INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY FRAMEWORK AND POLICY
In response to information security risks, EGAT has established a comprehensive information security management system. In addition to implementing the ISO 27001 Information Security Management System (ISMS) and obtaining certification in 2024, EGAT set up the Information Security Management Division, responsible for the planning and promotion of information security and personal data protection affairs. EGAT also established the Information Security Promotion Committee, chaired by the President, to ensure top-down collaboration and clear delegation of authority and responsibility. This structure reinforces information security awareness among all employees and ensures the realization of information security objectives. At the policy level, EGAT adheres to the principles of ISO 27001, formalizing the information security management system through documentation and establishing the Information Security Policy and Information Security Management Manual as the Company’s core references for information security management practices.
EGAT’s ISO/IEC 27001 and CNS 27001 certification
INFORMATION SECURITY TRAINING
In 2024, EGAT conducted the following information security training programs, offering tailored courses for different employee groups to enhance overall information security awareness and capabilities.
PERSONAL DATA PROTECTION
To protect customer rights and ensure compliance with data protection laws and regulations, EGAT has established a “Personal Data File Security Maintenance Plan” outlining operational procedures for personal data protection. In 2024, EGAT received no complaints related to information security or privacy, nor were there any incidents of data breaches.