Governance
& Economy

INFORMATION SECURITY AND CYBERSECURITY

SCGC is committed to information security and cybersecurity by establishing an e-Policy in accordance with ISO 27001 and process control in accordance with the National Institute of Standards and Technology (NIST), which includes the use of IT infrastructure services provided by 27001 certified companies. In addition, the Company adopts an Industrial Control System Policy in accordance with IEC 62443 to maintain information security and cybersecurity and ensure "no incidents of cyber threats" affecting the Company's business operations.

SCGC has transparent approaches and procedures for managing information security and cybersecurity, overseen by the IT Governance Committee and the Cybersecurity Governance Committee. These approaches and procedures apply to three levels of management:

SCGC designates Vulnerability Assessment (VA) to monitor network architecture and improve system security in accordance with the National Institute of Standards and Technology (NIST) standards by annually assessing computer system vulnerabilities reported by internal and external staff.

In terms of IT internal Audit, the Company has been able to conduct audits in the following areas: Information Technology System Monitoring, Information Technology Activity Management Monitoring, Information Technology System Security Monitoring, and Penetration Testing

Technology Used by the Company to Improve Information Security and Cybersecurity

Implementation of Multi-factor Authentication (MFA) to verify identity to ensure high security
Endpoint Detection and Response
Development of IoT Security Architecture
ICS Cybersecurity Incident Response Plan
Establishment of Cloud Security Operation Center
Data Classification and Trade Secret
Improvement of Industrial Control Systems, including Network Security, Physical Security, Remote Access Management, Back up Management, Active Directory, Patch & Anti-virus Management, and educational training for employees on the ICS Policy

Technology Used by the Company to Improve
Information Security and Cybersecurity

Implementation of Multi-factor Authentication (MFA) to verify identity to ensure high security

Endpoint Detection and Response

Development of IoT Security Architecture

ICS Cybersecurity Incident Response Plan

Information Security and Cybersecurity

Training and Testing for Employees

All employees are required to attend six hours of training per year.
All employees must acknowledge and pass the e-Policy

SCGC strengthens the knowledge, understanding, and awareness of employees at all levels through e-learning training with content covering the e-Policy and a requirement for e-Policy Testing to be undertaken at all levels of employees throughout the organization. Over the last year, all employees acknowledged and passed the Phishing Simulation Test.

Furthermore, we have increased the knowledge, comprehension, and awareness of 7,070 employees and business partners who use the Company's information technology systems about cyberattack patterns and phishing schemes such as email, SMS, giving away personal information, and ransomware. Additionally, the Company underlines the importance of practicing and observing various points for future applications when confronted with real-world scenarios through the use of email scam simulation tests. According to the year test results, 98.49% of employees and business partners passed the test.

Governance & Economy