Information Security Policy

Last updated: October 5th, 2025

At V Group Consulting & Solutions (“we”, “us”, or “our”), we are committed to protecting the confidentiality, integrity, and availability of information entrusted to us by our clients, partners, and stakeholders. This Information Security Policy outlines the principles and practices we follow to safeguard data and ensure secure digital operations across our systems and services.

Purpose

The purpose of this policy is to define the information security standards we adopt to protect sensitive and personal information from unauthorized access, misuse, loss, or disclosure, and to ensure compliance with applicable laws and regulations.

Scope

This policy applies to:

All employees, contractors, and consultants of V Group
All systems, networks, software, and digital platforms we use
All client information and internal data processed, stored, or transmitted by V Group

Information Security Principles

Confidentiality

We ensure that information is accessed only by authorized individuals based on their roles and responsibilities.

Integrity

We maintain the accuracy, completeness, and reliability of information through proper controls, audits, and monitoring.

Availability

We take steps to ensure that systems and information are accessible when needed to support business operations and client services.

Security Controls

Access Control

User access is granted based on the principle of least privilege
Role-based access control (RBAC) is applied where applicable
Multi-factor authentication (MFA) is used on critical systems
Access reviews are conducted periodically

Data Protection & Encryption

Data in transit is encrypted using HTTPS/SSL
Sensitive data is stored securely with appropriate protection measures
Backup data is encrypted and stored in secure environments

Network & System Security

Firewalls and intrusion detection/prevention tools are implemented
Systems are regularly patched and updated
Logs and activities are monitored for suspicious behavior

Secure Development & Implementation

For ERP/CRM and digital solutions we deliver:

Follow secure coding practices
Perform testing to identify vulnerabilities
Apply change management and version control procedures

Physical Security

Access to our offices, devices, and equipment is restricted
Devices storing client data are protected by passwords and encryption

Third-Party & Vendor Security

We engage only with trusted service providers who comply with security and data protection standards.
Contracts include confidentiality and security obligations aligned with our internal policies.

Incident Management

We maintain procedures to:

Detect, assess, and respond to security incidents
Mitigate risks and reduce impact
Notify affected parties and authorities when required by law
Perform root-cause analysis and improve preventive measures

Business Continuity & Disaster Recovery

We ensure that critical systems, services, and data can continue to operate or be restored in the event of:

System failures
Cyber incidents
Natural disasters or other disruptions

Regular backups and recovery tests are performed to maintain operational readiness.

Employee Awareness & Training

All personnel receive training on:

Information security best practices
Data handling policies
Threat awareness (phishing, malware, social engineering)
Confidentiality responsibilities

Compliance

We comply with applicable laws and regulations, including:

Thailand Personal Data Protection Act (PDPA)
Data protection requirements relevant to our clients in Japan & Southeast Asia
Industry best practices aligned with ISO/IEC 27001 principles

Review & Update

This Information Security Policy is reviewed periodically and updated as necessary to reflect changes in technology, operations, or legal requirements.

Contact

For questions regarding this Information Security Policy, please contact:

V Group Consulting & Solutions

Email: contact@vgroupth.com

Bangkok, Thailand