Font
A+
A
Dark mode Light mode
Quick links
Language :
Recommended Searches
Quick links
whistleblowing Procurement

Governance, Risk Management and Compliance

Global Power Synergy Public Company Limited (GPSC) always adheres to the good governance principles as a framework for strategic planning and operations across all economic, social and environmental dimensions, and creating value-added business with all stakeholders to become a global leading power company in innovation and sustainability.

Risk and Crisis
Management

GRI 3-3
The current business environment is characterized by risk and uncertainty, stemming from geopolitical challenges and social polarization at both regional and global levels, economic vulnerabilities, and the constraints on economic, financial, trade, and investment activities, businesses face volatility in exchange rates, interest rates, and inflation. Additionally, emerging risks, stringent regulations, and societal measures in response to climate change and greenhouse gas emission reduction commitments are significant. These factors collectively impact business operations and necessitate companies to adapt to changing legal and regulatory frameworks aimed at reducing greenhouse gas emissions. Fluctuations in energy fuel prices under price control policies affect production operations, and exchange rate volatility impacts investment expansion, posing significant challenges to the company’s success factors and business goals in both the short and long term. Systematic, efficient, flexible, and timely risk management is crucial in supporting operations and mitigating potential impacts. Conversely, the company leverages these risks and uncertainties to create business opportunities, such as expanding into new energy businesses and related sectors, and adapting to new electricity production and distribution models in line with government policies, addressing evolving societal consumption behaviors. Based on the above principles and rationale, the company emphasizes and adheres to the Enterprise Risk Management (ERM) framework according to the international standards set by The Committee of Sponsoring Organizations of the Treadway Commission (COSO). This ensures that all business mechanisms and activities can appropriately apply risk management principles, ultimately benefiting the company. The company oversees enterprise risk management through the Risk Management Committee, assigned by the Board of Directors, and closely managed by the Risk Management and Internal Control Committee at the management level. The company’s risk and crisis management approach includes the following:
See the materiality assessment Link

Risk Management
Culture

GRI 2-23, 2-24
Risk Culture 2024
Download
With a business philosophy and culture aimed at creating shared value for all stakeholders, based on the fundamental principles of a positive corporate culture and clear operations, the company emphasizes fostering a robust risk management culture throughout the organization. This is achieved through development plans and operational strategies, both short-term and long-term, across various dimensions, including management systems and work processes, as well as personnel management. The enterprise-wide risk management framework encompasses key principles such as:

1. GPSC Risk Management Policy

GRI 3-3
The company, through its Risk Management Committee, has established a risk management policy to serve as a framework for overseeing and enhancing the efficiency of risk management operations. This policy integrates risk management at all levels across the organization and extends to the GPSC group level to align with the business strategies and goals, as well as adapt to changing conditions. It encompasses risk management in all dimensions, including strategic and investment risks, financial risks, business risks, technology and operational risks, legal and regulatory risks, personnel and organizational structure risks, environmental, social, and governance (ESG), corruption risks, and emerging risks such as information technology and cybersecurity. Moreover, risk management is designated as a responsibility of managers and employees at all levels throughout the organization. This ensures that the company's business operations are systematically managed under a comprehensive risk management framework that covers all business activities, linked with an effective internal control and audit system.

To ensure that the company's risk management policy remains relevant and aligned with current business contexts and goals, the policy is reviewed and subject to approval for any revisions annually.

Download Risk Management Policy Link

2. Risk Appetite

The Risk Appetite determines the acceptable level of risk in conducting business activities. This is based on principles of analysis and decision-making aligned with the company's environment, activities, and business goals. The company's acceptable risk level framework encompasses five key dimensions:
  • Financial Aspect: To maintain financial policy and structure levels, as well as an investment-grade credit rating.
  • Business and Operation Aspect: To ensure the stability and reliability of electricity production and distribution with zero incidents affecting workers and no negative impact on the environment or community.
  • Law and Regulation Aspect: To ensure compliance with laws, regulations, company policies, and to prohibit fraud and corruption, while adhering to human rights principles in employment under good corporate governance.
  • Strategy and Investment Aspect: To pursue investments aligned with the company's target portfolio, investment criteria, and financial policies, focusing on clean energy sources and the GPSC group's greenhouse gas reduction goals, ensuring value creation with careful consideration of impacts on stakeholders, communities, society, and the environment. Additionally, emphasis is placed on investment in research and development.
  • Human Resources and Organization Aspect: To develop the organization's and employees' capabilities in line with the company's strategy and business growth.

To ensure that the company's risk appetite framework remains relevant and aligned with current business contexts and goals, the policy is reviewed and subject to approval for any revisions annually.

3. Risk Criteria

The company has established risk criteria to align with the business operation framework, encompass dimensions of finance, business processes and operations, corporate reputation, customer aspects, and personnel. For analyzing the level of impact and the frequency of any risk events, a unified risk assessment criterion is applied across the entire organization, with specific sub-dimensions considered as shown in the picture.

To ensure that the company's acceptable risk level framework aligns with current business contexts and objectives, the company conducts an annual review and seeks approval for any necessary adjustments.

4. Enhancing Knowledge Management and Up-skilling for Executives and Employees Across Group Companies

through a blend of online (E-Learning) and hands-on workshop training. The training content will be comprehensive, in line with risk management policies and business contexts at both organizational and departmental levels, aimed at cultivating a unified organizational culture. Regular knowledge review sessions will ensure that employees receive relevant knowledge tailored to the current organizational and business landscape, empowering them to apply it effectively for enhanced operational efficiency.

5. Measuring Performance and Efficiency in Risk Management Operations

involves tracking the progress of organizational risk management quarterly through reports to the Risk Management Committee. Additionally, to drive performance efficiency towards the organization's predefined success objectives, the company also emphasizes the importance of driving key risk management through Key Performance Index (KPI) metrics for both management and employees. This serves as a mechanism to generate motivation and propel operational results towards the set goals effectively.

