en
TH
Corporate Governance

Corporate Governance

Supporting the SDGs Goals

SDGs

Goal 5:
Achieve gender equality and empower all women and girls.
Goal 10:
Reduce inequality within and among countries.
Goal 16:
Peaceful and inclusive societies, justice, and non-discrimination.

Goal and Performance Highlights

Key Performance in 2025

  1. The Company participated in the Corporate Governance Report of Thai Listed Companies 2025 (CGR 2025), conducted by the Thai Institute of Directors (IOD) and the Stock Exchange of Thailand (SET). The Company received an “Excellent” (5-star) award for the fifth consecutive year and ranked in the top quartile among listed companies with a market capitalization of 30,001–100,000 million baht.
  2. The Company has received the ASEAN Asset Class PLCs award from the ASEAN Corporate Governance Scorecard (ACGS) assessment for the first time, as a listed company recognized for good corporate governance in the ASEAN region, social and environmental responsibility, and sustainable growth across the entire value chain.
  3. In the 2025 Annual General Meeting Quality Assessment, the Company achieved a perfect score of 100, earning “Excellent and Exemplary” status for the 7th consecutive year. This recognition reflects the Company’s commitment to good corporate governance, particularly with respect to the rights and equitable treatment of all shareholder groups. Going forward, the Company remains committed to maintaining the “Excellent and Exemplary” standard as a long-term objective.
  4. 100% of employees at all levels completed the training on Code of Conduct.
ESG Performance Data

Challenges and Opportunities

Commitment

The Company has its intention to conduct business under the good corporate governance principles following to the practical guidelines of the Stock Exchange of Thailand. By realizing that the important factor for strengthening the efficient management with transparency and accountability, which can help to build the reliability and confidence to shareholders, investors, all stakeholders and related persons, and increase the competitive advantage that leads to sustainable business growth. Therefore, the Board of Directors has established the Corporate Governance Manual, Business Ethics, and Code of Conduct for directors, executives to adhere to be practical guidelines

Management Approach and Value Creation

Management Approach

The company pushes forward to control the compliance to corporate governance policy, Code of Conduct, and Anti-corruption policy, to be a part of regular working and adhere to comply for all the organization. And for promoting all employees to realize to legal working with related regulations, the Company has communicated through employee orientation training, internal communication channel “Share Point” and the company website.

The Board of Directors has set business ethics and code of conduct under the Core Values to serve as a model, scope, standard and behavior guidelines for the Company’s personnel, including the Board of Directors, executives and employees at all levels, to perform their duties in corporate work. It also ensures that operations are conducted with ethics, morality and integrity, building a corporate foundation and image as a sustainably growing organization. Hence the Company has documented its Code of Conduct in writing and disseminated it to its directors, executives and employees through the Company’s website and internal communication channels “Share Point.”

In 2025, the Sustainability and Corporate Governance Committee reviewed and updated the Code of Conduct to incorporate provisions on Information Technology Security Management and Anti-Money Laundering, in alignment with the principles for establishing a code of conduct. The revised Code of Conduct was approved by the Board of Directors at Meeting No. 3/2025. During the year, no violations of the Company’s Code of Conduct were found.

Violation Statistics

Reporting 2023 2024 2025
Violation and non-compliance with business ethics. 0 0 0
Violation and non-compliance with Code of Conduct. 0 0 0
Corruption or Bribery (Time) 0 0 0
Number of Employees Dismissed for non-compliance with the Anti-Corruption Policy (persons) 0 0 0
Number of fines for non-compliance with the Anti-Corruption Policy (Baht). 0 0 0
Discrimination or Harassment (times) 0 0 0
Customer Privacy Data (times) 0 0 0
Conflicts of Interest (times) 0 0 0
Money Laundering or Insider trading (times) 0 0 0
Human rights violations 0 0 0
Compensation amount for human rights violations (Baht). 0 0 0
Compensation for Corruption and Bribery Violations (Baht). - - -

Examples of corrective actions, including preventative measures against recurrence

Code of Conduct on Information Technology Security Management in Cases of Using Unlicensed Software

Control employees to follow the procedures properly
  1. Define the conditions of use of the computer and the installation of computer programs.
  2. Do not install and use the same computer programs on multiple computers at the same time.
  3. Use opensource computer program.
Communication and building awareness to employees
  1. Provide training to educate employees on the correct use of computer programs.
  2. Prepare manuals and precautions for using the correct computer program.
  3. Use every opportunity to raise awareness among employees about the importance and guilt of copyright infringement.
Follow - up monitoring and auditing
  1. Record the history base of purchasing licensed computer programs.
  2. Audit the use of computer programs at all points on a quarterly basis.
  3. Those who commit copyright infringement, which is Code of Conduct violation of the Company, will be subject to disciplinary action in accordance with the company's regulations and may be punished according to the law if the act is unlawful.

