Annual Report 2017

63 4. Risk Management The BoG emphasizes the importance of systematic risk management. The BoG is responsible for designating risk management policies and framework for the organization and appointing the Risk Management Committee (RMC). The RMC, consisting of experts in risk management, advises and makes recommendations to management to ensure that SET’s risk management process is in line with specified policies and international standards. The RMC has to ensure complete coverage of all enterprise-wide significant risks, consisting of four aspects: 1.Strategic risk 2. Operational risk 3.Financial risk and 4.Compliance risk. The Risk Management Department has been assigned to coordinate and support management in the implementation of risk management processes according to the set policy. Please find more details under the topic “Enterprise risk management” 5. Information and Communications Technology The BoG emphasizes the importance of security management of the information technology (IT) system. The BoG approved the Information Technology Management and Information Security Management Policy framework in line with International standards and related rules and criteria as appropriate. All employees have to make use of IT carefully for utmost benefit to the organization with no negative impact on SET or stakeholders. Today the SET group manages state-of-the-art technology that is efficient and world-class in line with ISO27001 (Information Security Management System), ISO 20000 (Information Technology Service Management System), etc. the IT Management and Information Security Management Policy and measures are based on the principle of Confidential, Integrity, Availability (CIA), in compliance with ISO27001.