Cybersecurity and Data Protection

Goal and Performance

The data and information security certification effort highlights Charoen Pokphand Group’s commitment to protecting sensitive information and further establishes its standing as a responsible and reliable entity in the worldwide business environment. C.P. Group strives to instill confidence among clients, partners, and stakeholders by ensuring that all of its operations adhere to stringent international security standards. This builds a solid basis for sustained success in a society that is becoming more and more computerized.

%

of businesses are certified with international standards on data and information security

Supporting the SDGs

Charoen Pokphand Group's Cybersecurity and Data Protection actions support the achievement of two Sustainable Development Goals:

More Details on Sustainable Development Goals Report 2022

Stakeholders Directly Impacted

Charoen Pokphand Group performs stakeholder assessment and prioritization process on an annual basis to evaluate impacts we have on them and how can they influence our strategies and actions over time. In 2022, the evaluation results showed that our action to protect all data, both corporate, suppliers, and customers, directly creates impacts on four stakeholder groups.

More Details on Stakeholder Engagement Report 2022

Our Impacts by the Numbers

% of IT infrastructure

has been certified by international IT standards

case

of complaints related to data security and cyber attack

% of Business Group

received self-assessment based on NIST

Over employees

received training on personal data security

  • Information Management Policy and Guidelines
    Download
  • Personal Data Protection Policy and Guidelines
    Download

Cybersecurity and Data Protection Management Approach

Charoen Pokphand Group's management approach and policy commitment to cybersecurity and data protection are characterized by a proactive and holistic strategy that places the utmost importance on safeguarding sensitive information across all aspects of its operations. The Group has taken a forward-thinking approach that prioritizes ongoing innovation and development in its security procedures since it is aware of the constantly changing landscape of cyber threats and the possible impact on its different operations.

The foundation of C.P. Group's cybersecurity strategy is a strong risk management system that spots possible weaknesses and promptly resolves them. The Group undertakes thorough risk assessments on a proactive basis, taking into account not only technological factors but also human variables and outside dangers. The team can put the right steps in place to successfully mitigate possible cyber events by staying ahead of developing risks.

C.P. Group rigorously complies with all applicable international standards and best practices to keep its policy commitment to data privacy. To guarantee the confidentiality, integrity, and accessibility of its information assets, the Group makes investments in cutting-edge technology and implements strict access restrictions, encryption methods, and data monitoring tools. To promote a culture of security awareness and accountability throughout the organization, the Group also continuously educates its employees and suppliers about cybersecurity best practices.

Additionally, by actively interacting with relevant regulatory organizations and industry associations, C.P. Group shows its dedication to cybersecurity and data protection. The Group takes part in cooperative projects to exchange best practices, provide threat intelligence, and help create cybersecurity standards. This dedication benefits the larger corporate community by improving not only the Group's cybersecurity posture but also security standards across the board.

Cybersecurity and Data Protection Activities and Training

Communicate policies and practices related to information security at the group level.

In 2022, the Group established and reviewed policies and practices related to information security at the Group level. and communicated with representatives responsible for information security from various business groups. There are participants from all BUs or 409 persons. The objective is to determine the direction and the process to harmonize in the same direction. The communication content covers information security and cyber security risk assessment and analysis, information security strategy and measures, information asset management, vulnerabilities assessment, detection of abnormal incidents that violate information, and cyber security.

Internal information security self-assessment

CPPC, a business under Charoen Pokphand Group, encourages 100% of employees to attend training and self-assessment in information security. The objective is to create understanding and awareness of cyber threats in various forms. Measures and observation points to protect yourself from cyber scams. At the same time, it is a guideline for employees to protect the cyber security of the organization. After that, the employee need to pass self-assessment, which enable employees to have self-immunity and be able to share their knowledge to other.

Goal and Performance

The data and information security certification effort highlights Charoen Pokphand Group’s commitment to protecting sensitive information and further establishes its standing as a responsible and reliable entity in the worldwide business environment. C.P. Group strives to instill confidence among clients, partners, and stakeholders by ensuring that all of its operations adhere to stringent international security standards. This builds a solid basis for sustained success in a society that is becoming more and more computerized.

