Digital Management

Home / Sustainability / I : Our well-being / Digital Management

Digital Transformation

Challenges, Risks, and Impacts

Thaioil Group foresees the potential of using digital technology in business activities across the supply chain which includes purchasing crude oil, production process, product sales, customer interactions, human capital development, and data collection to enhance competitiveness. In addition, the Company has developed agile projects to enrich new users’ experience by creating a digital ecosystem with safe and appropriate technologies to enhance flexibility and improve employee engagement.

Thaioil Group recognizes the value and importance of data, which is prevalent in the industry. The Company manages and governs the use of internal information, and has developed a centralized data platform to collect and analyze data for operational enhancement. This will lead to the highest benefit for Thaioil Group’s business both present and in the future. Furthermore, the Company emphasizes the risks of cybersecurity and cyber-attacks that may arise on digital platforms. This ensures that the information is secured and well-protected, without adverse impacts on the business operations and confidence among all relevant stakeholders.

The Company places great importance on organizational structure and recruits personnel with digital capabilities, knowledge, and skills. In parallel, the Company also prioritizes the development of digital skills, ensuring all employees understand the working process related to digital projects. These factors pivotally drive the Digital Strategy according to the set targets and plans. As a result, Thaioil Group is able to conduct business efficiently and sustainably in the digital era.

Commitment and Target

Thaioil Group is committed to enhancing competitiveness with digital operations and cybersecurity throughout the business activities across the supply chain. The Company has established the digital strategic framework in accordance with its business directions and strategies. This framework focuses on digital transformation, leveraging data-driven decision-making, implementing robust cybersecurity, fostering a modern working environment, and providing efficient IT services.

Targets

Indicator Unit 2023 Targets Long-term Targets
Establish a digital foundation to enhance competitiveness and empower employees with vital skills and capabilities to effectively utilize technology. Digital Maturity Index (DMI) Literate (1)
(Level 2 out of 4 levels)		 Performer(2)
(Level 3)
Cyber-attacks that affect business operations (Zero Damage to Business) Case 0 0
Cybersecurity Maturity Cyber Maturity Score (Out of 5 scores)

3.3 scores for Information Technology.

2.5 scores for Operational Technology

3.5 scores for Information Technology

3.0 scores for Operational Technology
Internal Customer Satisfaction Percentage 78 78

  • Remarks:

  • (1) “Literate” level indicates that the Company has established a Digital Master Plan and utilized digital technology for certain operational processes.
  • (2) “Performer” level indicates that the Company’ functions leverage on digital capabilities effectively.

  •  

  • Management Approach and Performance

  • Management Approach
  •  
  • Committees and Working Groups
  • Thaioil Group has established the Digital Steering Committee (DGSC) and the Cyber Emergency Response Team (CERT) to drive digital operations and enhance cybersecurity efficiently. The Company has appointed personnel with expertise to oversee cyber management throughout the management level and the operational level. Performance is regularly reported to the management executives while reporting the information security and cybersecurity risk management to the Risk Management Committee (Board level).
  •  
  • 1. Thaioil Group Digital Steering Committee (DGSC)
  • Thaioil Group Digital Steering Committee (DGSC) was established in March 2022 to enhance the effectiveness and efficiency of our Digital Management.
  •  
  • The Committee Structure
  • 1. Chief Executive Officer and President           (CEO) Chairman
    2. Senior Executive Vice President - Hydrocarbon  (SEVP) Vice Chairman
    3. Executive Vice President - Corporate Commercial  (EVPC) Committee
    4. Executive Vice President - Operation Excellence  (EVPE) Committee
    5. Executive Vice President - Finance and Accounting  (EVPF) Committee
    6. Executive Vice President - Corporate Governance and Affairs  (EVPG) Committee
    7. Executive Vice President - Manufacturing       (EVPM) Committee
    8. Executive Vice President - Power, New Business and Digitalization  (EVPN) Committee
    9. Executive Vice President - Organization Effectiveness  (EVPO) Committee
    10. Executive Vice President - Strategy  (EVPS) Committee
    11. Vice President - Digitalization  (DGVP) Committee Secretary