Enterprise Risk Management Structure and Framework

GRI 2-12, 2-13, 2-16, 3-3

The risk management of the company operates within the scope of authority, duties, and responsibilities of the specialized committee, which has the highest authority within the scope of risk management responsibilities of the organization, including:

  • Board of Directors
    Responsible for considering significant risk factors that may arise, establishing comprehensive risk management guidelines, and overseeing management and executives to have an effective risk management system. They also address risk factors resulting from business opportunities and ensure that risk management aligns with current business context changes. They regularly approve the organization's risk management framework and review the company's performance, either annually or in case of significant impactful events.
  • Risk Management Committee: RMC
    Operating under the charter approved by the Board of Directors to appoint certain members to perform specific duties. The RMC is tasked with defining and reviewing organizational risk management policies, overseeing, supporting, and monitoring the effectiveness and performance of organizational risk management aligned with strategies, business objectives, and changing scenarios. Additionally, they review current risk contexts to push for timely risk management strategies and actions concerning significant factors and events impacting company operations. Moreover, the RMC plays a significant role in supervising, supporting, and developing risk management at all levels throughout the organization to enhance operational efficiency aligned with strategies and business objectives, accommodating changing circumstances. They also ensure the acceptance of the company's acceptable risk framework, fostering widespread risk-awareness culture, and providing continuous efficiency-enhancing recommendations in risk management operations. The company mandates at least quarterly meetings to ensure ongoing effectiveness. (Further details regarding the scope, authority, duties, and responsibilities of the Risk Management Committee can be found in the Risk Management Committee charter.)

    Risk Management Committee Charter link

  • Risk Management & Internal Control Committee : RMCC
    Comprising senior executives of the company, this committee is responsible for managing, overseeing, and ensuring the effectiveness and maximum efficiency of the risk management system, internal control system, and continuous business management of the company. This includes the preparation, implementation, monitoring, and quarterly review of the organization's risk management operations. Additionally, it drives the company-wide risk management operations and fosters the development of risk management culture among employees at all levels. It also integrates operational guidelines both internally within the organization and collaboratively with internal and external groups of the company. Furthermore, it assigns relevant management/operational personnel to efficiently and appropriately manage risk-related issues across various dimensions. This is achieved through RMCC meetings held at least quarterly and reporting results to RMC for comprehensive assessment of operational guidelines annually.
  • Risk Owners/ Functions
    Every employee plays a role in managing various risks that may arise in their work to minimize the organization's exposure to damages under the most efficient business operations. This includes seeking business opportunities and executing risk management measures in various dimensions and activities. Their responsibilities involve assessing risks, uncertainties, and opportunities that may affect any goals or operations as set out to find management strategies. Moreover, they foster cooperation both internally within the organization and externally to support the organization's risk management culture and collective practices.
  • Audit Committee
    This committee is tasked with auditing the effectiveness and adequacy of the risk management system to ensure that the company's risk management aligns with the guidelines set forth under the Audit Committee charter.

ENTERPRISE RISK MANAGEMENT FRAMEWORK

GRI 2-16

In addition to the risk management committee structures mentioned above, the company also emphasizes the importance of personnel throughout the organization in both management and operational levels of various departments. This is to ensure that the context of business operations, governance, and performance enhancement can be cultivated from the employee/operator level all the way to the level of the highest-rank executive, through the responsibilities of each relevant position and committee, encompassing every activity across the Company’s business chain.

GPSC’s enterprise risk management framework and the connection between risk management components are as shown in the diagram.

RISK MANAGEMENT STRATEGIES AND PROCESSES

Under the enterprise risk management framework (ERM), GPSC has established guidelines for risk management operations at two levels: Corporate Level and Functional Level. Strategies and processes for risk management are as follows:

STRATEGIES FOR RISK MANAGEMENT

The risk management strategy, in addition to aiming to cultivate good knowledge throughout the organization for managers, employees, and stakeholders under the widely recognized Risk Culture, also encompasses efficient operational guidelines. These guidelines include appointing representatives from various units as Risk Agents, categorized according to the risks associated with all business activities of the company. Moreover, there is a central coordination and oversight for risk management, along with setting strategies and pushing for continuous improvement in the risk management system. All of this is aimed at ensuring comprehensive and integrated risk management in all dimensions, continuously developing the system, and driving it in the same direction as the organization's business strategy. Additionally, the company has fostered collaboration within the PTT Group to seek knowledge development in various risk management aspects, such as developing the Operational Excellence Management System (OEMS) and Sustainability Management.

CORPORATE RISK MANAGEMENT PROCESS

GPSC focuses on the importance of integrating participation in risk management at every level systematically. This includes assessing risk factors, analyzing and compiling risk issues that may impact the organizational context, aligning with the business strategy plan factors, which are internal, and risks from various changes occurring under the fluctuating business environment and emerging risks, which are external factors. It's supplemented with addressing problem issues and risks in operational activities at the unit level, which are significantly relevant to the business context. Furthermore, there's a push to elevate and enhance risk management operations at the unit level to integrate them into the organization's risk management processes in the short term (1 year), medium term (3-5 years) for consideration and approval. This serves as a framework for overseeing risk management and monitoring, as well as reporting operational results to align with organizational goals.

GPSC has set clear timeframes for reviewing risks and tracking operational results at least quarterly at both management and GPSC committee levels. Additionally, it considers reviewing and seeking approval for adjusting and adding organizational risk items significantly impacting GPSC (Emerging Risk) during the year to ensure the organization has processes in place to assess important changes and respond to new risks effectively throughout the year, whether they are short-term to medium-term risks, ensuring efficient handling. Overall, this is an important guideline that GPSC adheres to in using risk management systems as tools to drive strategic departments and operations to achieve strategic objectives. Furthermore, it promotes pushing for risk management to become part of the organizational work culture through various aforementioned operations.

In addition, the Company also emphasizes the integration of material issues into factors in the analysis of corporate risk management to the risk identification process to be considered comprehensively in all dimensions affecting stakeholders. The current risk assessment criteria for impact assessment have considered various dimensions comprehensively, from finance and operations including ESG. As a result, the assessment of the impacts of various material issues has enabled GPSC to effectively monitor the organization’s material risks, as well as determine corporate risk management strategies and implement adequate and appropriate impact mitigation measures.

RISK REGISTER

The assessment, analysis, review, and preparation of risk issues are carried out by relevant functions across various work processes, such as risk management in business operations; construction management; decision making in project investment development, project execution, including impact of occupational health, safety, and environment; and sustainability and human rights management. GPSC focuses on integrated operations and on putting in place adequate support measures in relation to risk assessment dimensions illustrated in the image below.

