Why is this Important?

The Company’s internal information is an asset that must be protected effectively. Hence, EGCO Group established the IT Security Policy to create data security and ensure the safety of computer systems or any data-related IT systems. This is to prevent, prepare, and reduce the risk of cyber threats ensuring that the Company has appropriate cybersecurity risk management and avoids any damages affecting the security of information. This also prevents cybercrimes, attacks, sabotage, espionage, and other mistakes and ensures compliance with the Cybersecurity Act B.E. 2562 (2019) and Personal Data Protection Act B.E. 2562 (2019). The 3 fundamental IT security components are


Confidentiality of information


Maintaining data integrity


Availability of information

Furthermore, EGCO Group conducted security awareness training for executives every year to reduce the risk of data leaks from cyber threats. EGCO Group also established a working group on policy and guideline development on personal data protection to manage, monitor, and assess the impacts, as well as to implement relevant actions on personal data protection that are within the regulatory frameworks.

Stakeholder Impact on Materiality Topics



Management Approach

Privacy Protection and Cybersecurity Target

Long Term Target
  • Improve the Company’s data security system in accordance with the ISO 27001 standard

  • 80% of total employees receive training to improve their information security and data privacy understanding with regards to relevant high-risk parties and stakeholders

2022 Target
  • Improve the data security system of Khanom Power Plant, Banpong Power Plant, and Klongluang Power Plant in accordance ISO 27001 standard

  • Improve the log management replacement and software monitor replacement system

  • Conduct IT Security Awareness Training for employees and executives to reduce the risk of business data leak from cyber threats

  • Conduct penetration testing & business continuity plan testing

2022 Performance
  • Certified ISO/IEC 27001:2013

  • Conducted training to prepare for compliance with Personal Data Protection Act B.E. 2562

  • Improve the log management replacement and software monitor replacement

  • Distributed Denial-of-Service (DDoS) prevention system installation

  • Conducted Penetration Testing in cooperation and Vulnerability Assessment with consultants and improved security weak spots to ensure the Company’s cybersecurity system is stable and met the established standards

Privacy Protection and Cybersecurity Governance

The risk Oversight Committee stipulates an internal audit policy regarding risk management activities as well as investigates IT development-related operations regularly.

Explore more
Cybersecurity Measures

EGCO Group stipulated and published IT security and cybersecurity policy for every employee, including external parties providing services for EGCO Group, to use as an operational guideline on IT-related tasks, ensuring full compliance with related laws.

Explore more
IT Security/ Cybersecurity Process & Infrastructure

EGCO Group’s IT Security System was certified ISO/IEC 27001:2013 which covers processes such as grievance management, change management, document control, asset utilization monitoring, etc.

Explore more
Data Privacy Protection

EGCO Group places great importance on the data protection and privacy of employees, customers, suppliers, and every stakeholder. The Company stipulated strict internal data abuse prevention guidelines as well as established and announced the data privacy protection policy publicly.

Explore more

Related Documents

Policies, Requirements and Performance

  • Sustainability Manual
  • Personal Data Protection Policy
  • Personal Data Protection Act (PDPA) Statement
  • End User Security Guideline
  • Information Technology Development and Cyber Security Oversight Committee
  • Privacy Notice for External Data Subjects
  • Consent Form for External Data Subjects
  • Application Form for Exercise of the Rights of Data Subject
  • Personal Data Breach Notification Form

Performance Data

Updated as of March 2023

The information reported above was prepared in accordance with the Global Reporting Initiative Standards (GRI Standards). It has been audited by an external party and has received limited assurance through the 2022 Annual Report.