Data Protection, Information Security & Audit-Ready Operations
Organisations operating in Thailand are expected to protect personal data, secure information systems, and demonstrate reasonable and auditable security controls. Customers, partners, and regulators increasingly look for alignment with recognised standards — not informal or ad-hoc practices.
Our managed services are designed to support alignment with Thailand’s Personal Data Protection Act (PDPA) and ISO/IEC 27001:2022, providing a structured, defensible approach to security and data protection under a shared responsibility model.
Personal Data Protection Act (PDPA) – Thailand
The Personal Data Protection Act B.E. 2562 establishes requirements for how personal data is collected, used, stored, and protected in Thailand.
While compliance outcomes remain the responsibility of the organisation, our services support PDPA obligations through technical and operational safeguards.
How Our Services Support PDPA
Data Access Controls
We support role-based access controls and user lifecycle management to reduce unauthorised access to personal data.
Security Monitoring & Incident Detection
We provide monitoring designed to detect security incidents that may impact personal data, supporting early response and containment.
Breach Response Support
Where a personal data breach is suspected or confirmed, we support:
- incident investigation
- containment actions
- timely notification to customers
- evidence gathering to support PDPA notification requirements
Data Integrity & Availability
Through backup, recovery, and continuity controls, we support the availability and integrity of personal data in line with PDPA expectations.
ISO/IEC 27001:2022 Alignment
ISO/IEC 27001:2022 is the internationally recognised standard for information security management systems (ISMS).
While certification is not required to benefit from the standard, alignment provides a common language for auditors, customers, and partners.
Our services are designed to support key ISO/IEC 27001:2022 control objectives relevant to managed IT environments.
ISO Control Areas Supported by Our Services
Organisational & Operational Controls
- defined roles and responsibilities
- controlled onboarding and offboarding
- change management and incident escalation
People & Access Controls
- user lifecycle management
- access restriction and revocation
- confidentiality enforcement
Technical Controls
- endpoint protection and monitoring
- patch and vulnerability management
- logging, monitoring, and incident response
- backup and recovery controls
Business Continuity & Resilience (Platinum)
- recovery planning and prioritisation
- defined RTO / RPO targets
- disaster recovery and continuity support
PDPA & ISO Support by Service Tier
| Capability Area | Bronze | Gold | Platinum |
|---|---|---|---|
|
Access controls & user lifecycle |
◐ |
✔ |
✔ |
|
Security monitoring |
◐ |
✔ |
✔ |
|
Incident response support |
– |
◐ |
✔ |
|
Breach response support |
– |
◐ |
✔ |
|
Backup & data availability |
– |
✔ |
✔ |
|
Business continuity support |
– |
◐ |
✔ |
|
Audit evidence & reporting |
– |
◐ |
✔ |
Legend: ✔ Included | ◐ Limited | — Not included
Shared Responsibility Model
PDPA and ISO/IEC 27001 alignment operates under a shared responsibility model:
- We are responsible for controls within the scope of the subscribed services
- Customers remain responsible for lawful processing, governance, policies, and regulatory filings
This approach aligns with regulator and auditor expectations.
What This Alignment Does (and Does Not) Mean
This Means
- services are designed to support PDPA and ISO control objectives
- controls are implemented proportionally by tier
- audit-ready evidence can be provided at higher tiers
This Does Not Mean
- guaranteed compliance or certification
- replacement of legal or regulatory advice
assumption of customer governance responsibilities
Why PDPA & ISO Alignment Matters
- Reduces regulatory and legal risk
- Builds trust with customers and partners
- Simplifies audits and due diligence
- Strengthens security posture over time
Learn More or Request Evidence
Detailed control mappings, audit evidence, and compliance documentation are available upon request, subject to service tier.
Contact us to discuss PDPA and ISO-aligned managed services.
