Target

No cases of cybersecurity breach or trail in cyberattack after the provisions of cybersecurity training.

Risks and Opportunities

In the present, increase in dependence on technology may result in risk of cyber threats that affect our production processes and our entire operating platforms that rely on Internet connections. Particularly during the COVID-19 pandemic, where our ways of work have been relying more on digital technology, could lead to the increase of cyber threat such as theft of critical information or production process interruptions would affect our reliability, credibility, and reputation.

In this regard, GC implements an information security management system that is aligned with the IT security policies, while also developing our employees capacity at all levels to be aware of cybersecurity threat and able to adjust to the in the digital era.

Cyber Security Measure

Under the Digital and IT Steering Committee (DISC) and the Information Safety and Security (ISMS) Committee, GC has implemented guidelines and management processes regarding cyber and IT security that are transparent, and cover 6 topics.

Guidelines and management processes regarding cyber and IT security Information Quality

IT and Cybersecurity governance structure

As such, GC has an IT and cybersecurity governance that can be categorised in three levels: Governance, Management and Operation.

Governance Level

GC Group's Digital & IT Steering Committee (DISC)

  • Manage and oversee digital and information technology operations in accordance with GC's directions, strategies, and goals to ensure efficient and effective performances.

Information Safety Management System Committee (ISMSC)

  • Support and define operating frameworks and guidelines on information, cyber, and cloud security to be in alignment with ISO/IEC 27001 standard.
Management Level

Information and Cyber Security Management Level

  • Manage information technology system, and deploy an operational framework to control user implementation in accordance with ISO Series systems.
  • Conduct internal and external audit to ensure credibility and accuracy of information.
Operation Level

Information Technology Department

  • Establish systems, procedures, and other internal services (intranet) as well as communication channel for users compliance.
  • Evaluate, monitor, and report information technology performances and risks to the ISMS committee on an annual basis.