Information Security and Data Privacy

Risk

Loss or leakage of the Company’s and relevant stakeholders’ personal and business information, whether caused by human error or cyber threats, has an unavoidable impact on system stability, the Company’s reputation and image, and stakeholder confidence. If the information is used improperly, it can seriously harm the data owner and cost the Company’s customers and business partners. 

Opportunity

Efficient management of personal and business information helps the Company reduce the risk of legal and regulatory violations, increase transparency in management, enhance the organization's credibility, and instill confidence in stakeholders. This results in confidence in working with the Company or selecting its products and services continuously, making business operations sustainable and reliable in the long run. In addition, the Company will obtain in-depth data to improve and develop products and services to create future competitive opportunities.

Management Approach

The Company has set a Confidentiality Policy so that directors, executives, and employees comply with the guidelines for keeping confidential information and using information correctly, especially information that is sensitive to the Company or its stakeholders; with the IT Security Policy, including instructions on the use of computer and network systems; and with the personal data protection policy that complies with international standards and legal requirements such as the Personal Data Protection Act (PDPA). 

The Company places importance on developing cyber security to maintain the security of the Company’s and key stakeholders’ information, including employees, customers, business partners, suppliers, and contractors. The Company therefore set goals for cybersecurity operations and data security, such as having a data leakage prevention system that covers all business units (100%) and receiving no complaints about personal data leakage. 

The Company focuses on reducing the likelihood and impacts of incidents and cyber-attacks on its information technology system. A working group has been set up to review the security system on the structural architecture, checking for vulnerabilities in critical work systems, to ensure that every system’s sensitive component is continuously monitored. 

The Company requires data users to strictly adhere to the policy and terms of use and have been trained on how to comply with measures to manage and maintain the security of personal information. The Company has raised awareness and provided a basic understanding of information security and cyber threat trends so that executives and employees can safely care for and use the organization’s information resources, be cautious, and prevent attacks and cyber-attacks, including the safe use of information technology systems that require a password to access and changing the password regularly for a specified period. Last year, the Company organized a Cyber Security Awareness Training Course for employees on 27 October 2022, on the basics of information security, cyber threat trends, information technology security policy, and computer-related laws and acts. 

If a stakeholder finds an incident where the operation does not comply with the regulations, a violation of personal data, or stakeholder information leakage, a trace or complaint may be filed through the Company’s complaints channel. In 2022, the Company did not receive any complaints related to the violation of personal data, the leakage of stakeholder information, or any incidents of Company information leakage or cyber-attacks. 

Start building the Future
with Amata

AMATA

Contact us for more details.

Thailand
+66 38 939 007
Vietnam

+84 251 3991 007 (South)
+84 203 3567 007 (North)

Myanmar
+95 1 230 5627
Laos

+85 620 5758 0007

© AMATA CORPORATION PCL. All rights reserved.  Web by Toneyes  Web by Toneyes