The assessment and preparation of the risk register are carried out in 7 steps as follows:

1. Objective Setting

This involves defining objectives/goals to clarify the scope of considering various trends of risks/uncertainties that may impact operational effectiveness. It aims to ensure that risk assessment and risk management planning are clear and efficient in terms of supervision, identifying plans and managers, as well as monitoring performance. The objective scope of risk consideration includes evaluating business activities and assessing risks at every level, such as:

  • Assessing the strategic level risk, which is the organizational business objectives, considered at the organizational level.
  • Evaluating the operational level risk of departmental business activities, considered at the departmental level.
  • Assessing specific tasks or projects, which are project-level risks under the supervision of related departments.
  • And other considerations, etc.
2. Risk Identification

This involves identifying all risks or events that may occur and potentially impact the achievement of set goals. These uncertainties can be either positive events (opportunities) or negative events (risks) that might arise. GPSC considers identifying risk factors through:

  1. 1) Assessing future scenarios by considering changes in both internal and external factors, encompassing emerging risks related to changes in business activities or contexts that may affect the organization's goal achievement, such as the stability of international economic and political conditions.
  2. 2) Evaluating situations arising from changes in normal business operations that may impact business conduct and/or current operational characteristics and potentially affect GPSC's business goals. Risk factors can be identified from various sources, such as personnel in relevant departments or through review, validation, and recommendations from committees and executives to manage risks in subsequent steps.

Under GPSC's risk management policy framework, identifying risk factors will be comprehensive in all dimensions, including financial and non-financial aspects, strategic and operational aspects, environmental, social, and governance (ESG) aspects, as well as emerging risks, classified by risk groups such as:

  • Strategic Risk This refers to risks arising from various factors that impact strategic objectives or goals, or risks from the chosen strategies that lead to strategic actions not meeting the business objectives. These risks affect the organization and stakeholders and stem from both external and internal factors. They include dimensions such as strategy, investment and business expansion, climate change, biodiversity, and changes in laws and regulations.
  • Business Risk This refers to risks arising from business operations with factors stemming from various uncertainties, such as increasing fuel prices, business competition, customer behavior, product prices, business competition, and unfavorable business laws.
  • Financial Risk This refers to risks that impose limitations on financial management, potentially affecting long-term business strategies. Examples include liquidity shortages, credit issues, capital management, and currency management. Financial risks may arise from income and capital structures, interest rate fluctuations, foreign exchange rate volatility, economic conditions, credit ratings, business strategy plans, and the current state of money and capital markets.
  • Operational risk This refers to risks that may cause damage to various operational areas, such as technology and operations, human resources, production, repair and maintenance of machinery and equipment, errors and inefficiencies in operations, compliance with legal and safety requirements, fraud, human rights, information technology and cybersecurity, supply chain issues, and project management not adhering to timelines.
  • Shareholder Investment Risk This refers to risks that may negatively affect shareholder equity, market prices of shares, or interest rates. These risks include uncertainties in shareholder investments, credit risks, and price risks.
3. Risk Assessment

GPSC conducts risk assessment and analysis in all dimensions of sub-risks according to the Risk Criteria in the main dimensions, which include financial, business process and operations, corporate reputation, customer, and personnel. These are the standard criteria used throughout the organization for considering enterprise-level risks, department-level risks, and investment risks in project/product development. The organization's standard risk assessment criteria are as follows:

  • Impact Assessment Criteria: The severity is divided into 4 levels: low, medium, high, and critical.
  • Likelihood Assessment Criteria: This is divided into 4 levels, ranging from :
    • Low likelihood (less than 10% chance, or never occurred or occurred once in 5 years)
    • Medium likelihood (between >10% and <20% chance, or occurred once in 3 years)
    • High likelihood (between >20% and <50% chance, or occurred once in 1 year)
    • Very high likelihood (critical) (more than 50% chance, or occurred more than once in 1 year)

GPSC presents the assessment results using a Risk Matrix to prioritize risks, with the following categories

  • Critical risk group (red): These are risks that require urgent management and mitigation to reduce potential impacts. They must be monitored and reviewed at least quarterly.
  • High-risk group (orange): These are risks that require proactive management and mitigation to reduce potential impacts. They must be monitored and reviewed at least quarterly.
  • Medium-risk group (yellow): These are acceptable risks but need to be monitored to prevent escalation. They must be reviewed at least once a year.
  • Low-risk group (green): These are acceptable risks that do not require additional monitoring measures. They must be reviewed at least once a year.

The risk dimensions outlined by GPSC include strategic risks, business operation risks, operational risks, and financial risks, with varying levels of risk management.

GPSC has divided the levels of management and governance into two levels:

  • Corporate Level: This considers significant impacts or damages that could prevent GPSC from achieving its objectives, strategies, and business plans as specified.
  • Functional Level: This considers impacts or damages that could prevent a department from fulfilling its objectives and responsibilities.

GPSC has conducted risk assessment, analysis, and prioritization through the risk matrix. The results are interpretated based on likelihood and magnitude of the potential impacts. Examples of GPSC key risks are presented in the table below:

Risk Area Risk Description Risk Area Risk Description
Strategic Risks Investment and Business Expansion Business growth of GPSC can be restricted by the external challenges e.g., fuel cost, fluctuation of exchange rate, and interests rate caused by macroeconomic. Financial Risks Over-reliance on Industrial Customer Income Risk associated with industrial customers that cause financially influences to GPSC revenue structure.
Organizational Capability The risk related to the organizational capability derived from work model and procedural transformation. Referenced Price to Power Generation & Distribution Volatility The price of fuel that is not aligned with the electricity cost can dramatically impact on GPSC’s profitability
Changed Rules and Regulations Changed Rules and Regulations can cause the business obstacles to GPSC and customer. Especially, the direct impact from changed regulations to strategies and business practices. Funding Management for Business Expansion The barrier on business growth of GPSC represented by funding management is related to the supporting of future investment plans, capital mobilization tools, the models aligned with economic and financial market conditions to optimize benefit to GPSC, credibility ratings.
Climate Change As of international goal in the GHG emission reduction, GPSC addressed climate change with the business commitment to tackle on the climate change by focusing on GPSC’s business operation. Interest Rate Volatility The volatility from loans is addressed as a financial risk with respect to the fixed and float rates that GPSC has to effectively manages proportions of fixed and float interest rates
Operational Risks Power Plant Reliability The risk represented by power plant reliability can impact to GPSC in delivering the products throughout supporting national economic growth and energy security. Exchange Rate Volatility An overseas investment come up with the fluctuation of exchange rate which can return to GPSC’ financial risk accordingly.
Quality, Security, Safety, Health, and Environment This risk is the potential thread to GPSC’s operation, especially business losses resulting e.g., disruption and discontinuity of operations together with impacts on communities, society, and the environment. Shareholder Investment Risks Credit Risks GPSC’s reliability can be risked provided that bond issuers performance falls short of expectations and the collateral is less than the overall debt.
Management of Projects under Construction The risk from the project under the construction can cause the negative impact on the reliable delivery of power and steam to customers and achieve financial performance aligned with the budget plan. Price Risks The price risks associated with GPSC can be occurred due to the general economic conditions, money market movements, interest rate changes, the interest rate policy fixed by the Bank of Thailand, inflation rates, remaining tenors, excessive demand, or bond supply shortages in the market.
Imbalanced Fuel Supply Portfolio Secure and maintain the energy source are the challenges to GPSC in preventing the risk of managing fuel supply and generation stability. Liquidity Risks Bond holders may not be able to dispose of bonds before maturity when there is no liquidity in the secondary or over-the-counter markets
Fraud and Corruption in Business Risk associated with employees to perform duties in conforming to good governance and Code of Conduct. Default Risks GPSC has no records of default on either principal or interest for bonds, mortgages, or loans from commercial banks, finance and securities firms, credit fonciers, and specialized financial institutions (SFIs).
4. Risk Response

