Technology and Cyber Security Committee
Roles and Responsibilities
1. To promote and support the implementation of technology including related investments and cybersecurity
2. To oversight technology strategies and directions to align with the company's strategy
3. To review the use of technology and cybersecurity governance guidelines
4. To review the compliance with the established policies and guidelines.
5. To report the results of assessment of the compliance with the policy to the Board of Directors.
For executive management responsibility, CPF has made CPF IT Center Co., Ltd. a flagship company of CPF group
which is specifically responsible for information technology management for the entire group. Mr. Sunsern Samaisut serves as Management Director of CPF IT Center Co., Ltd., the position of which is similar to Chief Information Security Officer (CISO). The responsibilities of CPF IT Center Co., Ltd. are as follows:
1. Promulgating policies and standards on information security;
2. Selecting and developing work systems based on international standards for security systems;
3. Organizing trainings on information classification principles and practice for employees to apply on their work
since the first working day and for them to revisit via an online system to create awareness on
impact of improper conduct;
4. Assessing the efficiency and the effectiveness of information technology systems in accordance with
international standards, and introducing additional management measures for the existing systems
which maintain vital information, of which the efficiency and the effectiveness are lower than those
required by the international standards;
5. Monitoring network access by non-related parties continuously and collaborating
with external consulting companies in verifying security systems;
6. Communicating to the Company’s employees about appropriate guidelines relating to system usage,
information management, viruses and inappropriate use of email, and developing contingency plans
for any eventualities that can affect information security.