The organization’s information is a business asset that must be protected in an efficient manner. The prevention and determination of the security level for internal information use is therefore of great importance. The purpose of all necessary processes or actions is to prevent the organization from risks or damage that affect all forms of IT security. This includes the prevention of various cybercrimes, attacks, sabotage, espionage and mistakes, by considering the foundational components of IT security, or the three aspects of CIA, which are Confidentiality, Integrity and Availability.

 

Management Approach

EGCO Group focuses and gives importance to the organization’s information security and the privacy of its employees, customers, and all stakeholders. It has established stringent guidelines to protect the use of internal information. The organization has appointed the IT Development Governance Committee and Working Group, whose duty and responsibility cover privacy protection and the absolute prevention of any misuse of personal or internal information, according to the Code of Conduct and Good Corporate Governance Principles. Furthermore, the organization established a strict internal information control system to prevent information leaks and any external disclosure prior to its official release. It is the duty and responsibility of respective leadership to control and protect internal information according to set principles. In the event where an employee uses internal information that has not been officially disclosed to the public for their own personal use, or that of others, such as securities trading, this will be considered a violation of the company’s Code of Conduct. The individual will be penalized according to set rules.