GPSC ensures appropriate management to keep risks at an acceptable level by specifying a timeframe for risk management actions to reduce the likelihood and impact of risk events. Additionally, GPSC designates a Risk Owner responsible for developing and implementing the mitigation Plan.

For residual risks that remain at a high to critical level after control measures, it is necessary to seek risk response strategies. This involves selecting and implementing a Mitigation Plan to reduce the severity of these risks to an acceptable level.

The risk response strategies can be categorized into four types:

  1. Take/Accept/Pursue: No further action is taken because the residual risk is at an acceptable low level, or there is a desire to accept the risk associated with a certain action.
  2. Treat/Reduce: Additional actions are taken to reduce the likelihood or impact of the risk to an acceptable level.
  3. Transfer/Share: Some of the risk is transferred or shared with another person or entity to mitigate its severity.
  4. Terminate/Avoid: Actions are taken to cancel or avoid activities that generate the risk.

The mitigation actions are then identified to manage risk within corporate risk appetite as shown in the examples of risk response/ mitigation action in the table below:

Key Risks Key Area Risk Appetite/Tolerance level Likelihood Magnitude Mitigation Actions
  • The inconsistency to maintain energy supply to IU customers due to;
    • Feedstock/Water shortage,
    • Equipment/ Machine, breakdown
    • Human errors, etc.
 Operational Risks
  • GPSC will neither accept any kind of reliability and stability risk which will impact to customers.
  • Enhance GPSC and GLOW power plant network to maintain capacity management in both normal operation and unexpected situations
  • Embed Operational Excellence Management System (OEMS) as the standardized framework to improve efficiency and performance
  • Supervise feedstock management to ensure its availability and enhance optimization in production process
  • Establish war room to closely monitor asset optimization and supply chain in weekly basis
  • Define performance indicators in form of leading and lagging to relevant parties in both bottom up and top down level to be responsible for power plant reliability and stability to customers
  • Closely follow up the water situation to ensure its prompt availability for GPSC’s and Customers’ plant balance and analyze its impact from customers’ business to GPSC’s business
  • Coordinate operating plan with customers to predict load of demand and supply in advance to maintain availability and reliability of energy supply
  • Engage with governmental and private sectors to closely monitor water volume, potential situation of drought, and mitigation progress in Rayong and Chonburi area
  • Appoint the specific committee as GPSC’s Water Management Working Team to drive and govern action plan of water management into direction stringently
  • Business growth of GPSC can be restricted by the external challenges;
    • fuel cost,
    • fluctuation of exchange rate, and interests rate caused by macroeconomic,
    • Environmental concerns,
    • Tax and non-tax barrier, etc which impact to GPSC and GPSC’s customers
 Investment and Business Expansion
  • GPSC will consider the investment which enhances value creation to stakeholders, communities & society, and environment.
  • GPSC will consider to invest in green energy in order to meet CO2 emission achievement as GPSC Group’s target
  • Seek for new growth opportunities to invest in renewable/ hybrid energy in Thailand and other opportunistic countries.
  • Expedite the business model of New S-Curve such as Battery Value Chain Business, the study of CCUS and hydrogen, etc. into commercialized phase
  • Funding Management for Business Expansion
 Financial Risks
  • GPSC will maintain strength of capital structure as target and maintain credit rating to investment grade
  • GPSC will provide funding which is suitable for business environment, market condition, and aligned with PTT Group’s policy.
  • Develop new energy trading platform to cope with new behaviors of users, upcoming power trading regulation, and simultaneously reduce impacts on current and future power generation and distribution operations
  • Joint development/ partnership with reliable and professional partners as the selective option to shorten into new business/ other area
  • Comprehensively scrutinize and decision making on strategic project under project return policy to ensure financial return will be met as target
  • Frequently review optimal financial policy rate and funding strategy to support GPSC group business target
  • Establish treasury center to facilitate fund-raising activities and for optimal benefit of financial management by GPSC Group
  • Seek for financial instrument from various green financing methods to support financing activities so that company can diversify and seek for attractive sources of fundsing along the way while pathing to sustainable green growth direction
Fraud and Corruption in Business Conduct Operational Risks
  • GPSC will neither accept any kind of risk from fraud and corruption nor any form of misconduct from regulatory compliance according to corporate governance
  • Place strong governance through GPSC Corporate Governance and internal control of fraud and corruption in functional activities
  • Communicate anti-corruption policy for all employee to acknowledgement as common ground throughout the company
  • Set whistleblowing channels for corrupt practice and written measures to aid assessment, detection, and response to corruption
  • Review assessment of corruption risks amongs related parties and annually reporting to the Risk Management Committee
  • Be a member of the Thai Private Sector Collective Action Against Corruption (CAC) to maintain the stringent intension of no involvement in any corrupt practices.

