top of page

OIC Regulation Consulting


OIC Regulation Consulting

ประกาศ คปภ cybersecurity

Consulting services, according to the announcement of the OIC.

Follow the announcements with confidence by a professional consultant.

According to the Notification of the Insurance Commission Re: Rules for Supervision and Management of Information Technology Risks of Non-Life and Life Insurance Companies B.E. The following companies

Information technology governance
(IT governance)
  • Roles, Duties, and Responsibilities of the Board of Directors

  • Governance Structure (Three Lines of Defense)

  • Policies related to the governance of information technology risks (IT Risk Management Policy, IT Security Policy)

IT project management
  • Risk assessment and project prioritization

  • Information Technology Project Management Framework

  • Information technology project supervision

Information technology security (IT security)
  • IT Security Policy

  • IT Security Organization

  • Human Resource Security

  • Asset Management

  • Access Control

  • Cryptography

  • Physical and Environmental Security

IT risk management
  • 1st & 2nd Line of Defense (Risk Owners & Risk Functions)

  • IT Risk Management Framework, Process, Criteria

  • Risk Assessment (Identification, Analysis, Evaluation)

  • Risk Treatment, Risk Monitoring & Review, Risk Reporting

Compliance with laws and regulations related to IT compliance
  • 2nd Line of Defense

  • Supervise compliance with laws and regulations about information technology (IT Compliance).

Information technology audit (IT audit)
  • 3rd Line of Defense

  • Roles, duties, plans, the scope of the audit

  • Information Technology Auditing

  • outsourcing of specialists, Reporting the results of the audit

  • Monitoring and Reporting of Key Issues

Supervision and management of cybersecurity risks (Cybersecurity)
  • Cybersecurity Framework

  • Identification, Protection, Detection, Response, Recovery

  • Cyber ​​Risk Assessment

  • Cyber ​​Threat Action Status Assessment

  • Cyber ​​Threat Surveillance and proceed according to the Cyber ​​Act

Reporting incidents of cyber threats or threats to information technology systems (Reporting).
  • Insurance companies must report to the office. Suppose a company's critical information technology is attacked or compromised by a cyber threat. In that case, It is a problem or event that the company must report to the top management of the company.

  • AlphaSec helps companies follow the announcement by consulting and sample control measures documents following the requirements of the statement.

bottom of page