Development of Information and Cybersecurity Management Systems
Recognizing the critical importance of information technology security, cybersecurity and data protection, due to the evolving risks and continuous advancements in technology, SCBX has implemented relevant governance to manage these issues in compliance with relevant laws and regulations, achieved through policies and guidelines to promote organization-wide security risk management and increased efficiency with technology.
ACTION SUMMARY IN 2025
Promoting Compliance with Policies and Standards Across the Group
Including the review and improvement of following key policies,
- Technology Risk Management Policy
- Information and Cybersecurity Policy
- IT Third Party Risk Management Policy
- Digital Forensic and Incident Response Policy
- Cloud Usage Policy
- Vulnerability Exposure Policy
- Data Governance Policy
- AI Policy
Process Management
- Continue to conduct the group baseline cyber maturity assessment and deep-dive assessment with four strategic companies (Siam Commercial Bank, InnovestX, CardX, and AutoX).
- Provide subsidiaries with resources to build capabilities and monitor, detect, respond, and recover from cyber incidents, and enhance cyber resilience and maturity.
Continuous Development of Information and Cybersecurity Management Systems
- Including the establishment of clear channels and procedures for reporting irregular incidents and regulatory communications these to employees and relevant parties
- Continued to implement technologies to promote cyber resilience
- Conduct security vulnerability monitoring and testing procedures to safeguard against cyber-attacks
- Promote awareness of cybersecurity across the group through awareness courses and mandatory training.
- Siam Commercial Bank, has maintained ISO/IEC 27001:2013 certification for its Information Security Management System (ISMS) continuously since 2015. In addition, SCB TechX achieved ISO/IEC 27001:2022 certification for its Information Security Management System in 2024.
Cybersecurity Awareness and Training
SCBX Group places strong emphasis on fostering a cybersecurity-focused organizational culture. In 2025, the Group conducted a mandatory training program, “Cyber Awareness”, which was completed by executives and employees. In addition, SCBX regularly communicates cybersecurity information and shares knowledge through electronic newsletters to enhance awareness of cyber threats. The company also conducts Phishing Drill exercises to assess employees’ awareness levels and strengthen their ability to respond effectively to simulated cyberattack scenarios.


