GC has issued cybersecurity policies and measures based on ISO 27001 as well as created awareness among employees, contractors, suppliers, customers and authorities or individuals operating on behalf of the company across the value chain to reinforce the security and stability of our information and cybersecurity management system and prevent any action in violation of the Cyber-Related Computer Crime Act.
In 2022, GC applied for information security management system Privacy Information Management System certifications according to ISO/IEC27001:2013 and ISO/IEC 27701:2019, respectively. The scope of certification is as follows:
|Priority||Scope of Application for ISO/IEC 27001:2013 and ISO/IEC 27701:2019|
|1||Infrastructure as a Service|
|2||Cloud Infrastructure as a Service|
|3||Cyber Zone / Internet Zone Network|
|4||External Recruitment Process and Application Supporting Recruitment Process|
Additionally, GC has made preparations and reduced risks from cybersecurity threats and thefts by establishing and monitoring Key Risk Indicators (KRI) in all three dimensions, which are people, business, and technology.
Key Risk Indicator: KRI 2022
|Target Group||Action||Key Risk Indicator (KRI)||Target (%)||2022 Outcome (%)|
|People||Conduct phishing test||Phishing report rate (Quarterly)||>= 20 %||49.09 %|
|Employees who passed Phishing Test (Quarterly)||>= 95 %||97.70 %|
|Business||Perform vulnerability assessment to improve information system security||Vulnerability Fixed||100 %||99.97 %|
|Technology||Update and improve protection system against cyber breaches and cyber-attacks to heighten data security||Update Firmware and Signature on Firewall||100 %||100 %|
Furthermore, GC also promotes knowledge on the safe use of information technology in tandem with information security/cybersecurity awareness trainings, infographics on data privacy and E-Learning to enable implementation in operations or the daily life by employees, contractors, suppliers (feedstock and non-feedstock), customers and authorities or individuals acting on behalf of GC across the supply chain.
Educating Employees on the Safe Utilization of Information Technology
|Form of Communication||Detail||Content Sample|
|Infographics||Use infographics to convey news and information via e-mail to create employee awareness, and use Microsoft Form to evaluate their knowledge and understanding||
|E-Learning||Create an online knowledge center that is accessible to employees with a focus on creating awareness and understanding of fundamental cybersecurity issues as well as comprehensive information on cybersecurity threats||
- Test score on cybersecurity knowledge = 100%
- Contractors and suppliers must attend online training to acknowledge the Information Security Policy before accessing the company’s information system = 100%