Home > ESG >

Risk Management

Risk Management Policies and Procedures

In order to strengthen corporate governance and establish a sound risk management system, the Board of Directors approved a risk management policy on December 16, 2020, guiding the company’s units to identify effectively, measure, supervise and control various risks when handling their business. The resulting risks are controlled to an acceptable level to achieve the goal of rationalizing risks and rewards and the goal of sustainable operation of the company.

Scope of Risk Management

Risks involved in the Company's businesses include operational risk, market risk, financial risk, climate change and environmental risks, occupational safety risks, information security risk, compliance risk, etc.

Risk Management Organization
Risk Management Operation Situation

The Company started to promote the Risk Management Mechanism in 2020 and reported its operation to the Board once a year from 2020. In 2024, the Company held a risk management meeting to identify the risks faced by the Company, risk assessment and risk response measures and reported to the Sustainable Development Committee and the Board of Directors on December 20 2024, on the implementation of the Company's risk management, including risk identification, assessment of the impact of risks (including (including sustainable issues, TCFD) and the operation of the risk management strategies adopted.

Material Topics Matrix
The implementation of risk management (including sustainability issues and TCFD) in 2024 is as follows:
TCFD and Risk Management.pdf

Information Security Management Strategy and Structure


    (I) Information security risk management framework
    A. Information Security Organization
    Apex Circuit (Thailand) Co., Ltd. (APT), the operating entity of the Group, established the Information Security Management System Committee (ISMS Committee) in Year 2022 with a total of 34 members, and a total of 13 meetings were held in 2023. The ISMS Committee governs the APT Information Security Operation Center (Cyber Security Operation Center; CSOC) is responsible for coordinating the group's information security and protection related policy formulation, implementation, risk management and compliance assessment. The information security supervisor of the center will report the effectiveness of information security management, issues and directions related to information security to the parent company's board of directors and CEO every year. The audit office of the Group conducts audits to ensure internal compliance with the related standards, procedures and regulations of information security.
    In order to implement the information security strategies set by CSOC and ensure internal compliance with relevant information security standards, procedures and regulations, the dedicated information security supervisor and the personnel of the center will work with the business department, human resources department, engineering department and legal department, etc., to review and decide on information security and information protection guidelines and policies every year, and implement the effectiveness of information security management measures.

    B. Group's ISMS Committee Organization Structure

    (II) Information Security Policy
    A. Group’s ISMS strategy and structure Information security and operational data protection are important cornerstones for the sustainable development of enterprises and the maintenance of core competitiveness. In order to enhance the safety and stability of the Group's information and communication operations and ensure the confidentiality, integrity and availability of information assets, smoothly promote the Group's various businesses, the Group is committed to strengthening the information security management mechanism and defense capabilities, establishing a safe and reliable computerized operating environment, and ensuring the security of systems, data, equipment and networks to protect the company's important information assets and information systems are operating normally. In order to effectively implement information security management, the Group's information security organization holds regular meetings every month through the CSOC.  Based on the management cycle mechanism of Plan-Do-Check-Action; PDCA, review the applicability and protection measures of information security policies, and regularly report the implementation results to the ISMS Committee.

    B. Concrete Management Programs

    C. Investments in Resources for Information Security Management
    For improving information security, we invested 8,605,000 baht.