• To build a workforce that is sufficient in number and range of capabilities through recruitment, selection, and leadership development, using human resource management systemand tools suitable for the company’s current operations and adaptable to the direction of the company will take in conducting business in the future. 6. Policy and Regulatory Risk IRPC is fully committed to honesty, transparency, and fairness in conducting its business in accordance with good corporate governance principles. The company takes it upon itself to prevent risks associated with regulatory non-compliance pertaining to Personal Data Protection Act (PDPA), Oil Fuel Fund Act, oil reserves requirements, tax laws, labor laws, etc. Non-compliance may affect the company’s business operations in terms of liability to punitive fines, litigation, or even revocation of licenses. The company has therefore established risk management guidelines as follows: • To establish a digital system in conjunction with the creation of a database of laws, regulations and acts relating to the business operations of the company and affiliates. Such a system not only facilitates analyses of critical regulatory changes and make them accessible to users who need them for implementation. • To renew its partnership in Thailand’s Private Sector Collective Action Coalition Against Corruption (CAC), and to conduct corruption risk assessment and establish guidelines for reducing such risk accordingly. • To communicate and raise awareness of the importance of regulatory compliance through the company’s website to ensure all personnel pay close attention to their duties according to the law, and to remind them that a failure of compliance may subject the company to penalties. • To conduct data breach response drills involving relevant departments or work units to ensure preparedness to respond effectively to data breach incidents in a timely manner. Emerging Risk IRPC has analyzed ever-changing external factors and risk trends that may pose threats to the company in the next 5-10 years. These may take the form of political, economic, social, environmental, legal, technological risks, etc. The company is preparing itself to take on such challenges while exploring opportunities to adapt the way it does business to correspond with changing business environment of the future. 1. Digital Technology Risk IRPC underscores the importance of digital technology, which is advancing at unprecedented speed, with a view to improving its competitiveness and production efficiency. The digitalization of all aspects of business operations means greater dependence on information technology. At the same time, the threat of cyberattacks has grown exponentially. As this can put the security of the company’s data and computer system at risk, potentially leading to data loss, business disruption and damage to the company’s reputation. The company possesses a vast array of vital systems and data, including production data, marketing data, financial data and customer data, which are indispensable for its operations. Any data theft or loss may result in severe business disruption that will negatively affect the corporate image, reputation and credibility of the company as well. Cyberattacks are constantly evolving and will pose ever greater threat in the future. The most common form of cyberattack is Phishing Mail and Malware targeting a company’s IT system. IRPC has put in place proactive measures to prevent and reduce the likelihood of cyberattacks by bad actors. The company’s cyber security system has been subjected to rigorous testing. Measures were also taken to mitigate the impact of a cyberattack, such as to make sure that a digital system that has been damaged in a cyberattack event can be restored quickly. The digital security risk management guidelines are as follows: 102 Risk Management IRPC Public Company Limited
RkJQdWJsaXNoZXIy ODg4NTI=