Go to Corporate Site
TH EN
Information Security and Data Privacy

Information Security and Data Privacy

Supporting the Sustainable Development Goals

The rapid advancement and increasing reliance on technology today can pose risks from cyber threats and the security of personal information. PLANB recognizes the importance of information technology systems in mitigating such risks to business operations, credibility, reputation, and stakeholder confidence. Consequently, the company adheres to data security policies and implements various personal data protection measures, enhancing employee awareness about cyber security threats.

SDGs 16 SDGs 17

The company complies with the Personal Data Protection Act (PDPA) of 2019 and the Cyber Security Act of 2019, along with other relevant data storage, recording, usage, retention, and disposal regulations. PLANB has appointed a Data Protection Officer (DPO) to oversee privacy-related issues. In 2022, the company upgraded its IT and data privacy operations by regularly reviewing IT practices and policies to ensure all employees are equipped to protect client data.

Goals and Performance Highlights
Our commitment to sustainable impact is demonstrated through ESG goals and performance.
ESG Performance Data

Performance Highlights

The company organized the training course “Cyber Securities & Basic Computer Troubleshooting,” with a total of

100 employees participating.

The company is committed to continuously enhancing its systems and data security management to ensure

100%

protection against data breaches, including data leakage, theft, or loss, in line with its established targets.

Commitment, Challenge and Opportunity

Commitment

Plan B places the highest importance on cybersecurity and personal data protection. The company operates in compliance with applicable laws and international standards, establishing policies, measures, and continuous employee training to build trust among all stakeholders.

Challenges
  • Complex and evolving cyber threats, such as malware, phishing, ransomware, and new forms of attacks that are difficult to anticipate
  • Risks of personal data leakage or theft, arising from both internal factors (human error) and external factors (hacker attacks), which affect security and legal compliance
  • Potential impacts on the confidence of customers, business partners, and stakeholders, as cybersecurity or data incidents may damage reputation, trust, and long-term business continuity
Opportunities
  • Strict compliance with laws and international standards to build customer and partner confidence, strengthening competitive advantage
  • Promoting a culture of cybersecurity awareness through training and internal communication, enabling employees at all levels to understand risks and actively contribute to preventing cyber threats

Management Approach and Practices

The company recognizes the importance of cybersecurity and the stability of its information networks, which face risks of data theft and increasingly complex forms of cybercrime. Such threats may impact economic, social, and environmental security, as well as the confidence of customers and business partners in the company. Therefore, the company places strong emphasis on strict compliance with applicable laws and international standards.

while establishing policies and practices to enhance comprehensive security as follows:

1. Formulating an Information Security Policy

Establishing a framework to define practices for safeguarding the company’s information security, in alignment with applicable legal requirements and relevant regulations.

2. Developing a Business Continuity Plan and Information Recovery Plan

Ensuring readiness in data management and recovery to maintain continuity of critical business processes in the event of disruptions.

3. Conducting annual training programs on “Cyber Securities & Basic Computer Troubleshooting”

Providing employees with knowledge and awareness on the importance of cybersecurity, cyber threats, as well as prevention methods and basic troubleshooting techniques.

4. Protecting Data Privacy

Implementing measures to safeguard the personal data of all stakeholders, including customers, employees, business partners, alliances, and shareholders.

Information Security Management

Information Security Management
Click to Enlarge

In addition, Plan B has established an Information and Cybersecurity Policy, the scope of which applies to all employees and individuals engaged in work on behalf of the company. This policy serves as a framework for defining operational practices in safeguarding the company’s information security. It is subject to regular review and ongoing compliance audits to ensure alignment with applicable requirements.

IT Security and Cyber Security Governance

IT Security and Cyber Security Governance
Click to Enlarge

Information Security and Data Privacy

Performance 2022 2023 2024
Number of complaints from external and confirmed by PLANB’s internal 0 0 0
Number of complaints from the Corporate Governance Committee 0 0 0
Number of breaches of information security or other cybersecurity incidents 0 0 0

Stakeholders Directly Impacted

Customers
Customers
Business Partners
Business Partners
Employees
Employees
Shareholders
Shareholders
Regulatory Authorities and Government
Regulators and Government Agencies
Communities
Communities

Related Documents

Confidentiality of Information Policy
Cookie Policy
Information and Cyber Security Policy
Privacy Policy
Recording, Reporting and Storage of Data Policy