Privacy Protection and Cybersecurity Overview

Why is this Important?

In an era where digital technology plays a crucial role across all industries, the energy and utilities sector has rapidly embraced digital transformation. The integration of automation systems in energy management not only improves operational efficiency and reduces costs but also enhances the ability to meet consumer demands more effectively. However, stepping into the digital world comes with new challenges, especially in terms of cybersecurity. As a result, businesses must elevate their security measures to safeguard critical data and maintain cybersecurity, which directly impacts the trust of all stakeholders involved.

EGCO Group places great importance on establishing clear data security measures. The company has updated its policies to adhere to laws, such as the Cybersecurity Act B.E. 2562 (2019) and the Personal Data Protection Act B.E. 2562 (2019). This is in accordance with international standards based on three core components: confidentiality, data integrity, and availability. These components cover the protection of data from potential threats arising from the integration of new technologies into the energy infrastructure. The goal is to prevent and manage any risks that may arise. Additionally, EGCO Group conducts annual training for employees to raise awareness of cybersecurity threats and has established a task force to monitor and evaluate operations related to personal data protection, ensuring that all processes are thorough and in compliance with legal frameworks.

C
CONFIDENTIALITY

Confidentiality of information

I
INTEGRITY

Maintaining data integrity

A
AVAILABILITY

Availability of information

Sustainability Material Topic: Data Security & Privacy

Stakeholder Impact on Materiality Topics

Business Partners

Management Approach

Privacy Protection and Cybersecurity Target

Long Term Target

  • Developing the company’s data security management system to align with ISO 27001 standards.

  • 80% of employees undergone training to raise their awareness on data security and privacy concerns, focusing on high-risk and relevant stakeholders.

2024 Target

  • Improve data security systems of head office, Khanom Power Plant and Klongluang Power Plant to comply with ISO 27001:2022 standard and Banpong Power Plant to comply with ISO 27001:2013 standard.

  • Prevent data leakage.

  • Arrange IT security awareness training sessions for employees and executives to increase awareness of cybercrimes and reduce the risk of sensitive business data leakage.

  • Conduct penetration testing & business continuity plan testing

2024 Performance

  • Head office, Khanom Power Plant and Klongluang Power Plant are certified ISO/IEC 27001:2022 and Banpong Power Plant is certified ISO/IEC 27001:2013.

  • Arranged training sessions on Personal Data Protection Act B.E. 2562 (2019) preparedness.

  • Conducted cyber security awareness training sessions for employees twice i.e. hybrid and e-learning sessions.

  • Communicated knowledge about cybersecurity through posters, emails, and SharePoint online (web intranet).

  • Conducted email phishing simulation attack testing.

  • Conducted testing on recovery and business continuity plans for all systems 2 times/year.

  • Collaborated with a consultant to conduct penetration testing and vulnerability assessment. The data security system has been upgraded to ensure compliance with relevant standards.

Privacy Protection and Cybersecurity Governance

The risk Oversight Committee stipulates an internal audit policy regarding risk management activities as well as investigates IT development-related operations regularly.

Explore more
Cybersecurity Measures

EGCO Group stipulated and published IT security and cybersecurity policy for every employee, including external parties providing services for EGCO Group, to use as an operational guideline on IT-related tasks, ensuring full compliance with related laws.

Explore more
IT Security/ Cybersecurity Process & Infrastructure

EGCO Group’s IT Security System was certified ISO/IEC 27001:2022 which covers processes such as grievance management, change management, document control, asset utilization monitoring, etc.

Explore more
Data Privacy Protection

EGCO Group places great importance on the data protection and privacy of employees, customers, suppliers, and every stakeholder. The Company stipulated strict internal data abuse prevention guidelines as well as established and announced the data privacy protection policy publicly.

Explore more

Related Documents

Policies, Requirements and Performance

  • Sustainability Manual
    Download
  • Personal Data Protection Policy
    Download
  • Personal Data Protection Act (PDPA) Statement
    Download
  • End User Security Guideline
    Download
  • Information Technology Development and Cyber Security Oversight Committee
    Download
  • Privacy Notice for External Data Subjects
    Download
  • Consent Form for External Data Subjects
    Download
  • Application Form for Exercise of the Rights of Data Subject
    Download
  • Personal Data Breach Notification Form
    Download
  • IT Security and Cybersecurity Policy
    Download
  • ISO27001:2022 Certification
    Download

Performance Data

Governance
Economic

Updated as of May 2025

The information reported above was prepared in accordance with the Global Reporting Initiative Standards (GRI Standards). It has been audited by an external party and has received limited assurance through the 2024 Annual Report.