Low

Medium

High

Extream

5. Approval

After risk analysis and the creation of the risk register, verifying the completeness of the management plans/strategies and approving the implementation and risk closure is crucial for the thoroughness of the risk management process. GPSC divides risks into two levels:

  • Corporate Risk: This is prepared by the corporate risk management department in collaboration with relevant units and presented for review by the Risk Management and Internal Control Committee (RMCC) and the Risk Management Committee (RMC) before seeking approval from the GPSC Board of Directors.
  • Functional Risk: This is prepared by the risk-owning department in collaboration with relevant units and submitted for approval to the commandant accordingly.
6. Monitoring, Review & Reporting

Under the GPSC risk management policy, the charter of the Risk Management Committee, and the guidelines established by the Risk Management and Internal Control Committee (RMCC), GPSC continuously monitors, reviews, assesses, and reports on risk management. This ensures that all risk items can promptly respond to current and future situations, events, and operational conditions. The following actions are taken

  1. Risk Monitoring, Review, and Reporting:

    GPSC designates clear responsibilities for monitoring, reviewing, verifying, and reporting risk items:

    • The RMCC at the management level is responsible for continuously monitoring departmental and corporate-level risks, as well as emerging risks. The results of monitoring significant corporate risks and new risks affecting GPSC’s business are reported to the Risk Management Committee (RMC) for ongoing management oversight to ensure an integrated view of risk management.
    • GPSC appoints a Risk Agent for each department to act as a central point for identifying risk factors and assessing risks using the Risk Register. The risk management department compiles the results and reports to the RMCC at the management level for continuous monitoring and review of risk management progress.
  2. Sensitivity Analysis and Stress Test

    GPSC recognizes the business challenges that have arisen and may arise in the future. Therefore, it places importance on managing uncertainties and their impacts by conducting Sensitivity Analysis and Stress Tests to predict these effects. This is done during the annual business planning period to address strategic management issues alongside creating a risk registry for both short-term and medium-term risks. This approach ensures that GPSC can face worst-case scenarios and has clear mitigation plans. Additionally, throughout the year, GPSC continues to review and assess the analysis and evaluations as situations change or new scenarios emerge during operations. This preparation aims to mitigate impacts and explore opportunities arising from changes that might affect business objectives, performance, and strategic direction.

    These activities are integrated into the quarterly risk assessment reviews or when new issues arise, such as fluctuating energy prices and policies that affect cost and revenue structures, impacting financial factors and performance. Geopolitical and geo-economic situations, coupled with global economic stability, money, and capital markets, also impact financial performance and growth targets, as well as strategic investment expansion plans. One of the tools GPSC uses to assess the severity of these impacts and plan appropriate preventive measures according to the risk level is Sensitivity Analysis and Stress Testing.

    GPSC focuses in the importance of regularly reviewing and adjusting risk management plans to align with the current situation. The objective is to comprehensively manage risks to maintain them at acceptable levels. In addition to the organizational risk issues approved by the GPSC board, if new risk issues arise during the year that could significantly impact GPSC, the risk management team, in collaboration with relevant units, will analyze and compile data for presentation to the Risk Management and Internal Control Committee (RMCC) for consideration before seeking approval from the Risk Management Committee (RMC). This is to include them as additional organizational risk items that require ongoing collaborative management.

7. Communication

GPSC emphasizes the importance of communicating risk-related issues to executives, employees, and stakeholders across all sectors. This is to raise awareness and promote participation in monitoring and pushing for prevention/remediation of existing and potential issues, in line with the practices that management prioritizes and consistently advocates for (Tone at the top). This is done through large and small group meetings within each department, dissemination of risk-related information via email, and integration into the content of internal training sessions, all in alignment with GPSC's advocated risk management culture. Moreover, GPSC stresses the importance of ensuring accurate and timely communication of significant risk-related information to external stakeholders in various situations.

The risk management overview is as shown in the diagram.

8. Risk Audit

For the purpose of assurance on overall risk management framework , which is one of the systems that support the success of an organization's mission and business objectives, auditing the effectiveness and operations of the system according to international standards is something that GPSC considers and emphasizes. The audit framework for GPSC's risk management system includes:

  • Internal Audit
    By GPSC's Audit Committee (AC), operating under the Audit Committee Charter, responsible for examining GPSC's risk management and internal control systems to ensure adequacy and effectiveness. The department overseeing and managing GPSC's overall risk management system proposes an annual risk management framework and guidelines for the committee's consideration at least once a year.
  • External Audit

    - Conducted by external auditors to certify compliance with international standards and best practices annually. Examples include certifications for ISO 9001:2015 Quality Management Systems, ISO 14001:2015 Environmental Management Systems, ISO 45001:2018 Occupational Health and Safety Management Systems, Integrated Management Systems (IMS) R-100 Rev.4, ISO 22301:2019 Business Continuity Management Systems, and ISO 27001:2013 Information Security Management Systems. Risk management is a crucial aspect evaluated for certification, from strategic considerations to operational practices, performance efficiency, and readiness to respond to emerging risks. GPSC is certified in all these areas.

    - PTT Public Company Limited, GPSC's major shareholder and a state enterprise, there are annual assessments of GPSC's overall risk management system's compliance with the PTT Group Way of Conduct, ranging from risk management policy to governance and implementation, based on the COSO ERM 2017 framework by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), an international standard. This includes principles and practices related to governance for state enterprises, as outlined by the State Enterprise Policy Office in 2019.

In additional, the Company is also aware of the risk factors/opportunities arising from climate change factors, and has implemented climate change risk management.

https://www.gpscgroup.com/th/sustainability/gpsc-sustainability/sustainable-management-structuregpsc-sd2023-gpsc-ifrs-s2-en.pdf, pages 35-39.

Correlation of risks

The risk issues classified as the most impactful on GPSC’s operations are the efficiency of investment, organizational capacity, compliance, power plant reliability, and project execution. Risk correlation is significant for GPSC’s risk management since it can cause a chain of effects which may increase or decrease the level of risk according to their relationship.

Chart of annual risk correlation analysis

Emerging Risks

GPSC recognizes and is aware of short-term and medium-term emerging risks that can impact the Company as well as risks and opportunities that may arise from the management of such risks. To this end, GPSC identifies emerging risks that. will impact its business strategies and targets and will result in loss of opportunities for the Company if they are not appropriately managed. GPSC has assessed the emerging risks, analyzed their potential impacts, and established courses of action to manage those risks effectively.

