GC_ONE REPORT 2021_ENG

Corporate Risk Factor Important Mitigation Measures Feedstock Supply Risk Changing concession contract of gas production may result in fluctuation in both quantity and quality of gas and condensate from the Gulf of Thailand during the initial stage of operation. This may affect the Company’s plan for feedstock used in the production process. The Company has accelerated the implementation of various projects to increase feedstock flexibility in order to cope with aforementioned situation to mitigate the impact; the following actions have been taken. Work closely with PTT Group through regular working group meetings to monitor gas situation in both quantity and quality aspects in order to plan and formulate supporting measures and solutions. Implement Feedstock Flexibility strategy to increase flexibility in raw material sourcing and usage together with analyze and evaluate economic cost-benefit of different feedstocks accordance with the changing situation. Monitor the government’s policies regarding the clarity of the LNG free market and the proportion of electricity generated from alternative fuel sources to analyze trend in gas consumption from the Gulf of Thailand. Cyber Threat These days, there are various forms of cyber-attacks using different advanced t echno l og i es . The sophi st icat ion of threats al so increased from the application of emerging technologies along with the changing in business model and way of work. This presents cyber threats to GC’s production system and operational networks connected to the internet. Failure to manage these risks would affect its business continuity, credibility, and reputation. The Company is aware of the severity and effect of cyber threats. Several measures are therefore implemented for the risk management as followed: Establish and announce regulations on GC’s IT Security Policy to ensure efficient use of IT systems and networks and to provide guidelines for GC and its subsidiaries. Implement an information security management system and asset security practices in accordance with international cyber-related standards. Monitor and prepare for new threats to both GC’s offices and plants and perform tests and assessments regularly to put in place a proactive preventive plan before the incident takes place. Study and develop the detection and preventive systems in the form of Deception Technology to handle the cyber attack. Implement the 2-factor authentication for the internet-facing applications. Prepare work systems and increase information technology security measures to support the Work from Home policy. Carry out cybersecurity drills and disaster recovery tests regularly to ensure prompt response and to minimize impacts on GC’s information systems and business operations. Introduce cyber security awareness programs such as continuously educating employees at all levels about the best practices, preventive measures, and information technology regulations. 81 BUSINESS OPERATION AND PERFORMANCE CORPORATE GOVERNANCE FINANCIAL REPORTS AND FINANCIAL STATEMENTS APPENDIX

RkJQdWJsaXNoZXIy ODg4NTI=