1. Implement an information security management system based on ISO/IEC 27001:2013, and comply with laws and regulations and other related requirements.

2. Continuously optimizing and improving information security through improving information security management and high corporate culture to achieve customer satisfaction and loyalty.

3. Controlling information security risks to prevent incidents due to information leaks based on laws and requirements relevant to:

• a. Provide the resources needed to ensure information security systems.
• b. Cultivate and develop information security competency for all employees and work partners.

4. Minimizing negative impacts, preventing information leakage by continuously improving the performance of relevant information security indicators based on relevant information security laws and requirements.

5. Ensuring aspects of confidentiality, integrity and availability of data are guaranteed in the Company while taking into account the aspects of risks and opportunities that apply to meet the needs or expectations of interested parties.