Emerging Risks Risk level Time
frame		 Description Potential Business Impacts Mitigating Actions
1. Economic recession, geopolitical tensions and war risks/td> High 2025 The situation of war and political conflict, economic slowdown, fluctuations in the financial and capital markets, and production-consumption sector from the fragile economic conditions have resulted in limitations affecting GPSC's business operations and performance, as well as the GPSC group of companies.
  • Impact from the increased adjustment of energy fuel prices has led to GPSC experiencing adverse effects on business performance that do not align with the planned objectives.
  • The economic slowdown and trade regulation impact have reduced demand for GPSC products.
  • The impact from financial and treasury policy management under the inflation control conditions and economic stability at the international level affects GPSC's financial costs and expenses.
  • Political risks at regional and national levels pose obstacles to GPSC's business operations under its growth strategy.
  • Managing the impact on business performance through fuel price formulas used in electricity production and distribution contracts, along with plant optimization operations, production, and distribution improvements, and coordination with relevant external agencies.
  • Coordinating cooperation between customers/partners to maintain production and electricity delivery stability.
  • Risk management and impact mitigation through the Raw Material Price and Financial Hedging Committee, as well as monitoring interest rate situations and financial costs to find suitable financial instruments.
  • Managing risks and impacts from investment project selection, short and long-term evaluation, business partnership establishment, in-depth business environment study through GPSC personnel in the area, and considering Exit Strategy in appropriate situations.
2. Power and Energy Interfere Risk High 2025

Government policies to stabilize electricity prices to alleviate the burden on consumers have impacted electricity producers and GPSC due to inconsistencies between energy fuel prices and electricity prices.
  • The impact of electricity price stabilization policies by the government, which do not reflect the actual cost, has resulted in adverse effects on GPSC's business performance that do not align with the planned objectives.
  • Seeking ways to reduce overall production costs, coupled with maintaining and improving production efficiency and stability appropriately.
  • Overall production and distribution optimization (Plant Optimization).
3. Climate Regulation and Climate Action Risk medium 2030 As international commitments, including those by Thailand, aim to address the reduction of greenhouse gas emissions, with Thailand setting a target to reduce emissions by 40% by the year 2030, it poses conditions affecting the current operations and business of GPSC. This necessitates seeking ways to reduce greenhouse gas emissions under the management of production from stable fossil fuels, essential for electricity generation to support industrial usage. This includes financial management and cost from policies supporting investments in clean fuel businesses, alongside maintaining business performance to respond to shareholders and stakeholders.
  • Measures to prevent trade barriers through taxes and additional expenses in products with higher greenhouse gas emissions than specified levels, affecting both customers and possibly leading to reduced product purchases and increased expenses for GPSC.
    Accelerating production efficiency, energy fuel usage, investing in renewable energy, developing new business models for clean energy procurement, and certification of clean energy emissions. Studying and developing new energy utilization technologies with low greenhouse gas emissions. Exploring technologies for carbon capture and storage.
4. Power and Steam Production and Synchronization Risk High 2028 Currently, EGAT is in the process of upgrading the electricity transmission system in the Rayong province and the eastern region to address the issue of high Fault Level, which exceeds the specified limit. Consequently, all newly commissioned and SPP Replacement power plants of GPSC are not permitted to connect to EGAT's transmission system.
  • GPSC faces constraints in production management and operation during certain periods.
  • Production and distribution costs have increased while revenue remains the same under product sales agreements.
  • Analyzing and coordinating technical studies with EGAT to address connection issues.
  • Managing maintenance to increase production and distribution efficiency and reduce downtime of power generation units.
  • Managing operation and maintenance downtime in conjunction with energy procurement planning with customers.
  • Plant optimization to manage overall production efficiency.
  • Collaborating with EGAT to procure additional electricity during power generation maintenance periods.
5. Changed Rules and Regulations impacted to GPSC Business Expansion High 2027 As for the energy transition agenda in the global context, the increased challenge of renewable energy generation and distribution has become an attractive topic. Adopting the change regarding this trend leads to new challenges for the competitive market and emerging business. Likewise, this has been addressed as an emerging risk related to the unforeseen uncertainty of the new and restrict coming regulations, policies, and measures in Thailand within 3-5 years. Particularly, the electricity tariff mechanism. An emerging risk driven from the changed in rules and regulation derived from energy transitions is recognized to potentially cause direct business impact to GPSC.
  • The competitive market is also one of the challenges for new renewable energy businesses of GPSC in the market share context. In a highly competitive market, companies have to compete for customers, and they may have to lower their prices or offer better products or services to attract customers away from their competitors. This can result in a decline in market share and revenue for GPSC if the company is unable or unwilling to adapt to the changing market conditions.
  • The applicable electricity tariff from newly changed policies and regulations can influentially impact GPSC as generated revenue, which is uncertain, particularly imposing the electricity fee through the UGT mechanisms.
  • Demanding green products from customers who were impacted by energy transition could effectively result in an increase of company capital investment to seek alternative energy and/or clean technologies for more sustainable solutions of power producing.
  • Increase the share of renewable energy assets in the generation mix through targeted investments, partnerships, and acquisitions. Prioritize scalable and dispatchable RE technologies, such as solar-plus-storage, to improve resilience and customer attractiveness under future market conditions.
  • Develop adaptive pricing models that incorporate projected regulatory scenarios, enabling GPSC to maintain margin stability under various tariff structures. Explore long-term green PPAs with off-takers seeking predictable green energy pricing.
  • Conduct scenario-based impact assessments to quantify financial exposure under different regulatory.
  • Establish a financial buffer or green investment fund to absorb transitional shocks and capitalize on new opportunities.
  • Continuously developing alternative technologies for lower carbon emissions i.e. CCS, Hydrogen Production, Nuclear SMR, etc.
6. Digital Transformation and AI Adoption Risk High 2030 The growth and development of new technology pose substantial risks to businesses worldwide. In the context of electric utilities, digital and AI driven technologies such as energy trading platforms, grid optimization tools, and digital twins play a crucial role in long-term business transformation. The impact of these technologies is uncertain and may not pose an immediate threat. It could potentially lead to market competitiveness failure if GPSC is not prepared for adoption and does not remain resilient. Such risks could impact GPSC’s operational efficiency, reduce workforce capabilities, and slow its ability to innovate and adapt to evolving business needs. Moreover, these technologies introduce new cyber-attack risks that could disrupt systems and data. Recognizing these challenges, GPSC executes its digital transformation management, integrating AI into strategy and operating process as well as strengthening cyber defenses to stay resilient and competitive in a changing energy landscape.
  • Failing behind to enhance AI technologies advancement in power business value chain would mean losing ground to more agile compared to competitors, missing growth opportunities in areas e.g. VPPs and smart grids, and gradually lowering market share and long-term profitability.
  • Increasing use of digital and AI driven technologies could expose GPSC to cyber-attacks targeting these advanced systems. Without robust cyber defenses and proactive monitoring, cyber threats may cause operational disruptions, data breaches, and serious reputational and financial damage.
  • Rapid adoption of digital and AI driven technologies requires specialized skills in data analytics, AI model management, and digital system integration. Without proactive workforce upskilling and talent acquisition, GPSC may face a shortage of qualified personnel, leading to slower implementation of new technologies and reduced innovation capacity over time.
  • Drive and execute continuous digital transformation strategy and AI adoption to improve process efficiency, scalability, and support the company’s strategic goals, develop clear milestones for digital transformation and AI-driven adoption across key processes e.g. asset management, energy dispatch, predictive maintenance, and demand response including resource allocation and implementation plans.
  • Implement a robust cybersecurity improvement plan and closely monitor its effectiveness to ensure the protection of company data, data breach, OT & IT systems, and business continuity.
  • Develop workforce capabilities and expertise in digital, AI transformation, and cybersecurity, enhance tools and systems to strengthen innovation and data protection, and ensure overall organizational readiness to support continuous improvement, boost employee engagement, and sustain long-term business growth.
7. New Technology / Energy Advancement Risk High 2032 The energy sector plays a vital role in the transition toward a low-carbon economy and sustainability. Conventional energy is being phased out and replaced by new advancements in energy technology. The accelerating pace of new energy, including solid-state batteries, SMR, H2–based energy, ammonia, and CCUS, poses a new and significant risk to the global energy sector including GPSC. These technologies have the potential to reshape the energy landscape, driving the transition from traditional centralized utilities to micro-decentralized, self-optimizing energy ecosystems. For GPSC, this could result in long-term shifts in the market and changes in customer expectations. This risk is still emerging as these technologies are in the early stages of development, and their impacts are yet to be fully realized. GPSC is preparing its business model called “S-Curve” to ensure the ability to adapt on these changes as a new pathway and integrate new energy solutions into its operations If GPSC delays implementing its S-Curve strategy and new energy solutions, the company may face penalties, fines, and rising compliance costs (e.g., carbon taxes) as stricter GHG emissions and sustainability regulations take effect. Failure to adapt could also expose the company to legal risks and greater financial pressures.
  • GPSC risks losing its market position if it fails to adapt to the shift toward new energy advancements. As competitors embrace emerging technologies and decentralization continues to disrupt traditional utility-based business models, GPSC could lose its competitive edge, leading to declining revenue and market share as customers increasingly demand more flexible, efficient, and sustainable solutions. To remain competitive, GPSC must proactively embrace platform-based, service-oriented, and data-driven approaches that align with evolving market expectations and sustainability goals.
  • If GPSC delays implementing its S-Curve strategy and new energy solutions, the company may face penalties, fines, and rising compliance costs (e.g., carbon taxes) as stricter GHG emissions and sustainability regulations take effect. Failure to adapt could also expose the company to legal risks and greater financial pressures.
  • Develop next-generation technologies such as solid-state batteries, hydrogen-based solutions, ammonia, CCUS, and nuclear microreactors (e.g., SMR), and secure strategic partnerships to accelerate integration and maintain competitiveness.
  • Evolve GPSC’s business model under S3 and S4 Strategies to be service-oriented and data-centric, integrating flexible energy solutions such as energy decentralization that combine renewable generation and energy storage for optimized, on-demand supply.
  • Govern the study to long-term R&D in emerging energy technologies and invest in infrastructure for decentralized energy systems to ensure GPSC is well-positioned for future energy solutions.
  • Collaborate with energy innovators and tech companies to adopt new technologies, reducing financial burdens while staying ahead in the evolving energy market.
  • Engage with related government authorities to support the relevant policy/ regulation/ to push forward new technologies to implementation phase.

