GC has implemented an information security management system and asset security practices in accordance with cyber-related international standard ISO/IEC 27001:2013. In 2022, the scope of application for ISO/IEC 27001 certification has been extended, as ISO/IEC 27701:2019 which this extension covers personal data security of candidate in recruitment process. This will ensure the security and personal data privacy of the candidates.

Our assurance process is conducted annually by a third party (Bureau Veritas) which covers the information infrastructure and security management system, and to ensure that systematic errors were not detected and the operation system complies with international standards.

Moreover, GC has managed and organized cyber threats with NIST framework to enhance cybersecurity for entire organization. The NIST could be divided in the following five aspects.

NIST Framework and Outstanding Information and Cybersecurity Projects in 2022

No. Process Detail
1. Identify

GC conducted the Cybersecurity Gap Analysis according to NIST Standards in 2022. The assessment findings comprise three main points:

  • Development of Employee in information and cybersecurity
  • Continuous monitoring and improvement of information and cybersecurity systems
2. Protect

GC has developed the Data Protection Solution to increase security, reduce risks of information theft, and support the enforcement of the Personal Data Protection Act 2019 (PDPA) through the following processes:

  • Assess the potential of technologies used in information and cybersecurity systems
  • Improve policy on Data classification
  • Issue Information management procedure and Data (personal data) protection guideline
3. Detect GC has executed the Compromise Assessment & Detection project to detect traces of information theft that had occurred to the company’s IT system
4. Respond GC has performed the Corporate Crisis Management Exercise on both the Information Technology (IT) and Operational Technology (OT) systems by simulating a ransomware attack scenario
5. Recover GC has conducted Backup & Recovery drills twice a year and was able to meet the data recovery target.

Information & Cybersecurity Performance

Year Target
2019 2020 2021 2022 2022
No. of cybersecurity incidents 0 0 0 0 0
No. of complaints about information insecurity 0 0 0 0 0
Total Number of Information Security Breache 0 0 0 0 0
Total number of clients, customers and employees affected by the breaches 0 0 0 0 0