People Enable Risk IRPC has implemented a strategic human resource management alongside technology-driven organizational capability development to build the preparedness of the workforce to support the company’s vision and spur growth while producing talented personnel with professional integrity that reflect the company’s core values through the following management approach: • To design and develop an improved corporate culture and cultivate positive behaviors that correspond with the new vision in line with today’s Mega Trends through the G3 concept (Good, Great, Growth to Success). • To improve work processes for enhanced efficiency, introduce digital systems to improve efficiency, speed, and overall business competitiveness. • To develop knowledge management system and add appropriate skills and expertise required to keep pace with the rapidly changing work processes, including new skill sets and knowledge necessary to drive businesses according to corporate strategy. • To build a workforce that is sufficient in number and range of capabilities through recruitment, selection, and leadership development, using human resource management system and tools suitable for the company’s operations. Policy and Regulatory Risk IRPC is fully committed to honesty, transparency, and fairness in conducting its business in accordance with good corporate governance principles. Prevention of risks associated with regulatory non-compliance pertaining to Personal Data Protection Act (PDPA), Oil Fuel Fund Act, oil reserves requirements, tax laws, labor laws, etc., is of utmost importance. Non-compliance may affect the company’s business operations in terms of liability to punitive fines, litigation, or even revocation of licenses. The company has therefore established risk management guidelines as follows: • To establish a digital system in conjunction with the creation of a database of laws, regulations and acts relating to the business operations of the company and affiliates. Such a system not only facilitates analyses of critical regulatory changes and makes them accessible to users who need them for planning and implementation. • To renew its partnership in Thailand’s Private Sector Collective Action Coalition Against Corruption (CAC), and to conduct corruption risk assessment and establish guidelines for reducing such risk accordingly. • To communicate and raise awareness of the importance of regulatory compliance through the company’s website to ensure all personnel pay close attention to their duties according to the law or face punitive actions for negligence. • To conduct data breach response drills involving relevant departments or work units to ensure preparedness to respond effectively to data breach incidents in a timely manner. Digital Security Risk Cyberattacks have become a global problem that is expected to grow in magnitude and frequency. Such malicious attempts include ransomware attacks and theft of data for sale. Cyberattacks have the potential to cause serious business disruption, data breach or other damaging consequences. Most cyberattacks take the form of phishing mail and delivery of malware to the targeted computer network. IRPC has adopted proactive measures to prevent and reduce the likelihood of cyberattacks. The company’s cyber security system has been subjected to rigorous testing using cyberattack modeling analysis techniques to ensure system readiness and the capability to mitigate the impact on its digital systems and to quickly recover from a damaging cyberattack. The digital security risk management guidelines are as follows: • To achieve certification to ISO 27001: Information Security Management System, which refers to IT security management system standard that meets relevant specifications, laws, regulations. 97 Risk Management IRPC PUBLIC COMPANY LIMITED
RkJQdWJsaXNoZXIy ODg4NTI=