About Us

Good Corporate Governance

​​​​​

Data Governance Policy

1. General Requirement

     Bangkok Life Assurance Public Company Limited (the “Company”) has established this Data Governance Policy to define the roles and responsibilities of the Data Governance Structure, serving as guidelines for data management. This policy ensures proper maintenance of data, which is an information asset that is extremely important for supporting the business plan, in accordance with international standards and the Company’s nature of business operations, complexity, and risks.

1.1 Purpose

  1. To support the organization's vision and business goals to ensure efficient, quality, accurate, complete, and secure use of data, enforce proper personal data protection, incorporate data life cycle management, and implement appropriate risk management, in accordance with relevant laws, notifications, regulations, and criteria.
  2. To serve as guidelines for data governance and preparation of operational frameworks and standards for executives, employees, and related persons, with the goal of becoming a data-driven organization.

1.2 Scope

     This policy applies to the data of Bangkok Life Assurance Public Company Limited (the “Company”) and its subsidiaries. Personnel of the Company and related external service providers are required to support, implement, and strictly comply with the Data Governance Framework.

1.3 Effective Date

     This policy shall be effective from the date of approval by the Board of Directors.

1.4 Review Frequency and Revision

     This policy must be reviewed annually, or when a significant change arises.

     Any revisions or review of this policy must be considered by the Data Governance Committee (DGC) before being submitted to the Board of Directors for approval.

1.5 Responsible Function

     The Digital Innovation Department is responsible for managing this policy.

2. Main Requirement

2.1 Definition

  2.1.1 “The Company” means Bangkok Life Assurance Public Company Limited.
  2.1.2 “Subsidiary” means companies in which the Company holds shares directly or indirectly of more than 50%.
  2.1.3 “Data Governance Structure” means the process of establishing direction and control measures for data management, as well as reviewing data management to ensure compliance with the specified policies, rules, regulations, or requirements. Robust data governance facilitates efficient data management, resulting in data security, data quality, and favorable operational results.
  2.1.4 “Data Owner; means a person or function that has the authority and responsibility to manage and control the specific data set.
  2.1.5 Data Steward” means a person from a function involved and having expertise in the specific data in question. This person is responsible for supervising the data to ensure compliance with the Company’s policies, frameworks, standards, and processes. The Data Steward roles can be categorized into Business Data Steward, Technical Data Steward, and Legal Data Steward.
  2.1.6 “Data Life Cycle” means the sequence of stages that data undergoes from its initial creation to its destruction, consisting of five stages: 1. Creation, 2. Storage, 3. Processing and Use, 4. Disclosure and Confidentiality, and 5. Archiving and Destruction.
  2.1.7 “Metadata” means information used to describe primary data or other data groups related to both business and information technology processes, detailing the conditions, limitations of data, and data structure, helping the Company to better understand system data and work processes.
  2.1.8 “Metadata Management” means the process involving managing or controlling the description of data sets to ensure that the description can be accessed, shared, linked, analyzed, and integrated effectively throughout the Company.
  2.1.9 “Data Quality” means the quantitative measurement of the availability of data in a useful manner, consisting of six components: accuracy, completeness, consistency, timeliness, uniqueness, and relevance.
  2.1.10 “Data Quality Management”means the process related to planning, implementing, and controlling various activities, including improvement to ensure that data is of quality, reliable, and can be used for analysis and business decision-making correctly and appropriately.

2.2 General Principle

     This policy is established to ensure implementation of data governance operations, support the organization's vision and business goals for efficient, quality, accurate, complete, and secure use of data, enforce personal data protection, incorporate data life cycle management, and implement appropriate risk management, with the goal of becoming a data-driven organization, in accordance with relevant laws, notifications, regulations, and criteria.

2.3 Role, Duty, and Responsibility

     Referring to the Company's Data Governance Framework.

2.4 Requirement

  2.4.1 To define the roles, duties, and responsibilities of groups and individuals according to the Company's Data Governance Structure, namely, Data Owners, Data Stewards, and Data Users, and to ensure their strict compliance with their assigned roles and responsibilities in data management.
  2.4.2 To establish appropriate and rigorous operational framework and standards in accordance with this policy, covering quality, correct, complete, and secure data management, personal data protection, data life cycle management, and risk management, consisting of the following topics:
2.4.2.1 To provide guidelines for data management according to the data life cycle, from creation, storage, processing and use, disclosure and confidentiality, and archiving and destruction.
2.4.2.2 To provide guidelines for the preparation of operational plans, metadata and data catalogs, data categorization, and data classification, in compliance with applicable standards for data and data sets throughout the Company.
2.4.2.3 To provide guidelines for data quality management, including establishment of data quality criteria, data quality assessment, data quality improvement, and data quality monitoring, and to define data quality indicators in the dimensions of accuracy, completeness, consistency, timeliness, uniqueness, and relevance.
2.4.2.4 To provide guidelines for data utilization management and data analysis to create business opportunities, and promote effective decision-making with quality data in compliance with relevant criteria and laws.
2.4.2.5 To ensure the implementation of data security measures to prevent violation, access, loss, destruction, or alteration of data in a wrongful or unauthorized manner.
2.4.2.6 To establish measures for personal data protection and data privacy in accordance with the personal data protection policy and practices that comply with relevant laws, regulations, and criteria.
2.4.2.7 To implement data risk management by maintaining readiness to manage data-related issues and risks to prevent incidents that may lead to damage, as well as to reduce the impact in the event that damage has already occurred.
2.4.2.8 To provide guidelines for data governance maturity assessment to measure the efficiency and identify the current level of the Company's data governance, and use the assessment results to improve the efficiency of data management guidelines.
2.4.2.9 To implement measures to monitor and inspect data security, personal data protection and data privacy, and data risk management on a regular basis.
2.4.2.10 To monitor and manage related communications to ensure effective implementation throughout the Company, while promoting and raising awareness of personal data governance among personnel at all levels on a regular basis.