Information Security and Cyber Security Governance Framework

To ensure smooth management of information security, the senior executive vice president, acting as the chief of information-communication, convenes an "Information Security Executive Task Force", to which the Department of Auditing of the Board of Directors, the Department of Risk Management, Department of Compliance, Department of Information Management, Department of Cyber Security, and 13 other units have joined as members. The Department of Cyber Security policy assumes the role of secretariat to organize, coordinate, and study policies, and actions and allocation of resources for information security. The task force adopts "Security Standards for Financial Information Systems" and reports "Computer work safety countermeasures" regularly to ensure sufficient security.

Information Security and Cyber Security Management

To ensure the confidentiality, integrity, and availability of information assets are protected, we adopt a Cyber Security Policy and Enforcement Rules of The BOT Information Security Management, and closely monitor and follow updates to applicable external laws, authorities' directives, and our implementation. We assess and make improvements to ensure the regulations fully accommodate information asset, and internet and system security management. Since 2008, BOT has obtained ISO 27001 Information Security Management System certification and continues to maintain the effectiveness of international verification of information security management.

In addition, we have established a procedure in accordance with the "Information Assets and Risk Assessment Management Regulations" to identify information asset risks, internal information security risks, and the level of preparedness of our system.Please refer “Annual Reports- Cyber Security Management”.