With a drive towards more efficiency and automation, we are increasingly reliant on technology innovations to support our business. With this increased reliance on technology, our exposure to system related cyber threats also increases proportionally. Thai Union Group tackles cybersecurity threats and risks with support from the Board of Directors, Audit Committee, Risk Management Committee, and members of the Global Leadership team. In governing IT security, Thai Union Group has developed a Cybersecurity Governance framework with the express purpose of ensuring that we design and develop resilient information systems according to local regulation and international standards.
Roles and functions responsible for cybersecurity governance :
- Mr. Nart Liucharoen, Independent Director and Audit Committee Chair
- Mr. Thiraphong Chansiri, President and CEO
- Group Risk Management Department
- Group IT Director
- Head of Information Security
The Audit Committee and the Risk Management Committee, established by the Board of Directors, have direct roles and responsibilities related to cybersecurity as defined by their respective Charters:
- Review the correctness and effectiveness of the information technology system relating to internal controls, financial reports, risk management and data & network security together with suggested updates and improvements as needed.
- Conduct site visits to business units of the Company and the domestic and foreign subsidiary companies to review the risk management and internal control systems, information systems including cyber security, the important operational systems and regulations as well as problems and comments of the external auditors and the internal audit team
- Oversees and monitors risk management by means of independent reviews, in order to ensure that risk management is implemented according to the policy and effectively throughout the organization
- Oversees risk management implementation and reports the Company’s significant risks, mitigations and improvements to the Board
- Cybersecurity has been identified as one of the key risks that requires a management and mitigation plan (For more detail, please see our 2020 Annual Report p. 114)
The Group Information Technology and Group Risk Management work together to manage cybersecurity risks and report to Thai Union’s Global Leadership Team. In addition, the following IT-related roles and functions have direct roles and responsibilities in addressing cybersecurity risks.
Group IT Director is responsible for the IT strategy and roadmap that support the growth objectives of the company and is accountable for digital transformation, and all spects of information technology to meet the company's short and long-term needs. This includes:
- Develop technical aspects of the company’s strategy to ensure alignment with its business goals
- Discover and implement new technologies that yield competitive advantage
- Monitor KPIs and IT budgets to ensure the investments meet business expectations
- Use stakeholders feedback to inform necessary improvements and adjustments to technology
- Overall accountability for cybersecurity strategy and implementation
Head of Information Security - Responsible for governing and information security strategic decision-making, system and data protection, IT risk management program, and improving Thai Union Group’s overall security and robustness of infrastructure. This role also supports operation teams and relevant functions to implement cyber security activities, as well as promote awareness and preventive measures to reduce risks in cyber threats.
IT Steering Committee, responsible for reviewing Thai Union Group policies and ensures it aligns with business direction and strategy. The committee also extends their support to the IT department for all security improvement initiates to execute and implements across business units successfully. The committee consists of all critical business and IT leaders from all business units.
To meet the enterprise business objectives and ensure continuity of its operations, Thai Union Group has defined a set of policies and relevant documents to ensure integrity, availability, and confidentiality of all information.
A set of baseline IT controls and security requirements are defined in compliance with industry best practice, as well as applicable local law and regulations and technical benchmarks. These measures are designed to secure and protect the following, but not limited to
- relevant, personal data and information collected and/processed by Thai Union Group;
- Thai Union Group’s information resources and assets;
- Thai Union’s assets against theft, fraud, malicious or accidental damage, breach of privacy or confidentiality.
The above and other measures are designed to enhance IT security, cloud security, data security, cybersecurity security awareness training, and other IT programs for better future service enablement to support business objectives and growing needs.
Future changes to Thai Union’s IT security standards will be approved by the IT Steering Committee, published, and communicated to the relevant parties. Compliance with the policy controls will be monitored and reported to the IT management.
Reference Policies, Documents, and Topics:
Group Information Security Policy
- Human Resources Information Security - To Check
- Communications and Operations Management
- Access Control Management
- System Acquisition, Development and Maintenance
- Vulnerability and Patch Management
- Security Incident Management
- Business Continuity Management
- Physical and Environmental Security
Group Information Technology Policy
Risk Management Framework - Refer URL
Acceptable Usage Policy