Cybersecurity and Data Protection

The Group aims to establish a robust security standard that encompasses prevention, detection, response, and recovery from all forms of cyber threats.

The Group continuously improves the cybersecurity and data protection, both in the infrastructure, network systems, personnel, and data security policies. Implementation is aligned with international standards and legal requirements. The Group places emphasis on building stakeholder trust while fostering a culture of cybersecurity awareness organization-wide.

Year	Goals
2024	100%
2023	100%
2022	100%

Charoen Pokphand Group's Cybersecurity and Data Protection actions support the achievement of two Sustainable Development Goals:

Stakeholders Directly Impacted

Charoen Pokphand Group performs stakeholder assessment and prioritization process on an annual basis to evaluate impacts we have on them and how can they influence our strategies and actions over time. In 2024, the evaluation results showed that our action to protect all data, both corporate, suppliers, and customers, directly creates impacts on four stakeholder groups.

Business Partners

Employees and Families

Shareholders and Investors

Customers and Consumers

More Details on Stakeholder Engagement Supplement 2024

IT infrastructure certified with international IT standards

case

of complaints related to data security and cyber attack

Number of Cybersecurity Incidents that were Reported within the Standard Response Time

persons

Number of employees received training in the topic of personal data safety

Information Security Policy and Guidelines

Information Management Policy and Guidelines

Personal Data Protection Policy and Guidelines

Cybersecurity and Data Protection Management Approach

Charoen Pokphand Group's management approach and policy commitment to cybersecurity and data protection are characterized by a proactive and holistic strategy that places the utmost importance on safeguarding sensitive information across all aspects of its operations.

The Group has taken a forward-thinking approach that prioritizes ongoing innovation and development in its security procedures since it is aware of the constantly changing landscape of cyber threats and the possible impact on its different operations.

The foundation of Charoen Pokphand Group's cybersecurity strategy is a strong risk management system that spots possible weaknesses and promptly resolves them. The Group undertakes thorough risk assessments on a proactive basis, taking into account not only technological factors but also human variables and outside dangers. The team can put the right steps in place to successfully mitigate possible cyber events by staying ahead of developing risks.

Charoen Pokphand Group rigorously complies with all applicable international standards and best practices to keep its policy commitment to data privacy. To guarantee the confidentiality, integrity, and accessibility of its information assets, the Group makes investments in cutting-edge technology and implements strict access restrictions, encryption methods, and data monitoring tools. To promote a culture of security awareness and accountability throughout the organization, the Group also continuously educates its employees and suppliers about cybersecurity best practices.

Additionally, by actively interacting with relevant regulatory organizations and industry associations, Charoen Pokphand Group shows its dedication to cybersecurity and data protection. The Group takes part in cooperative projects to exchange best practices, provide threat intelligence, and help create cybersecurity standards. This dedication benefits the larger corporate community by improving not only the Group's cybersecurity posture but also security standards across the board.

Click to Enlarge

Cybersecurity and Data Protection Governance

In today’s digital world, protecting organizational data and safeguarding stakeholder privacy is of utmost importance. Charoen Pokphand Group is committed to strong cybersecurity governance and data protection by implementing robust security measures to safeguard sensitive information while cultivating a culture of responsible data management.

To support this commitment, Charoen Pokphand Group has established the Cyber and Information Security Committee, chaired by Mr. Suphachai Chearavanont, Chief Executive Officer of Charoen Pokphand Group. He possesses strong knowledge, expertise, and experience in cyber and information security, such as serving as Chairman of the Risk Management, Cybersecurity, and Financial Committees at True Corporation Public Company Limited. Mr. Suphachai has a deep understanding of digital technology and plays a key role in driving the Group’s transition into the digital era.

Over the past several years, the Cybersecurity and Information Security Committee has integrated advanced cybersecurity principles with data privacy protection measures to ensure secure operations and stringent protection of customer data. The Committee is composed of executives from various departments with specialized knowledge and skills in information security and cybersecurity. In addition to this Committee, C.P. Group also has a Group Chief Information Security Officer (CISO-equivalent) who is responsible for overseeing the Group’s overall cybersecurity and data protection operations.

Cybersecurity and Information Security Committee Structure

Click to Enlarge

Role and Responsibilities

Screen and review strategies
Screen and review policies and practices
Screen and review key performance indicators
Approve cybersecurity action plans and projects
Oversee cybersecurity incident management
Oversee the adequacy of cybersecurity preparedness
Provide direction for cybersecurity enhancement
Review operational effectiveness
Encourage communication and information exchange to enhance cybersecurity awareness
Report performance to relevant committees