Information Security / Cybersecurity Governance

GRI 3-3

Strategies for Success

Information security and cybersecurity have become vital components of corporate responsibility. As organizations increasingly adopt advanced digital infrastructure, the risks associated with cyber threats, data breaches, and system vulnerabilities continue to grow, therefore, posing significant operational, reputational, and stakeholder-related consequences. These risks impact not only business continuity but also the trust of customers, employees, and investors of the company.

In recognition of these challenges, GPSC has established a comprehensive policy and procedure to managing information security and cybersecurity with the highest level of responsibility, ensuring the protection of digital assets and the integrity of its operations. This includes continuously improving information security systems, ensuring integrity and protection of data, and monitoring and responding to information security threats. GPSC also promotes and establishes individual responsibilities for information security across its workforce and set up information security requirements for third parties (e.g. suppliers and contractors). These third-party requirements are outlined in the “Regulation on Information and Communication Technology Policy Standard Practice,” which specifies the security policies, protocols, and controls that external partners must comply with to conduct business with GPSC.

Through this framework, GPSC aims to mitigate potential risks/ threats arising from external relationships, safeguard shared systems and data, and ensure the continued integrity and confidentiality of GPSC’s digital assets.

As digital technology and information systems are critical to business operation both the production system and the operating network that connect to the internet network which could lead to a risk of cyber threats. To productively and effectively facilitate the digital technology and information operation of GPSC group as well as be able to prevent threats and effectively manage the cyber and information risk in accordance with ISO / IEC 27001, NIST standard and relevant laws, the company has guidelines for information security and cybersecurity as follows:

See the materiality assessment Link

Regulations on Information and Communication Technology Policy Standard Practice 2021

Cybersecurity Policy
Download
/storage/content/sustainability/governance-risk-compliance/risk-crisis-management/information-technology-cybersecurity-measure/20240605-gpsc-information-technology-and-cybersecurity-governance-en.png
Click to Enlarge

GPSC's Information Technology and Cybersecurity governance structure are as follows:

Board of Directors (BOD)

Board of Directors are responsible for reviewing and approving GPSC' s key strategies, policies, objectives, action plans, and financial goals as well as regularly overseeing and monitoring the executives so that such plans are carried out in accordance with the prescribed directions and strategies. Moreover, the roles and responsibilities of them are to consider potential risk factors, formulate comprehensive risk management guidelines, ensure that the executives operate with efficient risk management systems and processes in place and to ensure sufficient and effective internal control as well as regular assessment of the suitability of GPSC's internal control systems.

Risk Management Committee (RMC)

GPSC Risk Management Committee appointed by the Board, which has roles and responsibilities according to the charter consisting of determining and reviewing risk management policy and framework, monitoring and supporting the operation of risk management in accordance to the changing situations covering information technology and cybersecurity risk as well as providing recommendations for the Risk Management and Internal Control Committee (RMCC) (management level) and Management Committee (MC) to ensure that the company has an efficient risk management. The results of risk management operations will be reported to the Board.

