Cybersecurity and Data Protection
Goal and Performance
The data and information security certification effort highlights Charoen Pokphand Group’s commitment to protecting sensitive information and further establishes its standing as a responsible and reliable entity in the worldwide business environment. C.P. Group strives to instill confidence among clients, partners, and stakeholders by ensuring that all of its operations adhere to stringent international security standards. This builds a solid basis for sustained success in a society that is becoming more and more computerized.
of businesses are certified with international standards on data and information security
Supporting the SDGs
Charoen Pokphand Group's Cybersecurity and Data Protection actions support the achievement of two Sustainable Development Goals:
More Details on Sustainable Development Goals Report 2023
Stakeholders Directly Impacted
Charoen Pokphand Group performs stakeholder assessment and prioritization process on an annual basis to evaluate impacts we have on them and how can they influence our strategies and actions over time. In 2022, the evaluation results showed that our action to protect all data, both corporate, suppliers, and customers, directly creates impacts on four stakeholder groups.
More Details on Stakeholder Engagement Report 2023
Cybersecurity and Data Protection Management Approach
Charoen Pokphand Group's management approach and policy commitment to cybersecurity and data protection are characterized by a proactive and holistic strategy that places the utmost importance on safeguarding sensitive information across all aspects of its operations. The Group has taken a forward-thinking approach that prioritizes ongoing innovation and development in its security procedures since it is aware of the constantly changing landscape of cyber threats and the possible impact on its different operations.
The foundation of C.P. Group's cybersecurity strategy is a strong risk management system that spots possible weaknesses and promptly resolves them. The Group undertakes thorough risk assessments on a proactive basis, taking into account not only technological factors but also human variables and outside dangers. The team can put the right steps in place to successfully mitigate possible cyber events by staying ahead of developing risks.
C.P. Group rigorously complies with all applicable international standards and best practices to keep its policy commitment to data privacy. To guarantee the confidentiality, integrity, and accessibility of its information assets, the Group makes investments in cutting-edge technology and implements strict access restrictions, encryption methods, and data monitoring tools. To promote a culture of security awareness and accountability throughout the organization, the Group also continuously educates its employees and suppliers about cybersecurity best practices.
Additionally, by actively interacting with relevant regulatory organizations and industry associations, C.P. Group shows its dedication to cybersecurity and data protection. The Group takes part in cooperative projects to exchange best practices, provide threat intelligence, and help create cybersecurity standards. This dedication benefits the larger corporate community by improving not only the Group's cybersecurity posture but also security standards across the board.
Cybersecurity and Data Protection Activities and Training
Communicate policies and practices related to information security at the group level.
In 2022, the Group established and reviewed policies and practices related to information security at the Group level. and communicated with representatives responsible for information security from various business groups. There are participants from all BUs or 409 persons. The objective is to determine the direction and the process to harmonize in the same direction. The communication content covers information security and cyber security risk assessment and analysis, information security strategy and measures, information asset management, vulnerabilities assessment, detection of abnormal incidents that violate information, and cyber security.
Internal information security self-assessment
CPPC, a business under Charoen Pokphand Group, encourages 100% of employees to attend training and self-assessment in information security. The objective is to create understanding and awareness of cyber threats in various forms. Measures and observation points to protect yourself from cyber scams. At the same time, it is a guideline for employees to protect the cyber security of the organization. After that, the employee need to pass self-assessment, which enable employees to have self-immunity and be able to share their knowledge to other.
Goal and Performance
The data and information security certification effort highlights Charoen Pokphand Group’s commitment to protecting sensitive information and further establishes its standing as a responsible and reliable entity in the worldwide business environment. C.P. Group strives to instill confidence among clients, partners, and stakeholders by ensuring that all of its operations adhere to stringent international security standards. This builds a solid basis for sustained success in a society that is becoming more and more computerized.
All business groups certified with international standards on data and information security
Supporting the SDGs
Charoen Pokphand Group's Cybersecurity and Data Protection actions support the achievement of two Sustainable Development Goals:
More Details on Sustainable Development Goals Report 2023
Stakeholders Directly Impacted
Charoen Pokphand Group performs stakeholder assessment and prioritization process on an annual basis to evaluate impacts we have on them and how can they influence our strategies and actions over time. In 2023, the evaluation results showed that our action to protect all data, both corporate, suppliers, and customers, directly creates impacts on four stakeholder groups.
