness Training

EGCO Group conducts trainings for employees on a regular basis to ensure that employees have knowledge and understanding on IT security, cybersecurity, and relevant cybersecurity regulations. As well as being aware of and prepare for cyber threats to effectively protect themselves and the organization from cybercriminals. In 2024, EGCO Group arranged PDPA AWARENESS training on Personal Data Protection Act B.E. 2562 and training on cyber threats & cyber security awareness to be prepared for cybersecurity threats, protect IoT devices, and be aware of online scams.

Escalation Process

Under EGCO Group’s IT security management, every employee is responsible for monitoring and preventing information abuse. Hence, EGCO Group conducts performance assessment according to security prevention as well. The Company established whistleblowing and escalation processes to encourage employees to report any risks, i.e. incidents, vulnerabilities or suspicious activities that could harm the business of the Company through an internal System/Service Investigation Request (SSIR) or through designated whistleblowing channels. Moreover, the company also established the Infosec Incident Handling Process which is crucial for all employees. The process starts with employees reporting suspicious activity to Incident Response Team (IRT). Then, reported incidents are assessed, contained, and resolved. This is to ensure a quick, effective, and orderly response to incidents, maintaining system availability and data integrity. Non-compliance acts will face disciplinary actions as well as legal penalties if found guilty of conduct violations.