    Thaioil Group Digital Steering Committee oversees Thaioil Group’s technology development and incorporation of technological tools. The scope of works covers:

    • (i) Digital Technology 
    • (ii) Telecommunications 
    • (iii) Operation and Refinery Control
    • (iv) Control Engineering of Measuring Tools

Roles and Responsibilities for DGSC

  • 1. Determine the directions, policies, and strategies for Thaioil Group digitalization management.
    • 2. Supervise and manage digital operations in alignment with digital management policy and make decisions in the digital management strategy.
    • 3. Drive the policies, standards, and governance frameworks to increase operation’s efficiency and Thaioil’s competitiveness in the market.
    • 4. Oversee the risk management on digital and cyber security and act in compliance with domestic laws to gain and build trust from stakeholders.
    • 5. Participate in developing the master plan and budget allocation relating to digital technology matters.
    • 6. Provide advice and suggestions on digital technology to relevant operations.
    • 7. Analyze, review, and monitor the progress of digital practices and report to the Board of Directors as appropriate.

Thaioil Group Digital Steering Committee holds a meeting to consider matters related to their roles and responsibilities every quarter or as necessary. Also, the Committee reports the progress to the Board of Directors at least once a year or as appropriate.

2. Thaioil Group Cyber Emergency Response Team (CERT)

Cyber Emergency Response Team (CERT) was established in March 2022 to oversee and respond to digital emergencies. The purpose is to promptly recover from emergencies and returning to normal system operations while maintaining Thaioil Group's business continuity and minimizing any negative impacts or losses.

CERT Structure

1. Executive Vice President - Power, New Business and Digitalization as CERT Commander
2. Manager - Legal as Lawyer Team
3. Vice President – Corporate Strategic Risk as Risk, BCM and Insurance Team
4. Manager – Business Continuity Management as Risk, BCM and Insurance Team
5. Manager – Corporate Insurance Management as Risk, BCM and Insurance Team
6. Manager – Security as Physical Security Team
7. Manager – Employee Relation as Information Center Team
8. Manager – Public Affairs Coordination-Brand Management as Information Center Team
9. Manager – Refinery Relation Coordinator – Refinery Public Relation as Information Center Team
10. Manager – Investor Relations as Information Center Team
11. Manager – Domestic Commercial Operations – Petroleum & Petrochemicals as Information Center Team
12. Vice President - Digitalization as Response Management Team
13. Vice President – Engineering as Response Management Team
14. Vice President - Technology as Response Management Team
15. PTT Digital CISO – as Response Team

Roles and Responsibilities of the CERT Team

The Executive Vice President of Power, New Business, and Digitalization (EVPN) is positioned as the Chief Information Security Officer (CISO) or CERT Commander to oversee the Company's cybersecurity in accordance with ISO27001 Information security management systems. The roles and responsibilities of CERT are:

  • 1. Formulate management strategies to respond to emergency situations.
    2. Develop the emergency management plan and assign the key responsibility for each activity to ensure that all those involved in the plan understand their roles and responsibilities. 
    3. Monitor and assess the situation to provide recommendations in responding to an emergency situation and returning to normal operations.
    4. Report and communicate the emergency situations to relevant parties, including the executives and refineries, while providing information on the incident, action plans, current status, and the impact on the Company's production or business operations.
Digital Policy
Thaioil Group has announced the digital-related policies as follows:
  • The Digital Technology & Communication Policy is established to govern business operations, provide business direction, adopt the digital technology, and communicate within Thai Oil Public Company Limited and its subsidiaries. The policy aligns with international best practices, the Company’s Enterprise Architecture, and the Data Governance Framework.
  • The Cyber Security Policy is established to ensure that the information systems of Thai Oil Public Company Limited and its subsidiaries have prevention and effective cyber risk management. 
  • The Social Networking Policy is established to govern and provide direction on data dissemination, access to social media and electronic services, and opinion expression. 
  • The Personal Data Protection Policy is established to provide criteria, mechanisms, and measures to manage personal data appropriately. The policy also highlights the right of privacy and personal data protection when conducting transactions with the Company.

