Digital Innovation, Data Security, and Privacy


Digital Stakeholders

The Essence

Innovation and digital technologies currently play the vital role in our organization across all segments, as they help the management to become quick and efficient, promoting its potentials in providing services and expanding business opportunities for AOT. Therefore, the importance of personal data security has become multiplied. AOT emphasizes on digital, innovation, data security, and privacy, to ensure service delivery that is modern, secured, and free from personal data breaches or cyberattacks, as well as to build confidence to all stakeholders involved in using our digital technologies.

Innovation Governance Policy and Guidelines

In the 2020 financial year, AOT began to systematically lay the foundation for innovation governance and development, in order to to achieve concrete results. It has formulated the policy to promote the use of creativity and innovation governance, the AOT Innovation Governance Handbook, and the AOT Innovation Master Plan, as a framework in line with the management’s policies and in accordance with the strategies of different innovation governance organizations, which vary in models and processes but have creativity as a common starting point and innovation as a common result. Hence, AOT has created our innovation development process to be a framework that incorporates creativity in the innovation building process, and to be the crucial process of the innovation management system, equipping our organization with the management style that will drive our organization to effectively operate in line with the innovation-related policies, purposes, and goals, promoting the organization to increase its capability to compete in terms of product, service, operation process, marketing, and business model, which will ensure organization’s sustainable growth and ability to continuously deliver values to the stakeholders.


Digital Governance Policy and Guidelines

AOT Digital Action Plan for the 2020 - 2022 Financial Years

AOT has continuously applied Information Communication Technology (ICT) to support airport operation and internal affairs management. AOT has also created its Digital Action Plan for the 2020 – 2022 financial years, which consists of the following elements;

Digital Governance Policy and Guidelines

AOT Airports Application consistsof these following features:

AOT has set the direction in applying digital technology to facilitate the passengers in the airports under the concept of “A Life Airport”.

Furthermore, in 2019, AOT launched the AOT Airports Application, which would provide customers with new fascinating experience using the airports with great convenience. It would also promote businesses of the commercial operators within the airports, to be ready for the Thailand 4.0 way forward.

AOT Airports Application consists of these following features:

AOT Airports Application consists

Management Evaluation

AOT evaluates the progress of our Digital Technology Governance using the strategic indicators per the Digital Action Plan. The Internal Division reports to the high-level executives, to regularly review and determine additional measures to achieve the set goals.


Data Security and Privacy Policy and Guidelines

AOT’s ICT Security and Personal Data Protection Policies

AOT's ICT Security and Personal Data Protection Policies are applied throughout AOT's operations including employees in all levels and external parties who work with AOT. The AOT ICT Security Policy was formulated as required by the relevant Act, Decree, and Announcement of the Electronic Transactions Committee. The Policy has been disseminated to the AOT employees and contractors, to acknowledge and be aware of the importance of the AOT ICT Security, which is to be strictly followed. Additionally, ICT risk assessment is to be regularly carried out. The President of AOT or a designated high-level executive is assigned to formulate the supporting policy and guidelines, as well as to supervise, control, audit, and consult on the process. The Policy is subject to regular reviews, at least annually, or as often as necessary. The President is liable for the risks and damages that occurred, in the circumstance that the AOT’s ICT system or ICT assets were to pose any damages to an entity or individual due to the failure to follow the Policy.
The AOT Data Privacy Policy was formulated as required by the Determination of Rules and Methods of Government Electronic Transactions Decree B.E. 2549, Electronic Transactions Committee’s Announcement on Policy Statement and Guidelines for Personal Data Protection of the Organization for Economic Cooperation and Development (OECD), and OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The Policy also covers employees, contractors, and clients. The violation of the Policy is a disciplinary offense per AOT Regulations. The President of AOT or designated high-level executive is the formulator of the supporting policy and guidelines, who is also responsible for supervising, controlling, auditing, and consulting on the Policy. The Policy is subject to regular reviews, at least annually, or as often as necessary. The AOT’s Deputy Managing Director for ICT Group is assigned to supervise, control, audit, and consult on the feedback in relation to following the AOT Personal Data Protection Policy

Goal of the AOT security plan

More Information

Data Security and Privacy Management

ICT security and privacy protection are embedded in corporatewide risk management. Failure to comply with ICT Security Policy and Personal Data Protection Policy by employees and contractors will result in disciplinary actions. The ICT Strategy Department, ICT Group is assigned to manage the ICT-related and data security-related issues, as well as to organize activities in line with the AOT ICT Security Plan, Personal Data Protection Plan, and ICT Security Guidelines. The Action Plan is subject to annual reviews and the performance is to be reported to ICT Management Committee, which is chaired by the President.

More Information

Data Security and Privacy Promotion Project

In the 2020 financial year, AOT organized the annual Simulation Table-Top exercise for the ICT Business Continuity Plan (ICT BCP). The exercise involved a malware cyberattack being spread at the AD server of AOT, resulting in an unresponsive ICT system, including e-Mail and ESS, during business hours, requiring an authorization to disconnect to the server to reduce the spread of the malware and to employ the ICT BCP to restore the AD server.

In addition, AOT has been conducted an Vulnerability Assessment and consistently organized the training and campaign on Data Security and Privacy, to raise awareness on the topic of ICT Security among the AOT staff every year.

More Information

Management Evaluation

AOT requires an ICT Security Assessment according to the ISO/IEC 27001:2013 to be conducted by an independent contractor, and to track the number of complaints from clients, government agencies, and external agencies, including the data breach or continuous data loss, and to be quarterly reported to the ICT Management Committee, which is chaired by the President. It is also to consider determining any measures to reduce risk and maintain confidence in terms of data security and privacy of the clients. The performance statistics are to be annually published in the Sustainable Development Report.

Contact point in case of ICT security and privacy issues

Airports of Thailand Public Company Limited (AOT)
333 Cherdwutagard Road, Srikan, Don Mueang, Bangkok 10210 ,Thailand

AOT Contact Center 1722

(66) 2132 1888

(66) 2535 4061