Complaints and Corruption Management

The Company has established a Whistleblowing Policy and provides whistleblowing channels for reporting corruption or unethical conduct in violation of the Company’s Code of Conduct through the following channels:

Whistleblowing Channels Recipients
Letter
232 Moo 19, Rob Mueang subdistrict, Mueang Roi Et district, Roi Et province, 45000
 Internal Audit Department
E-mail secretary@globalhouse.co.th Company Secretary
Website https://investor.globalhouse.co.th/whisleblowing/ Company Secretary
Telephone Call Center 1160 Company Secretary

Complaints Handling or Whistleblowing Procedure

External Person or Internal Person
Complaints Handlingor Whistleblowing Department
The Audit Committee and Internal Audit Department
The Board of Directors

The Company has established effective procedures for complaints handling and whistleblowing procedures in compliance with international standards and the principles of good corporate governance, as follows:

  1. When a whistleblowing report or complaint is received, the person responsible through each reporting channel will acknowledge receipt to the whistleblower (if the whistleblower’s identity is disclosed), gather relevant information, and submit the case to the Investigation Committee for further investigation
  2. The Investigation Committee will conduct fact-finding, review and analyze the information received, assess the potential impacts, and report the investigation results to the Audit Committee and/or the Management Team for consideration. If misconduct is confirmed, appropriate disciplinary actions will be taken in accordance with the prescribed measures, and the results will be reported to the Board of Directors for consideration of the disciplinary measures.
  3. The investigation committee reports findings to the complainant or whistleblower (if they identified themselves) within 7 business days from the date the findings are finalized.

Whistleblower Protection Measures

  • Whistleblowers or complainants may choose to remain anonymous if disclosure of their identity could affect their employment or personal safety. In cases where the whistleblower discloses their identity to the Company, the Company will provide updates on the progress and clarify relevant facts to the whistleblower.
  • The Company will keep related information confidential, considering the safety and well-being of the complainant. Protection measures have been established for the whistleblower or complainant and/or the information provider and/or the cooperating party in verifying the facts. They will be protected against unfair practices, such as changes in job position, job nature, workplace, be suspended from job, harassment, interference with work, termination, resulting from the reporting of complaints.

In 2025, No reports of whistleblowing or complaints related to violations of the Anti-Corruption, the Code of Conduct. Future more the Company disclosed and communicated the Whistleblowing Policy to employees at all levels and all stakeholder through various channels, including the Company’s website, internal communication channels via “SharePoint,” and E-Learning platforms. In 2025, 100% of employees at all levels received communication on the Whistleblowing Policy.

Cybersecurity and Information Management

The Company utilizes digital technology to operate the business and data management, efficiency working, and competitiveness. With its internal operating systems are connected through the Internet network and supported by cloud technology for data storage, including trade information and personal data which may pose risks related to cyber threats such as cyber-attacks, system intrusions, or the spread of malware that could result in operational disruptions or data breaches, affecting business operations and stakeholder trust. To ensure information technology and cybersecurity safety, the Company has established an Information Technology and Cyber-Security Policy to serve as guidelines for data usage, operational practices, protection of customers’ personal data, safeguarding of supplier information, program design and development, and maintenance of information technology systems in an appropriate manner and in compliance with applicable laws. In addition, the Company utilizes cloud services as a Data Center, which are certified in accordance with international standards, including ISO/IEC 27001, ISO/IEC 20000-1, ISO 22301, ISO 50001, and CSA STAR. These standards cover information security management systems, IT management, business continuity management, and cloud security standards.

Cybersecurity and Information Risk Management

The Company has an Audit and Risk Management Committee responsible for overseeing compliance with relevant policies, rules, regulations, and standards related to the use of information technology, data security systems, and cybersecurity. In addition, the Company has established a Cyber Security working group responsible for managing and assessing information technology risks.

