1. Infrastructure as a Service - On-Premise. 2. Infrastructure as a Service - Cloud. 3. Cyber Zone / Internet Zone Network. 4. Applications Supporting Recruitment Process, such as SAP HCM and Success Factor. 5. External Recruitment Process. GC has also ensured its preparedness by conducting drills of cyber threat management plans and assessing cyber-attack risks. Additionally, GC fosters knowledge of safe IT usage and awareness of cyber threats, cyber thefts, and data privacy through infographics and e-learning materials. The aim is to empower employees, contractors, suppliers (both feedstock and nonfeedstock suppliers), customers, and entities or individuals operating on behalf of GC throughout the supply chain to apply this knowledge to their work and daily lives. In addition, to monitor risks and create warning signals, GC has established key risk indicators (KRI) encompassing three dimensions: personnel, business, and technology. 3. Information Security and Cybersecurity Auditing and Monitoring GC engages third parties to conduct reviews and audits of its information security and personal data management systems and guidelines in line with ISO/IEC 27001:2022 and ISO/IEC 27701:2019 on an annual basis. In the past year, the assessment revealed that GC’s information and cyber processes and infrastructure were up to standard and that no non-compliance was detected. GC’s key IT and cybersecurity management activities in 2023 can be summarized as follows: Data and Information Availability: GC has established data and information usage plans in line with its corporate strategic plans and surveyed the needs of all business groups to formulate IT strategic plans. In addition, a Data Recovery site (DR Site) has been set up for 24-hour backup of important information, which can be readily retrieved. GC has also formulated disaster recovery plans for the main data system in accordance with business continuity management standards (ISO 22301), along with recovery procedures for handling an emergency that impacts the main data system. Additionally, IT disaster recovery drills are conducted every year. Standard Control and Specifications of Hardware and Software: GC has introduced policies to control hardware and software standards, which require, for instance, the replacement of IT equipment every three years and the installation of a server moni toring system that not i f ies administrators via SMS and e-Mail upon detecting irregularities for prompt troubleshooting. Data Secur i ty and Cybersecur i ty System Optimization: Due to greater use of digi tal technology both in production systems and operation networks with internet connectivity and the new mode of work among employees known as working from anywhere, there have been greater risks of cyber threats, such as theft of key data and possible unplanned shutdowns of vital system, which could affect GC’s business continuity, credibi l ity, as wel l as corporate image and reputation. In 2023, as a result of these initiatives, GC was able to efficiently safeguard its data and that of its business partners, as reflected through the indicators: (1) zero IT security breach and (2) zero employee and customer affected by IT security breaches. Insider Information An Insider Information Policy has been established and included in the Corporate Governance and Business Code of Conduct Handbook. It has also been published on the Company’s website for shareholders’ ready access. Directors, Executives, and employees are constantly reminded to comply with the policy, under which they are prohibited from using material insider information not yet publicly disclosed for personal gain or the benefit of others, for trading GC’s securities, or in a manner that either directly or indirectly harms the interests of GC. The details of the policy appear under “Policy and Practices Related to Shareholders and Stakeholders.” In 2023, GC oversaw and monitored the compliance of its use of insider information with relevant laws as well as its policies and practices. In addition, all Executives and employees were informed of the matter via e-Mai l and required to learn about insider information policies and practices as well as signed a statement acknowledging their obligations via GC’s Hook Acknowledgement & Learning System. 201 PTT GLOBAL CHEMICAL PUBLIC COMPANY LIMITED Form 56-1 One Report 2023
RkJQdWJsaXNoZXIy ODg4NTI=