The company complies with the Cybersecurity Act to ensure the security of its information systems. Cybersecurity serves as a technical safeguard for protecting the company's computers, networks, programs, and data from unauthorized access or external attacks aimed at exploitation. Key areas covered under cybersecurity include application security, data security, system recovery, and network security.
The company’s information system security incorporates an automated monitoring and protection system to detect and prevent external threats using various techniques. In the event of an unusual external threat, the system immediately sends alerts to administrators for investigation and resolution, enabling a rapid response and maintaining control without affecting other systems or critical data. This system effectively ensures 24-hour data protection, safeguarding the company from cybersecurity threats and preventing any impact on its information systems.
Goals and Performance for 2024
- Goal
- Performance
Management Approach
1.Establish access levels and password policies
1.Establish access levels and password policies for employees involved in data access and usage to ensure the security of personal data.
2.Implement security measures appropriate to technological risks
2.Implement security measures appropriate to technological risks, including:
Facility, department, and personnel security through selection processes, task segregation, training, and proper role assignments. Employees are required to maintain confidentiality of information.
Computer and information system security, including system segregation, access control, intrusion detection, tracking, and change management.
Information security through data classification, secure storage methods, and management of physical records.
Communication and network security by controlling network access, implementing data backup and recovery, monitoring data transmission, detecting inconsistencies, and managing remote system access.
3.The company does not access or intercept computer data
3.The company does not access or intercept computer data that is specifically protected nor does it intercept any computer data in transit through the company’s network, except as permitted by law.
The company recognizes the importance of protecting the personal data of stakeholders, including customers and business partners. The company has set an operational goal to maintain 100% data confidentiality, ensuring that customer and partner information is not compromised. The company has established policies and guidelines for safeguarding confidential customer and partner data, covering information obtained through direct interactions with customers and partners, as well as data from other internal sources. The use of confidential information is strictly limited to the purposes defined by the company and must not be exploited for personal gain. The company is committed to responsible data management and ensuring the protection of personal data for all stakeholders.
Related Documents
Privacy notice
