Target

  • No cases of cybersecurity breach or trail in cyberattack after the provisions of cybersecurity training.
  • Reduce time to detect cyber incidents to the lowest possible*

*Remarks: Currently, GC detects cyber incidents within 3 days. The average time in the industry is 24 days. (Source: FireEye Mandiant: M-Trends Report 2021)

Risks and Opportunities

In the present, increase in dependence on technology may result in risk of cyber threats that affect our production processes and our entire operating platforms that rely on Internet connections. Particularly during the COVID-19 pandemic, where our ways of work have been relying more on digital technology, could lead to the increase of cyber threat such as theft of critical information or production process interruptions would affect our reliability, credibility, and reputation.

In this regard, GC implements an information security management system that is aligned with the IT security policies, while also developing our employee capacity at all levels to be aware of and capable of applying proper mitigation measure on cybersecurity threat.

Cybersecurity Governance

To prevent ambiguity in our work direction and create transparency at policy management and operation levels. Therefore, GC’s information security/cybersecurity management can be classified into three levels, namely governance, management, and operation . In 2022, GC has reconstrcuted organization by setting up Cybersecurity department to increase efficiency of IT & Cybersecurity management.

Role Relevant Committee/Department
Governance level
  • Govern and manage IT operations
  • Determine direct strategies and goals
  • GC Group’s Digital & IT Steering Committee (DISC)
  • Information Security Management System Committee (ISMSC)
Management Level
  • Manage Information Technology based on ISO international standard
  • Monitor and audit integrity and accuracy of information
  • Cybersecurity Department
  • Corporate Risk Management
Operation Level
  • Establish systems, procedures, and services for users to comply with.
  • Evaluate, monitor, and report risk assessment to corporate-level Risk Management Committee
  • Cybersecurity Department

GC’s information security/cybersecurity governance encompasses the management of 5 areas.

Information Security/Cybersecurity Management Guideline and Process according to NIST Cybersecurity Framework

Moreover, GC has appointed Senior Vice President – Transformation Excellence to serve as Chief Information Security Officer (CISO), which having role and responsibility as follows: