Updated on 8 December 2022
We, ThaiQuest Limited (“ThaiQuest”), adhere to conducting business with social responsibility and against Corruption and Bribery. Any Corruption and Bribery or related attempt in ThaiQuest’s business dealings is unacceptable and shall not be tolerated.
This Anti-Corruption and Bribery Policy (“Policy”) applies to ThaiQuest and its affiliates, directors, employees, and all related businesses. ThaiQuest’s directors and employees shall be responsible for extending the Policy and its implications, to the extent applicable, to all agents, business partners, suppliers, customers, and others who are involved in all business dealings with ThaiQuest.
All directors and employees are informed of this Policy’s zero-tolerance principle on Corruption and Bribery and the consequences of breach. This Policy and its implications shall also be disclosed to agents, business partners, suppliers, customers, and third parties who have or may have business dealings with ThaiQuest.
All directors and employees are required to comply with this Policy. Specifically, the Policy prohibits all ThaiQuest’s directors and employees from the following activities:
(1) Any offering, promising, giving, accepting, or soliciting of an advantage, in any form, as an inducement for an action which is illegal or a breach of a person’s fiduciary responsibilities (“Bribery”).
To avoid any doubt, “an advantage, in any form” may include but not limited to cash, gifts, gift certificate, discount, entertainment, hospitality, forbearance, training, travel, service, or other item having a monetary value which may be provided either directly or through third parties or for third parties.
(2) Any soliciting, arranging or accepting a bribe for the benefit of the director, employee, or for the benefit of their family, friends, associates, or acquaintances
(3) Any offering, promising, or giving a bribe to public officials, public or private organizations, or other private individuals, directly or indirectly, on behalf of ThaiQuest and its affiliates.
(4) Any abuse of entrusted power or authority for private gain, including bribery, extortion, fraud, deception, collusion, cartels, embezzlement, money laundering, and other similar activities (“Corruption”).
This Policy constitutes the minimum requirement for Anti-corruption and Bribery. A higher standard may be imposed by specific legislation or regulation for certain business transactions and within ThaiQuest’s regulations.
Directors and employees shall use good judgment to avoid actions that are considered Corruption and Bribery, including but not limited to the following actions.
Any breach of the Policy by a director or employee shall be investigated in accordance with ThaiQuest’s disciplinary process and may result in an admonishment, suspension, or termination of appointment or employment. In the event of a willful breach, ThaiQuest may pursue both civil and criminal remedies.
1. PURPOSE
This Information Security Policy establishes the framework for protecting the confidentiality, integrity, and availability of information assets within the defined ISMS scope.
It defines The Management Committee’s commitment and direction to implementing, maintaining, and continually improving an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022.
This policy provides the high-level principles and governance framework for managing information security risks across the organization’s defined ISMS scope.
2. SCOPE
This policy applies to all employees, contractors, and relevant third parties operating within the formally defined ISMS scope, as documented in the ISMS Governance & Operation Process.
All personnel within the ISMS scope are required to comply with this policy and supporting procedures.
3. INFORMATION SECURITY PRINCIPLES
ThaiQuest is committed to the following information security principles:
• Protecting the confidentiality, integrity, and availability of information assets
• Applying a risk-based approach to the identification, assessment, and treatment of information security risks
• Ensuring compliance with applicable legal, regulatory, and contractual obligations
• Assigning clear accountability for information security roles and responsibilities
• Promoting information security awareness among employees and relevant third parties
• Continually improving the effectiveness of the ISMS
4. INFORMATION SECURITY OBJECTIVES
ThaiQuest establishes measurable information security objectives that support business strategy and regulatory requirements. Objectives include, but are not limited to:
• Maintaining an effective Information Security Management System aligned with ISO/IEC 27001:2022
• Protecting against unauthorized access to production systems
• Ensuring availability and resilience of production systems
• Detecting and responding to information security incidents in a timely manner
• Maintaining legal, regulatory and contractual compliance
Information security objectives are monitored periodically and reviewed during Management Review to ensure continued suitability and effectiveness.