Digital Master Plan 2022 - 2030

The Digital Master Plan has been developed to support business operations with short-, medium-, and long-term frameworks in different aspects, including:

Digital strategies

Short-term Plans

(2022 – 2024) 

Medium-term Plans

(2025 – 2027)

Long-term Plans

(2028 – 2030)
Strengthen Business Competitiveness (Advanced Business Excellence) Integrate digital technology throughout the Company's value chain to support the business strategy, and link to the core work processes through the Value Chain Digital Platform (VCDP) project. Enhance business processes with digital technology in the form of Business Digital Platform to integrate the working process.  Achieve business excellence (Intelligence Business) by adopting digital technology as an automated tool to support every working process.

Evolving into a Data and AI Driven Decision-Making Organization

(Big Data & AI)		 Establish a Data Governance Committee to ensure for reliable and efficient data utilization and sharing the use cases of Artificial Intelligence (AI) technology within the organization. Promote and facilitate data utilization for advanced and in-depth analytics improvement (Advance Analytics). Seek new business opportunities of the Big Data from organization-managed information.
Cybersecurity Readiness (Cyber Resilience) Develop a cybersecurity system based on the Zero Trust principle and establish measures and practices to prepare for potential cyber threats regularly. Examine and adopt new innovative technologies to improve cybersecurity, both in defense and incident response (Automated Defend & Response). Consistently develop cybersecurity system to become the leader on cybersecurity in the oil and gas industry.
Establishing an Efficient IT Infrastructure and Fostering a Productive Work Environment Within the Organization (Digital Workplace) Build infrastructure systems to facilitate seamless and convenient hybrid work from anywhere. Develop an IT service system as a centralized “One-Stop Service Hub” and providing services with standardized ITSM (IT Service Management). Boost productivity and enhance employee well-being by providing and advancing IT and digital infrastructure.
Employee Digital Skills Development (People) Establish a framework for enhancing digital literacy and skills, starting with digital agencies and certain employees. Establish digital proficiency as the foundation and basic qualification for employees at all levels. Educate employees to continuously pursue digital skills and strive towards "Digital Natives".

Digital Management Approach 2023

In 2023, Thaioil Group successfully implemented core focus areas as the part of the Company’s digital strategy as follows:

1. Digital Transformation

Thaioil Group prioritizes the integration of digital technology to enhance business competitiveness. The Company has established a strategic plan and executed various projects related to digital technology. Moreover, the Company has monitored the project performance and reviewed the plan regularly. This aims to ensure that the adaptation of digital technology is aligned with the business targets during the changing situation.

Digital Readiness for Clean Fuel Project

Thaioil Group has managed and invested in the digital system to support the production processes of the Clean Fuel Project (CFP), which is a significant and large-scale project for the Company's future growth. This digital system will be a part of the working process for the new production function and will link with the existing system.

Improvement of Customers Services and Users in Digital System 

Thaioil Group prioritizes a standardized digital service management to improve business operations. The Company adopts the recognized international standard ISO/IEC 20000-1:2018 for IT service management and the Information Technology Infrastructure Library (ITIL) framework. This provides excellent work procedures to improve digital service standards within the organization, which the appropriate technologies and digital experience creating approach can be employed to enhance the efficiency of digital services.