Cybersecurity Processes

The Company manages cybersecurity by establishing the following guidelines and practices:

  1. Business Continuity Plan: BCP

    The Company places importance on cybersecurity risk management to ensure that the business can maintain essential services and critical operations during and after disruptive events. The Company has established a Business Continuity Plan (BCP) that covers various significant incidents that may affect operations and information security, including both physical and cyber-related risks, as follows:

    1. Natural Disasters, Power Outages, and Equipment Failures

      The Company has established guidelines and procedures to respond to emergency situations such as natural disasters and power outages. Key measures include:

      • Preparing backup power systems to ensure that critical information systems can continue operating in the event of a power outage.
      • Performing regular data backups and storing backup data in locations or systems separate from the primary systems to prevent data loss.
      • Designing information technology infrastructure with resilience in mind to reduce risks arising from system failures.
      • Periodically testing the Business Continuity Plan (BCP) and disaster recovery plans to assess readiness and improve the plans in line with changing situations and technologies.

    2. Cyberattacks

      The Company has established guidelines and measures to prevent, detect, and respond to cyberattacks in order to limit potential impacts on business operations, information system security, and company data. Key measures include:

      • Implementing information security controls, such as intrusion prevention systems, malware protection systems, and data encryption.
      • Defining system access rights based on roles and responsibilities, with regular reviews of access privileges to prevent unauthorized access to information.
      • Establishing a Cyber Incident Response Plan that defines procedures for notification, incident containment, remediation, system recovery, and communication with relevant stakeholders.
      • Performing regular data backups and recovery testing to prepare for cyber incidents such as malware or ransomware attacks and to reduce the risk of data loss.
      • Providing ongoing cybersecurity training and awareness programs for employees.
      • Regularly reviewing, analyzing, and improving cybersecurity measures to ensure alignment with evolving cyber threats.
  2. Cybersecurity Measures and Cyber Threat Response

    The Company has established cybersecurity measures and a cyber threat response process that enables employees to report any abnormalities or damages arising from cybersecurity-related incidents encountered during work operations through the “IT Service Center.” Reports can be submitted via E-mail: cybersecurity@globalhouse.co.th, and the Information Technology team will promptly manage the incidents in accordance with the established incident reporting and escalation process. Relevant stakeholders, from operational staff to top executives, are informed to ensure timely remediation and continuous follow-up until the incidents are fully resolved.

    Information Technology Security Statistics 2023 2024 2025
    Number of clients and customers affected by data breaches 0 0 0
    Number of employees affected by data breaches 0 0 0
    Total number of Information security breaches 0 0 0
    Total number of clients, customers and employees affected by breaches 0 0 0
    Total fines incurred by data breaches 0 (Baht) 0 (Baht) 0 (Baht)

Privacy Policy

The Company recognizes the significance of respecting the right to privacy and securing personal data for its customers, suppliers and employees. Therefore, a Privacy Policy was established to inform stakeholders about the privacy policy, details on data collection, usage and disclosure under the Personal Data Protection Act (PDPA) B.E. 2562. Also, the code of conduct and operation guidelines are set with strict measures to protect personal data and to ensure that the personal data of customers, suppliers, and employees is kept confidential. If there is a need to use personal data, consent must be obtained first, and the data must be used lawfully. The Company has elevated its data protection measures as follows:

  1. The Company has established an organizational structure and clearly defined the roles and responsibilities of the related departments and personnel. By doing so, the Audit and Risk Management Committee was appointed to act as the Privacy Committee.
  2. The Personal Data Protection Committee is responsible for overseeing personal data and related internal controls, managing unusual events related to personal data, and evaluating the effectiveness of compliance with the Personal Data Protection Policy.
  3. The Company’s Personal Data Protection Officer (DPO) is appointed to oversee the operations of the Company’s units to ensure compliance with the law and the Company’s Personal Data Protection Policy, and regularly report the Personal Data Protection Status to the Personal Data Protection Committee.
  4. The Company organizes training programs to provide knowledge about the PDPA law and the Company’s Personal Data Protection Policy to all levels of employees.

