Page 218 - BAM ONE REPORT 2565 (ENGLISH VERSION)
P. 218
212
1.3 Determination of the scope of authority, duties in order to comply with the standards and
and responsibilities of the Board of Directors, criteria under the Notification of the Bank of
the Audit Committee, and Chief Executive Thailand No. SorNorSor. 21/2562 Re: Regulations
Officer, and determination of the approval for Supervising Information Technology Risk
Bangkok Commercial Asset Management Public Co., Ltd.
authority for the Company’s operations and and for relevant departments to perform in
transactions. the standardized manner.
1.4 Giving importance to the integration of governance, 1.9 Giving importance to data governance by
risk management a compliance (GRC) appointing the Data Governance Working
operation of wor un by formulatin the GRC Committee to supervise and oversee the
p mov th organization towards Company’s data management to be carried
sustainable growth. on appropriately and efficiently and formulation
1.5 Preparation of handbooks for good corporate of data governance policy and data governance
governance and corporate social responsibility, guidelines.
business ethics, and corporate governance 1.10 Work operati i compli wit the
practices, such as provision of complaint Personal Data Protection Act B.E. 2562 as well
channels, reporting of conflict of interest, and a relevan notification an regulation by
the Company being approved to participate appointing dat protecti offi (D and
in Thailand’s Private Sector Collective Action rationalizi the structure a scope o duties
Coalition Against Corruption (“CAC”), which and responsibilities of divisions in the
enables the Company to attain the corporate departments under Corporate Governance
governance standards and achieve efficient and Risk Management Group with addition of
management and also helps to boost employees’ Data Protection Support Division to be directly
morale and good spirit in performing the in charge of personal data protection, as well
assigned duties to their full capacity. as appointment of executives at vice president
1.6 Formulation of outsourcing guidelines and IT and manager level to be representatives for
outsourcing guidelines for all departments to respective work units in coordinating personal
follow. data protection function as data protection
1.7 Formulation of the IT r managemen policy champion (DPC) to perform on behalf of the
a the risk management guideline in Company as personal data controller.
order raise the Company’ IT r management 1.11 Giving importance to business operation
standards and formulation of the measures which takes into account environmental,
and guidelines on information and cyber social and governance (ESG) principles by
security and of the guidelines on determination integrating sustainability risk management
of IT system access control to be in accordance according to the sustainability assessment
with the Cyber Security Act B.E. 2562. guidelines of the Stock Exchange of Thailand
1.8 Formulation of IT project management as well as conduct of risk assessment based
guidelines and IT change management on the ESG reporting standards or guidelines.
guidelines including system development life
cycl (SDLC), which is in lin with such guidelines,
