Logo
Logo
Logo
backIcon

TH

TH

Logo

Information Technology Management

Information Technology Management Pic
 

Security Management for IT Data and System

iso 27001

ISO/IEC 27001:2013

(ISMS: Information Security Management System)

is an international standard pertaining to the information security management for which the Company has been certified continuously since 2015. The certification covers our operations at the main data center, back up data center, design and system development for both web and mobile application as well as policy administrative system for life and group insurance.

iso 27701

ISO/IEC 27701:2019

(PIMS: Privacy Information Management System)

is an international standard pertaining to management of important personal data and Bangkok Life Assurance was first certified in 2022. This ensured the security and efficiency of our internal personal data usage and management which extends to a design and system development for our website, mobile application, electronic sales proposal and our human resources data management.

Raising the Standard of Information Technology and Cyber Security Operations

In 2022, Bangkok Life Assurance allocated 23% of our total budget for IT operations to IT and cyber security projects to build an IT security system for our IT infrastructure and all service systems on our internal network as well as all internet systems which expand over all IT systems to gain confidence of our customers, partners, shareholders and the public. All IT security operations are performed under our IT Risk and Security Management Policy and Framework in line with the ISO/IEC 27001:2013 (ISMS), ISO/IEC 27701:2019 (PIMS) as well as the laws, notifications and requirements pertaining to security issued by regulatory agencies.

Our Joint Efforts in Cyber Security Building with the Regulators for the Insurance Industry

We recognize the importance of cooperating with the regulators to increase our capacity in invigilating and preparing for cyber threat. Bangkok Life Assurance is now a member of Thai insurance Computer Emergency Response Team (TI-CERT) and the Thai Capital Market Computer Emergency Response Team (TCM-CERT). The Computer Emergency Response Teams work with many other agencies such as Thai Computer Emergency Response Team to exchange information on information technology security and on cyber threat gained from both domestic and international sources.

Promoting Information Technology Security Knowledge and Evaluating the Results

Our executives and employees are required to receive an online training in information technology security and cyber security after which there will be an assessment in which there are 95.89% of total employees who have received training, and we have additional knowledge-sharing sessions by external experts and speakers regarding threats and how to respond to them. These activities are organized to build effective, interactive and continuous learning process, as well as to raise awareness on phishing mail, another type of cyber threat which is popular among ill-wishers and has caused many to be victims. We have simulated cyber-attacks by sending phishing emails to executives and employees on an annual basis to create awareness for our employees and to improve communication to efficiently and effectively build stronger awareness for our employees.

 

We have also organized an annual internal cyber drill at least once a year with simulated incidents changing every year to create understanding about different types of cyberattacks and how to respond to each of them. Additionally, we also participate in cyber drills together with other life insurers that are also listed under the Thai insurance Computer Emergency Response Team (TI-CERT) and the Thai Capital Market Computer Emergency Response Team (TCM-CERT).