Managed Services Compliance Pack
Regulatory, Security & Supply-Chain Alignment
Last updated: 16/01/2026 Referenced by: Master Services Agreement (MSA)
1. Purpose of This Compliance Pack
This Compliance Pack provides an overview of how our Managed Endpoint Services are designed to support customer compliance, regulatory obligations, and industry security expectations.
It is intended for customers, auditors, procurement teams, and supply-chain due diligence activities.
This document does not constitute a guarantee of compliance or certification and must be read in conjunction with the Master Services Agreement and applicable service schedules.
2. Shared Responsibility Model
Compliance is delivered under a shared responsibility model, consistent with ISO/IEC 27001:2022 and international best practice.
- The Service Provider is responsible for controls within the scope of the subscribed Managed Services.
- The Customer remains responsible for organisational governance, legal compliance, HR controls, physical security, business processes, and regulatory filings.
3. Thailand Regulatory Alignment
The Managed Services are designed to support alignment with applicable Thailand laws and regulations, subject to the subscribed service tier.
| Regulation | Description | Bronze | Gold | Platinum |
| Personal Data Protection Act (PDPA) | Personal data safeguards & breach handling | ◐ | ✔ | ✔ |
| Computer Crime Act | System security & misuse prevention | ◐ | ✔ | ✔ |
| Electronic Transactions Act | Integrity of electronic records | — | ✔ | ✔ |
Legend: ✔ Supported | ◐ Limited | — Not included
4. International & Industry Standards Alignment
The Managed Services are designed to support alignment with commonly requested international standards and frameworks.
| Standard / Framework | Bronze | Gold | Platinum |
| ISO/IEC 27001:2022 | ◐ | ✔ | ✔ |
| ISO 22301 (Business Continuity) | — | ◐ | ✔ |
| TISAX (Automotive Supply Chain) | — | — | ✔ |
| NIST Cybersecurity Framework | ◐ | ✔ | ✔ |
| Cyber Insurance Security Controls | — | ◐ | ✔ |
5. Compliance Capability by Tier
- 5.1 Bronze – Essential Compliance Support
Designed for low-risk, non-regulated environments. Bronze provides baseline technical controls only.
| Area | Coverage |
| PDPA technical safeguards | ◐ Limited |
| Endpoint security & patching | ✔ |
| Basic monitoring & logs | ◐ Limited |
| Incident awareness | ◐ Limited |
| Audit evidence support | — |
| Business continuity | — |
| Supply-chain readiness | — |
Bronze is not suitable for audited, regulated, or export-critical operations.
- 5.2 Gold – Business & Regulatory Readiness
Designed for regulated SMBs and growing organisations. Gold provides operational compliance support.
| Area | Coverage |
| PDPA safeguards & breach support | ✔ |
| Computer Crime Act controls | ✔ |
| ISO/IEC 27001 control support | ✔ |
| Backup & recovery testing | ◐ Limited |
| Audit evidence support | ◐ Limited |
| Supplier / third-party controls | ◐ Limited |
Gold supports internal audits and moderate regulatory scrutiny.
- 5.3 Platinum – Supply-Chain & Audit-Ready Compliance
Designed for factories, exporters, and critical supply chains. Platinum provides full compliance-support capability.
| Area | Coverage |
| PDPA (technical + response support) | ✔ |
| ISO/IEC 27001:2022 (Annex A aligned) | ✔ |
| ISO 22301 continuity principles | ✔ |
| TISAX / automotive expectations | ✔ |
| Incident response & forensics | ✔ |
| Audit & customer due diligence | ✔ |
| Supply-chain risk management | ✔ |
Platinum is suitable for customer audits, supplier approval processes, and international contracts.
6. BOI & Export-Focused Compliance Support
The Managed Services are designed to support BOI-promoted and export-oriented organisations by strengthening IT and security controls commonly reviewed during audits and customer due diligence.
| BOI / Export Control Area | Bronze | Gold | Platinum |
| Data protection safeguards | ◐ | ✔ | ✔ |
| Access control & user management | ◐ | ✔ | ✔ |
| System availability & resilience | — | ◐ | ✔ |
| Audit trail & reporting | — | ◐ | ✔ |
| Incident response readiness | — | ◐ | ✔ |
| Customer security questionnaires | — | ◐ | ✔ |
The Service Provider does not provide BOI application, customs, or legal advisory services.
7. Breach Management & Notification (PDPA-Aligned)
| Capability | Bronze | Gold | Platinum |
| Breach detection | ◐ | ✔ | ✔ |
| Breach investigation support | — | ◐ | ✔ |
| Regulatory notification support | — | ◐ | ✔ |
| Customer / audit communication | — | — | ✔ |
8. ISO/IEC 27001:2022 & TISAX Control Mapping
A detailed Annex A control mapping aligned to ISO/IEC 27001:2022 and TISAX expectations is available on request and may be provided to auditors, customers, or procurement teams. Control coverage varies by service tier and follows a shared responsibility model.
9. Transparency & Limitations
To avoid ambiguity:
- The Managed Services do not guarantee compliance or certification outcomes.
- The Services do not replace legal or regulatory advice.
- Customer governance and business controls remain the responsibility of the Customer.
10. Transparency & Limitations
To ensure clarity and avoid ambiguity:
- The Managed Services are designed to support compliance but do not guarantee regulatory or certification outcomes.
- The Services do not replace legal, regulatory, or professional advice.
- Ultimate responsibility for compliance remains with the Customer, including governance, business processes, and regulatory filings.
Why Compliance Matters for Factories & Exporters
For factories and export-oriented organisations, strong security and compliance alignment helps to:
- Reduce friction during customer and supplier audits
- Accelerate supplier approval and onboarding
- Build trust with international customers and regional headquarters
- Reduce downtime, operational disruption, and supply-chain risk
Platinum-tier services are designed specifically for environments where production continuity, audit readiness, and customer trust are critical.