%

of businesses are certified with international standards on data and information security

Supporting the SDGs

Charoen Pokphand Group's Cybersecurity and Data Protection actions support the achievement of two Sustainable Development Goals:

More Details on Sustainable Development Goals Report 2022

Stakeholders Directly Impacted

Charoen Pokphand Group performs stakeholder assessment and prioritization process on an annual basis to evaluate impacts we have on them and how can they influence our strategies and actions over time. In 2022, the evaluation results showed that our action to protect all data, both corporate, suppliers, and customers, directly creates impacts on four stakeholder groups.

More Details on Stakeholder Engagement Report 2022

Our Impacts by the Numbers

% of IT infrastructure

has been certified by international IT standards

case

of complaints related to data security and cyber attack

% of Business Group

received self-assessment based on NIST

Over employees

received training on personal data security

  • Information Management Policy and Guidelines
    Download
  • Personal Data Protection Policy and Guidelines
    Download

Cybersecurity and Data Protection Management Approach

Charoen Pokphand Group's management approach and policy commitment to cybersecurity and data protection are characterized by a proactive and holistic strategy that places the utmost importance on safeguarding sensitive information across all aspects of its operations. The Group has taken a forward-thinking approach that prioritizes ongoing innovation and development in its security procedures since it is aware of the constantly changing landscape of cyber threats and the possible impact on its different operations.

The foundation of C.P. Group's cybersecurity strategy is a strong risk management system that spots possible weaknesses and promptly resolves them. The Group undertakes thorough risk assessments on a proactive basis, taking into account not only technological factors but also human variables and outside dangers. The team can put the right steps in place to successfully mitigate possible cyber events by staying ahead of developing risks.

C.P. Group rigorously complies with all applicable international standards and best practices to keep its policy commitment to data privacy. To guarantee the confidentiality, integrity, and accessibility of its information assets, the Group makes investments in cutting-edge technology and implements strict access restrictions, encryption methods, and data monitoring tools. To promote a culture of security awareness and accountability throughout the organization, the Group also continuously educates its employees and suppliers about cybersecurity best practices.

Additionally, by actively interacting with relevant regulatory organizations and industry associations, C.P. Group shows its dedication to cybersecurity and data protection. The Group takes part in cooperative projects to exchange best practices, provide threat intelligence, and help create cybersecurity standards. This dedication benefits the larger corporate community by improving not only the Group's cybersecurity posture but also security standards across the board.

Cybersecurity and Data Protection Governance

In today's digital world, protecting our organization's data and maintaining our stakeholders' privacy is critical. The Group is resolute in our commitment to cybersecurity and data protection governance, and we have put in place strong safeguards to secure sensitive information while cultivating a culture of responsible data management. With this in mind, the Group has a Cybersecurity Steering Committee which is overseen by C.P. Group’s CEO. The committee also comprises executives from different departments who are equipped with knowledge and skills in relation to information security and cybersecurity. In addition to the Cybersecurity Steering Committee, the Group also has a Chief Information Technology Officer to oversee Group’s cybersecurity implementation and protection of all data.

Cybersecurity and Data Protection Activities and Training

Communicate policies and practices related to information security at the group level.

In 2022, the Group established and reviewed policies and practices related to information security at the Group level. and communicated with representatives responsible for information security from various business groups. There are participants from all BUs or 409 persons. The objective is to determine the direction and the process to harmonize in the same direction. The communication content covers information security and cyber security risk assessment and analysis, information security strategy and measures, information asset management, vulnerabilities assessment, detection of abnormal incidents that violate information, and cyber security.

Internal information security self-assessment

CPPC, a business under Charoen Pokphand Group, encourages 100% of employees to attend training and self-assessment in information security. The objective is to create understanding and awareness of cyber threats in various forms. Measures and observation points to protect yourself from cyber scams. At the same time, it is a guideline for employees to protect the cyber security of the organization. After that, the employee need to pass self-assessment, which enable employees to have self-immunity and be able to share their knowledge to other.