More Details on Stakeholder Engagement Report 2023
Cybersecurity and Data Protection Management Approach
Charoen Pokphand Group's management approach and policy commitment to cybersecurity and data protection are characterized by a proactive and holistic strategy that places the utmost importance on safeguarding sensitive information across all aspects of its operations. The Group has taken a forward-thinking approach that prioritizes ongoing innovation and development in its security procedures since it is aware of the constantly changing landscape of cyber threats and the possible impact on its different operations.
The foundation of C.P. Group's cybersecurity strategy is a strong risk management system that spots possible weaknesses and promptly resolves them. The Group undertakes thorough risk assessments on a proactive basis, taking into account not only technological factors but also human variables and outside dangers. The team can put the right steps in place to successfully mitigate possible cyber events by staying ahead of developing risks.
C.P. Group rigorously complies with all applicable international standards and best practices to keep its policy commitment to data privacy. To guarantee the confidentiality, integrity, and accessibility of its information assets, the Group makes investments in cutting-edge technology and implements strict access restrictions, encryption methods, and data monitoring tools. To promote a culture of security awareness and accountability throughout the organization, the Group also continuously educates its employees and suppliers about cybersecurity best practices.
Additionally, by actively interacting with relevant regulatory organizations and industry associations, C.P. Group shows its dedication to cybersecurity and data protection. The Group takes part in cooperative projects to exchange best practices, provide threat intelligence, and help create cybersecurity standards. This dedication benefits the larger corporate community by improving not only the Group's cybersecurity posture but also security standards across the board.
Cybersecurity and Data Protection Governance
In today's digital world, protecting our organization's data and maintaining our stakeholders' privacy is critical. The Group is resolute in our commitment to cybersecurity and data protection governance, and we have put in place strong safeguards to secure sensitive information while cultivating a culture of responsible data management. With this in mind, the Group has a Cybersecurity Steering Committee which is overseen by C.P. Group’s CEO, Mr. Suphachai Chearavanont. Mr. Suphachai has a deep understanding of digital technologies, which promotes a digital transformation at C.P. Group. The committee also comprises executives from different departments who are equipped with knowledge and skills in relation to information security and cybersecurity. In the past years, the Committee has been integrating advanced cybersecurity protocols and data privacy measures, ensuring that C.P. Group's operations are secure, and its customer data is protected. In addition to the Cybersecurity Steering Committee, the Group also has a Chief Digital Officer to oversee Group’s cybersecurity implementation and protection of all data.
A Cybersecurity Governance Structure has been established, overseen by the Cybersecurity Steering Committee, which is responsible for driving and implementing cybersecurity initiatives. This committee is tasked with overseeing cybersecurity incident management, establishing guidelines for incident response, ensuring the adequacy of preparedness against cyber threats, and maintaining business continuity plans. The committee reports its activities and outcomes to the Chief Digital Officer, who then presents the report to the Executive Committee for further decision-making.
Cybersecurity and Data Protection Activities and Training
Communicate policies and practices related to information security at the group level.
In 2022, the Group established and reviewed policies and practices related to information security at the Group level. and communicated with representatives responsible for information security from various business groups. There are participants from all BUs or 409 persons. The objective is to determine the direction and the process to harmonize in the same direction. The communication content covers information security and cyber security risk assessment and analysis, information security strategy and measures, information asset management, vulnerabilities assessment, detection of abnormal incidents that violate information, and cyber security.
Internal information security self-assessment
CPPC, a business under Charoen Pokphand Group, encourages 100% of employees to attend training and self-assessment in information security. The objective is to create understanding and awareness of cyber threats in various forms. Measures and observation points to protect yourself from cyber scams. At the same time, it is a guideline for employees to protect the cyber security of the organization. After that, the employee need to pass self-assessment, which enable employees to have self-immunity and be able to share their knowledge to other.
CPG Cybersecurity Day 2023
An event that unites all business units to update on cybersecurity, focusing on the implementation of technological tools and designed processes to prevent and respond to attacks on network devices, information infrastructure, systems, or programs that may be compromised by unauthorized access. The event also includes sharing insights on the integration of AI and technology to support business operations, educating employees within the organization, and developing IT-skilled personnel.
100% Training and Testing on the Personal Data Protection Act (PDPA) Curriculum
In 2023, 100% of employees completed basic training on personal data protection (PDPA). The training covered key aspects of personal data protection, including types of personal data, principles for practical data protection with examples for better understanding, and procedures for managing data breaches or violations.