Highlighted Projects 2023

In 2023, Thaioil Group implemented key projects as part the Company’s digital strategy as follows:

  • Predictive Maintenance Analytics Project
  • Thaioil Group developed a data processing system to maintain the key machinery and equipment in the production process. The process will predict the likelihood of damage to the machines and provide prevention in advance. This helps avoid unplanned shutdowns and maintenance while reducing the risks associated with such damages.  
  • Prominence Enhancement Project
  • Thaioil Group enhanced a data collection system for the sale of products. The system gathers information from different perspectives, such as types of suppliers, prices, sale volume, sale periods, and payment methods. These data will be used to analyze pricing structure and support the decision-making in the sale approaches for each supplier. This will increase the chances for the Company to generate higher profits in different and fluctuating markets.   
  • SAP ECC System Enhancement Project
  • Thaioil Group upgraded the software and hardware of the current Enterprise Resource Planning (ERP) system, or called SAP ECC, to ensure its function remained efficient. This upgrade is a part of the preparedness before transitioning to the ERP system to SAP S/4 HANA in 2027.

2. Cybersecurity Management

Thaioil Group has adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework from the United States, and Zero Trust Architecture protection guidelines into its management approaches. The approaches include login examination and granting users the minimum necessary permissions to ensure that Thaioil Group has appropriate cyber risk controls for its size and diversity. Key activities include:

  • 1. Enforcing Multifactor Authentication (MFA) for VPN and email access.
    • 2. Installing Endpoint Detection and Response (EDR) anti-virus software on all devices.
    • 3. Launching conditional access controls to verify system access and protect the Company’s critical information.
    • 4. Implementing the mobile device management for Bring Your Own Device (BYOD) in a secured manner.
    • 5. Conducting quarterly employee phishing awareness tests to educate and modify behavior regarding cyber threats.
    • 6. Developing the Cyber Emergency Response Procedure consistent with the Company’s overall Emergency Response Plan. This plan is rehearsed at least twice a year, covering digital technology, operational technology, business continuity plan, and communication measures for internal and external stakeholders in an event of cyber emergency.
    • 7. Upgrading obsolete digital systems and applications to be modern. This not only aims to enables the users to utilize efficiently but also to prevent the cyber risks and threats arising from the gap of such obsolete digital systems and applications.
    • 8. Mitigating cyber risks for computer systems that operate through the Internet, including regularly searching for and managing the risks associated with the Attack Surface.
    • 9. Enhancing cybersecurity measures by adopting Cloud Technology as a tool to cope with cyber threats arising from large numbers of simultaneous attacks, known as Distributed Denial of Service (DDoS). This service is designed to ensure that the computer systems can ensure continuous service availability and meet user demands.
    • 10. Increasing cybersecurity capabilities and services to monitor, notify, inspect, and resolve the cyber threats from specialists during abnormal conditions (Manage Defense and Response (MDR)). This helps build confidence in handling the cyber threats in addition to the Cyber Operation Centre (SOC), the main service provider. 

Cyber Emergency Response

The Company conducted a ransomware assessment and developed a response playbook to efficiently tackle cyber incidents. The training plan on cyber emergency responses was developed and implemented with consultants and executives in 2023, which is conducted at least twice a year. The Company regularly reports the performances to the executives while presenting the outcomes of security and cyber security risk management to the Risk Management Committee (Board level).

In addition, Thaioil Group has engaged external party to assess cyber security gaps throughout the organization. Currently, the Company has completely resolved all identified issues. Moreover, the Company has conducted Penetration Tests on an annual basis. The Security Operations Center (SOC) has also been established to continuously monitor and manage cyber risks for 24 hours a day.

Digital Knowledge and Cybersecurity Awareness Promotion for Employees

  • Provide information and knowledge through E-newsletters and public relations to build awareness of the digital systems that are developed in the Company. This aims to motivate employees to recognize the benefits of technology and its precautions.
    Raise awareness of phishing email threats to new employees through the New Staff Orientation Program and conduct unannounced phishing email tests for employees approximately every three months. Employees who do not pass the tests are required to attend additional training on the prevention of phishing email threats.
    Develop online training courses to enhance awareness and provide basic practices related to the Personal Data Protection Act (PDPA). This is a mandatory course, which all employees are required to complete the course and pass the test. 
Performance
Update : February 2024
The Digital Technology & Communication Policy
Cyber Security Policy