Cybersecurity Measures
GC has established policies and measures pertaining to information security and cybersecurity as well as personal data management in accordance with ISO/IEC:27001 and ISO/IEC: 27701. Moreover, GC continuously invests in improving its information security systems to ensure the security and stability of the information security and cybersecurity management system and to prevent any actions regarded as an offense under the Computer Crime Act and the Personal Data Protection Act, the company implements strict measures to ensure the integrity and protection of data.
In 2024, GC has expand the information security management system ISO/IEC 27001:2022 and the personal data security management system in line with ISO/IEC 27701:2019. The scope of application is as follows:
| Priority | Scope of Application for ISO/IEC 27001:2022 and ISO/IEC 27701:2019 |
|---|---|
| 1 | Infrastructure as a Service On Premise |
| 2 | Cloud Infrastructure as a Service on Cloud |
| 3 | Platform as a Service - Cloud |
| 4 | Cyber Zone / Internet Zone Network |
| 5 | Application Supporting Recruitment Process, including SAP, HCM and Success Factor |
| 6 | External Recruitment Process |
| 7 | Hiring Process |
GC has established information security-related business continuity plans and taken preparational steps by conducting a cyber threat management exercise and performed cyber-attack risk assessments to enable risk monitoring and serve as a warning signal for operations. In addition, an escalation process has been established to allow employees to report incidents, vulnerabilities, or any suspicious cyber activities.
Escalation process for reporting cybersecurity incidents or suspicious activities
Moreover, the company developed Key Risk Indicators (KRI) in all three dimensions, namely People, Business and Technology to monitor the performance of information and cyber security operations.
Key Risk Indicator: KRI 2024
| Target Group | Action | Key Risk Indicator (KRI) | Target (%) | 2024 Outcome (%) |
|---|---|---|---|---|
| People | Conduct phishing test | Phishing report rate (Quarterly) | >= 45 | 55.18 |
| Phishing victim rate (quarterly) | < 5 | 1.43 | ||
| Business | Perform vulnerability assessment to improve information system security | Vulnerability Fixed | 100 | 100 |
| Technology | Update and improve protection system against cyber breaches and cyber-attacks to heighten data security | Update Firmware and Signature on Firewall | 100 | 100 |
Furthermore, GC promotes a culture of shared responsibility for information security across the entire organization by establishing clear guidelines and policies. These are designed to ensure that all employees are aware of the importance of protecting data and understand their individual responsibilities in maintaining information security. The company also defines information security requirements for third parties who access its data or systems to ensure that all stakeholders adhere to the same security standards. GC also promotes knowledge on the secure use of information technology in tandem with information security/cybersecurity awareness trainings and data privacy via Infographics and E-learning to enable implementation in operations or the daily life by employees, contractors, suppliers (feedstock and non-feedstock), customers and authorities or individuals acting on behalf of GC across the supply chain.
Educating Employees on the Safe Utilization of Information Technology
| Form of Communication | Detail | Content Sample |
|---|---|---|
| Infographics | Use infographics to convey news and information via e-mail to create employee awareness. |
|
| E-Learning | Create an online knowledge center that is accessible to employees with a focus on creating awareness and understanding of fundamental cybersecurity issues as well as comprehensive information on cybersecurity threats. |
|
Outcome
- Test score on cybersecurity knowledge = 100%.
- Contractors and suppliers must attend online training to acknowledge the Information Security Policy before accessing the company’s information system = 100%.