Audit Committee (AC)

GPSC Audit Committee (AC) has duties to review to ensure that the internal audit systems, internal control systems and risk management of the company are appropriate and efficient as well as to guide and give any advice to management to improve processes effectively in order to reduce any risk factors.

Management Committee (MC)

GPSC Management Committee is responsible for monitoring and driving the business operations in accordance with the prescribed directions and strategies as well as managing any obstacles and risks which might affect business operations. In addition, the roles and responsibilities of them are to provide recommendations to President and Chief Executive Officer in order to make decisions on important issues to business operations and plans as well as to manage the working system with the same direction and to scrutinize the risk management of the company. The results of risk management and business operations will be reported to the Risk Management Committee and the Board, respectively.

Risk Management and Internal Control Committee (RMCC)

GPSC Risk Management and Internal Control Committee are responsible for governing risk management activities and internal control systems which cover all risks, including environmental, social, and governance risk (ESG risk) to ensure that the company can achieve organizational goals with reasonable confidence through supporting and monitoring the operation in accordance to the risk management policy and framework of GPSC Group as well as overseeing the operational risk management both corporate and functional risks. In addition, the roles and responsibilities of them are to scrutinize the risk management framework as well as to monitor and evaluate the results of risk management. They also have the responsibilities to support and provide recommendations to the management committee in risk management, according to their scope of duties as well as to develop enterprise risk management to align with international standard to ensure that the risk management system meets the requirements. The results of risk management will be reported to GPSC Risk Management Committee, Audit Committee, Management Committee and related functions. In case that there is a significant factor or situation which might affect the company significantly, the committee must report to the Board immediately.

Digital and Cybersecurity Steering Committee (DCSC)

Executive Vice President Corporate Services performs the chairman of the DCSC and has responsibilities for managing any changes, assessing digital technology and cybersecurity risks, establishing strategies to achieve operational goals as well as driving and supervising various projects in accordance with the organization's strategies and operations.

In addition, senior executives from various departments join to perform the committee and be responsible for regulating and driving digital technology and cybersecurity operations to have the effective results and comply with the cybersecurity, ISO/IEC 27001, NIST standard, and relevant laws.

Digital technology and cybersecurity risk management and result of the operation will be reported to GPSC Management Committee as necessary. In case of emerging risk or high risk, the committee must report to the Risk Management and Internal Control Committee to consider and provide recommendations on the risk management as well as to concretely drive the efficient risk management.

Cybersecurity Working Team

Representatives from various departments, consisting of Information Technology (IT) and Operation Technology (OT) departments are responsible for preparing a plan, improving, and defining a framework for cybersecurity to comply with GPSC Group's cybersecurity policy, relevant laws and regulations in order to manage cybersecurity risks. The cybersecurity working team must monitor and report the operational result to DCSC as necessary.

ISO/IEC 27001 Information Security Management System (ISMS)

ISMS consists of 3 working groups as follows

Information Security Management Representative (ISMR)/ Information Security Management Assistance (ISMA) is the company's management representative which has responsibilities for supervising to establish, use and develop the information security management system in GPSC as well as for maintenance, continuously monitoring and improving to achieve the information security policy and to conform to ISO/IEC 27001 standard. In addition, ISMR/ISMA also has duties in providing recommendations and suggestions about information security and policy applying to all employees as well as supervising any changes that might occur in the company along with coordinating to assess, solve and appropriately control risks from those changes and in case of security breaches. ISMR/ISMA must report the result of the operation to DCSC.

ISMS Core Team (CT) consists of representatives from various departments. They have duties in coordinating with ISMR/ISMA to conduct risk assessments and manage risks for each segment as well as to measure the effectiveness of the process and control in the system. In addition, CT is responsible for coordinating with ISMR in the event of security breaches or any emergency cases to control and deal with these challenges that arise.

ISMS Document Controller (DC) is responsible for supervising and controlling the use of documents and records of the system to comply with the requirements of ISO/IEC 27001 standard, including coordinating with the GPSC central document controller team in order to operate the system to be in line with the company standard.

Information Technology and Cybersecurity Measure

GRI 3-3

GPSC has organized training courses on information security and cybersecurity awareness, including compliance standards of the company's Information and Communication Technology Policy Standard Practice such as computers and software usage, internet usage, sending and receiving e-mails, and computer virus protection to employees at all levels, as well as new employees through online channels such as e-Learning and orientation, to raise awareness of cyber threats and know the policies and regulations for the use of information technology systems that employees at all levels must strictly adhere to as part of their performance evaluation. Employees with violations will be subject to disciplinary measures by the company.

In 2024, the company held
2

courses in IT Policy and Cybersecurity Awareness training
through e-Learning
and annual activities to raise awareness for employees,
such as news about cyber attacks Training for new
employees through e-Learning, etc.

Training Document
Employee and Related participation of over
1,315

persons

In addition, GPSC has established business continuity and contingency plans as well as incident response procedures, which are implemented at least twice a year to ensure preparedness and responsiveness in the event of emergencies. Furthermore, GPSC assigns a third party to perform an annual vulnerability analysis of the organization's information technology systems. This assessment consists of four key activities: external penetration testing (targeting the organization's internet-facing systems), internal penetration testing (simulating attacks from within the network), vulnerability scanning to detect potential system weaknesses, and phishing mail testing. All activities are closely monitored and evaluated.

If any employee is found to have acted inappropriately or becomes a victim of the phishing test, GPSC will conduct targeted communication and organize training programs to raise awareness and enhance understanding of cyber threats among specific employee groups. In cases involving information security or cybersecurity incidents, employees are encouraged to contact the designated IT service channels, such as the IT Service Desk, system administrators, or PTT-Digital, to report the incident and initiate investigation and corrective actions.

Click to Enlarge

GPSC has established channels for reporting emails received by employees that are suspected to be spam or Phishing Mail through the Report Phishing function. In the past year, GPSC has been certified in Information Security Management System – ISO/IEC 27001:2013 for data center, supporting infrastructure and cloud management (IaaS).

Updated as of February 2025

The content above is based on the sustainability reporting standards of the Global Reporting Initiative (GRI Standards) and externally validated and verified for data accuracy at the "Limited Assurance" level.

You might also be interested in

Supply Chain Management
Evolving Business Model
Maintaining Availability and Reliability