GC has implemented an information security management system and asset security practices in accordance with cyber-related international standard ISO/IEC 27001:2013. In 2022, the scope of application for ISO/IEC 27001 certification has been extended, as ISO/IEC 27701:2019 which this extension covers personal data security of candidate in recruitment process. This will ensure the security and personal data privacy of the candidates.
Our assurance process is conducted annually by a third party (Bureau Veritas) which covers the information infrastructure and security management system, and to ensure that systematic errors were not detected and the operation system complies with international standards.
Moreover, GC has managed and organized cyber threats with NIST framework to enhance cybersecurity for entire organization. The NIST could be divided in the following five aspects.
NIST Framework and Outstanding Information and Cybersecurity Projects in 2022
GC conducted the Cybersecurity Gap Analysis according to NIST Standards in 2022. The assessment findings comprise three main points:
GC has developed the Data Protection Solution to increase security, reduce risks of information theft, and support the enforcement of the Personal Data Protection Act 2019 (PDPA) through the following processes:
|3.||Detect||GC has executed the Compromise Assessment & Detection project to detect traces of information theft that had occurred to the company’s IT system|
|4.||Respond||GC has performed the Corporate Crisis Management Exercise on both the Information Technology (IT) and Operational Technology (OT) systems by simulating a ransomware attack scenario|
|5.||Recover||GC has conducted Backup & Recovery drills twice a year and was able to meet the data recovery target.|