5. MANAGEMENT COMMITMENT
The Management Committee commits to:
• Supporting the ISMS and ensuring alignment with business strategy
• Providing adequate resources for effective implementation
• Approving risk treatment decisions and risk acceptance
• Participating in Management Reviews
• Promoting continual improvement of information security
The Management Committee retains overall accountability for the effectiveness of the ISMS. The Management Committee ensures that the Information Security Policy is established, communicated, and understood within the organization.
6. RISK MANAGEMENT
Information security risks shall be:
• Identified, analyzed, and evaluated using a defined methodology
• Assigned to responsible risk owners
• Treated according to risk tolerance levels
• Reviewed periodically and upon significant changes
• Risk treatment decisions shall be documented and approved.
Risk acceptance criteria and risk tolerance levels shall be approved by the Management Committee and reviewed at least annually. The Statement of Applicability (SoA) defines selected controls and justifications in alignment with ISO/IEC 27001:2022.
7. CONTROL FRAMEWORK
Security controls shall be selected and implemented based on:
• Risk assessment results
• Legal and regulatory requirements
• Contractual obligations
• Business and operational needs
Controls shall be implemented in accordance with ISO/IEC 27001:2022 and the approved Statement of Applicability (SoA) and supported by documented procedures where necessary.
8. ROLES & RESPONSIBILITIES
Information security responsibilities are assigned as follows:
• Management Commitee: Overall accountability and strategic direction
• ISMS Manager: Coordination and oversight of ISMS operation
• Risk Owners: Management and treatment of assigned risks
• Control Owners: Implementation and operation of controls
• Employees and Contractors: Compliance with security policies and procedures
ThaiQuest ensures that personnel performing information security-related roles are competent based on appropriate education, training, and experience.
All employees and contractors shall receive appropriate information security awareness training and are responsible for complying with applicable security policies and procedures.
9. COMPLIANCE OBLIGATIONS
ThaiQuest shall comply with:
• Applicable laws and regulations
• Exchange and market data provider requirements
• Contractual obligations
• Internal policies and procedures
Compliance requirements shall be identified, documented, and periodically reviewed to ensure continued adherence. Non-compliance may result in disciplinary action, contractual consequences, or legal measures where applicable.
10. INCIDENT MANAGEMENT
All information security incidents or suspected weaknesses must be reported promptly through designated reporting channels. Incidents shall be Investigated, managed and reviewed in accordance with the Incident Response Procedure, including root cause analysis and corrective actions where necessary.
11. BUSINESS CONTINUITY
ThaiQuest maintains business continuity and disaster recovery capabilities to:
• Protect core digital platforms and supporting infrastructure
• Minimize operational disruption
• Ensure recovery within defined recovery objectives
Recovery objectives and continuity arrangements shall be defined, documented, and tested periodically.
12. MONITORING, AUDIT, AND REVIEW
The effectiveness of the ISMS is monitored through:
• Performance metrics
• Internal audits
• Management reviews
• Corrective action tracking
Monitoring and review results shall be documented and used to support continual improvement. The ISMS shall be reviewed at least annually to ensure suitability, adequacy, and effectiveness.
13. CONTINUAL IMPROVEMENT
ThaiQuest is committed to continually improving information security by:
• Addressing audit findings
• Implementing corrective actions
• Reviewing risk treatment effectiveness
• Updating controls in response to evolving threats
14. POLICY COMMUNICATION
This policy shall be:
• Approved by the Management Committee
• Communicated to all employees and relevant external parties
• Available to interested parties as appropriate
• Maintained as documented information under document control procedures
15. ENFORCEMENT
Failure to comply with this policy may result in:
• Disciplinary action
• Contract termination
• Legal consequences where applicable
16. POLICY REVIEW
This policy shall be:
• Reviewed at least annually
• Updated when significant changes occur to business operations, risk environment, or regulatory requirements
• Approved by the Management Committee
