For management who is specifically responsible for overseeing Cybersecurity in the Company is Mr. Kongkiat Amnuayviriya, Director of Information Security Risk of CPF, equivalent to Chief Information Security Officer (CISO)

The responsibilities include establishing and maintaining the cybersecurity risk management framework and program to ensure effectiveness of information assets and technologies are adequately protected. 

The responsibilities of CPF CISO are as follows:

1. Governing the organization to ensure that all information security activities are provided with ongoing oversight, management, compliance, performance measurement, course correction and risk mitigation commensurate with the organization’s risk tolerance.

2. Promulgating and implementing policies and standards on cybersecurity risk;

3. Selecting and developing methodologies based on international standards of information security management systems;

4. Organizing trainings and provide consultation on cybersecurity risk including information classification principles and practice for employees to create awareness on impact of improper conduct; 

5. Assessing the efficiency and the effectiveness of information technology systems in accordance with international standards, and introducing additional management measures for the existing systems which maintain vital information, of which the efficiency and the effectiveness are lower than those required by the international standards;

6. Monitoring and reporting on significant cyber and information security incident and minimize the incident impact and ensure that the organization sustainably returns to normal operations as soon as possible when the incident occurs;

7. Consulting to the Company’s employees about appropriate guidelines relating to system usage, information management, viruses and appropriate use of email, and developing contingency plans for any eventualities that can affect information security.