Information and Cybersecurity
Our Commitment
Jaymart Group Holdings Public Company Limited places great importance on maintaining the security of information and information technology systems, which are critical factors in business operations, customer service delivery, and building confidence among all stakeholder groups.
The Company is committed to continuously developing and elevating information security and cybersecurity measures — encompassing policy establishment, practices, risk management, cyber threat monitoring, and promoting security knowledge and awareness among employees at all levels — to prevent unauthorized access, use, disclosure, modification, or destruction of data.
Furthermore, the Company places importance on compliance with laws, international standards, and relevant practices, to ensure that the organization's information systems are secure, stable, and capable of supporting continuous business operations.
Supporting The SDGs Goal
Advancing global sustainability through alignment with the UN SDGs.
Stakeholders Directly Impacted
Goals
- Conduct a performance evaluation of the Information Security Management System (ISMS) at least once a year
- Conduct system testing for emergency / contingency preparedness at least once a year
- Zero significant cybersecurity incidents
Performance Highlights
In 2025, the performance of the Information Security Management System (ISMS) was evaluated:
In 2025, system testing for emergency / contingency preparedness was conducted:
In 2025, the number of significant cybersecurity incidents:
Management Approach
Information Security Management Structure and Roles
Jaymart Group has appointed an Information Security Management Steering Committee (ISMS Steering Committee) to govern, oversee, and set the direction for the Group's information security management, ensuring it is carried out systematically and consistently across all business units. The Committee is responsible for establishing information security policies, plans, and operational frameworks, as well as monitoring and evaluating performance to ensure alignment with relevant standards, laws, and regulations. It also provides the necessary resources — including personnel, technology, and budget — to ensure that the Group's Information Security Management System (ISMS) operates effectively and can adequately address information security risks.
Roles and Responsibilities
-
1Chief Executive OfficerResponsible for setting the direction, approving, and overseeing the organization's information security and cybersecurity policies to ensure alignment with the business context, the current situation, and relevant laws. This includes ensuring that security operations cover the organization's critical information and assets, in order to build confidence among all stakeholder groups.
-
2Executive Committee and Assistant Executive CommitteeSets the direction for and supports the development of information security and cybersecurity policies, measures, and guidelines in alignment with the organization's objectives and international standards, including risk management and coordination in the event of significant incidents. The Committee also approves and supports security initiatives, fosters a culture of security awareness across the organization, and reviews and summarizes information security performance for presentation to the Chief Executive Officer (CEO) to consider, approve, and improve the related policies and measures.
-
3Chief Information Officer : CIOManages the organization's information assets and analyzes and manages the associated risks to maintain their confidentiality, integrity, and availability under controlled conditions. This includes defining the roles and responsibilities of information security personnel, responding to information security incidents that affect the organization, reviewing and approving information technology (IT) projects, and monitoring and controlling operations to ensure compliance with relevant requirements.
-
4System AdministratorsDefines and enforces access rights to information and information assets based on roles and necessity (need-to-know). Communicates relevant changes to stakeholders, and develops and implements operating procedures to ensure that the confidentiality, integrity, and availability of information are maintained. This also includes overseeing the control of access to and use of the assets under its responsibility.
-
5System DevelopersDevelops and maintains information systems in accordance with the organization's security policies and standards throughout the system development life cycle, based on Secure Development Life Cycle principles, in order to control risks arising from vulnerabilities, perform system security testing, and maintain the quality and security of the systems in line with relevant requirements and standards.
-
6Information Technology DepartmentResponsible for developing and updating information security and cybersecurity policies, procedures, and measures in alignment with the organization's operations, international standards, and legal requirements. This includes disseminating, communicating, monitoring, and evaluating compliance with the policies in order to raise awareness and support effective adherence.

Information Security and Cybersecurity Policy
Jaymart Group Holdings Public Company Limited aims to establish a comprehensive and clear framework and set of measures to protect the organization's information and information technology systems from potential cyber threats — whether external threats, such as attacks by hackers, or internal threats, such as unauthorized access by personnel within the organization.
This policy is an important part of the organization's cybersecurity strategy, which is essential for protecting the company's critical information and maintaining its credibility in conducting business. It focuses on establishing measures for the prevention, detection, and response to incidents related to the security of computer systems, emphasizing systematic and well-structured management, so that the organization's computer systems and information can operate efficiently and without disruption, and remain protected from attacks or breaches of data privacy.

Information Security and Cybersecurity Guidelines
- Reduce and prevent information security breaches that could affect the image and confidence of service users, while maintaining professionalism in delivering services through secure information technology systems (Information Security).
- Continuously develop the information and information systems security management system in order to obtain and maintain certification under international information security standards.
- Establish a risk assessment process for information systems and plan improvements to information security management based on the assessed risks, in accordance with standard guidelines.
- Develop the organization's personnel in the field of information security management.
- Set requirements for establishing targets and reporting performance against key performance indicators (KPIs); the effectiveness of the information security management system must be measured and evaluated at least once a year.

Information Security Measures
Jaymart Group places great importance on protecting the Group's information and information systems by continuously developing and improving its Information Security Management System (ISMS) under the international standard ISO/IEC 27001:2022. This enables the Group to systematically manage information security risks and to preserve the confidentiality, integrity, and availability of information, coupled with continuous review and improvement, in order to protect the information of customers, business partners, employees, and all stakeholder groups, as well as to build confidence in the Group's business operations.

Building a Cybersecurity Culture
- The Company is committed to fostering a cybersecurity culture throughout the organization, regarding information security as a shared responsibility of personnel at all levels rather than the sole duty of the information technology function. With active support and strong commitment from senior management, the Company instills in its personnel an understanding of the importance of protecting information, complying with policies, and the potential impacts of violating information security measures or requirements.
- The Company continuously strengthens awareness and knowledge through a variety of channels — including communications via notice boards, internal media, and email; training for both new and existing employees in line with their roles and responsibilities; and regular testing and assessment, such as phishing simulations — to ensure that personnel can comply with information security policies, procedures, and measures correctly and appropriately.
- The Company encourages its personnel to detect, report, and respond to information security incidents in a timely manner, and uses the assessment results to continuously improve its practices, thereby enhancing the organization's capability to cope with the constantly evolving landscape of cyber threats.