- About SCGC
- Products and Solutions
- Investor Relations
- Sustainability
- Advancing Community
- Media
SCGC is committed to information security and cybersecurity by establishing an e-Policy in accordance with ISO 27001 and process control in accordance with the National Institute of Standards and Technology (NIST), which includes the use of IT infrastructure services provided by 27001 certified companies. In addition, the Company adopts an Industrial Control System Policy in accordance with IEC 62443 to maintain information security and cybersecurity and ensure "no incidents of cyber threats" affecting the Company's business operations.
SCGC has transparent approaches and procedures for managing information security and cybersecurity, overseen by the IT Governance Committee and the Cybersecurity Governance Committee. These approaches and procedures apply to three levels of management:
SCGC designates Vulnerability Assessment (VA) to monitor network architecture and improve system security in accordance with the National Institute of Standards and Technology (NIST) standards by annually assessing computer system vulnerabilities reported by internal and external staff.
In terms of IT internal Audit, the Company has been able to conduct audits in the following areas: Information Technology System Monitoring, Information Technology Activity Management Monitoring, Information Technology System Security Monitoring, and Penetration Testing
Technology Used by the Company to Improve Information Security and Cybersecurity
SCGC strengthens the knowledge, understanding, and awareness of employees at all levels through e-learning training with content covering the e-Policy and a requirement for e-Policy Testing to be undertaken at all levels of employees throughout the organization. Over the last year, all employees acknowledged and passed the Phishing Simulation Test.
Furthermore, we have increased the knowledge, comprehension, and awareness of 7,070 employees and business partners who use the Company's information technology systems about cyberattack patterns and phishing schemes such as email, SMS, giving away personal information, and ransomware. Additionally, the Company underlines the importance of practicing and observing various points for future applications when confronted with real-world scenarios through the use of email scam simulation tests. According to the year test results, 98.49% of employees and business partners passed the test.
Copyright © SCG Chemicals Public Company Limited (2022). All Rights Reserved.