Action Procedure for Data Breach

The Company has established procedures for managing personal data breaches. In the event of a data impact, the Data Protection Officer (DPO) will notify the Innovation & System Development Department to investigate the cause, identify the source of the data leakage, and implement corrective actions. The outcomes of the investigation and remedial measures will then be reported to the Personal Data Protection Committee.

2023 2024 2025
Number of complaints related to personal data breach - Customers 0 0 0
Number of complaints related to personal data breach - Suppliers 0 0 0
Number of complaints related to personal data breach - Employees 0 0 0

Anti-Corruption

The Company recognizes the importance of anti-corruption and conducts business operations in a consistent manner of ethics, morals, integrity and transparency, based on good corporate governance and social responsibility, and accountability to all stakeholders. To demonstrate intent and commitment to anti-corruption, the Company has declared to join the Thai Private Sector Collective Action against Corruption (CAC) and has established a implemented a formal anti-corruption policy to serve as a guideline for the Board of Directors, executives, and employees at all levels.

For more information on the Anti-Corruption Policy, please visit:

Key Operation in 2025

  1. Training on the Anti-Corruption Policy has been consistently provided to the Company’s directors, executives, employees at all levels, contractors, and Product Consultants.
  2. The Company has been a member of the Thai Private Sector Collective Action against Corruption (CAC), aiming to address corruption in the business sector of Thailand.
  3. The Anti-Corruption Policy and related guidelines were revised to enhance clarity and effectiveness.
  4. The Company’s open letter was documented as an invitation to join the Network of the Thai Private Sector Collective Action against Corruption (CAC).
  5. The Internal Audit function reviewed and assessed risks related to business activities that may be exposed to corruption, as well as the internal control system. Overall, the internal control system was deemed adequate and appropriate.

Key Performance in 2025

  1. 100% of employees at all levels and Tier 1 suppliers acknowledged the anti-corruption and anti-bribery policies.
  2. The employees at all levels were trained on anti-corruption policy and Practical Guideline, totaling 12,342 participants.
  3. 100% of contractors and product consultants acknowledged the anti-corruption policy and anti-bribery.
  4. 100% of business activities have been assessed for corruption risk.

Practical Guideline for Anti-Corruption

  1. The Company is committed to conducting business with honesty, integrity, transparency and provability, and does not support or accept all forms of corruption, both directly and indirectly.
  2. The Company requires subsidiaries and joint ventures to adopt the anti-corruption policy as a principle of business operations.
  3. The Company establishes the Anti-Corruption Policy in writing, which has been reviewed and amended to comply with relevant requirements.
  4. The Company disseminates the anti-corruption policy to all stakeholders through various channels. These include the Company’s website, the internal communication platform “SharePoint”, public information boards in all stores, and the annual report.
  5. The Company offers channels for communication, complaints, or whistleblowing about corruption. It has measures in place to protect whistleblowers and ensures that their positions will not be reduced, nor will they face punishment or negative consequences for denying corruption. This protection applies even if their actions cause the Company to lose business opportunities. Complaints can be submitted through various channels, including emails or the Company’s website.
  6. The Company is dedicated to conducting its business with transparency and fairness by establishing the Anti-Corruption policy and guidelines to ensure compliance. Additionally, the Company promotes awareness, values, and attitudes that foster a corporate culture encouraging its directors, executives, and employees at all levels to adhere to relevant laws and regulations.
  7. The Company has established an efficient and effective risk management system and internal control system, including preventing corruption.
Certified Member of Thai Private Sector Collective Action Against Corruption

Related Documents

Corporate Governance

ESG Reporting Library
Anti-corruption Policy
Download
Audit & Risk Management Committee Charter
Download
Board Diversity Policy
Download
Charter of Sustainability and Corporate Governance Committee
Download
Charter of the board of directors
Download
Corporate Governance Manual and Code of Conduct
Download
Information Technology and Cyber Security Policy
Download
Nomination and Remuneration Committee Charter
Download
Open Letter
Download
Succession Plan
Download
Sustainability Development Policy
Download
The Criteria for Nomination and Appointment of Directors and Top Executives
Download
Whistleblowing Policy
Download
ESG Reporting Library

ESG In Action

Our Activities

Explore All Activity in Governance and Economic
Information Technology Security Communication and Training
Governance and Economic
17 March 2025
Information Technology Security Communication and Training
Communication, Training and Building Awareness
Governance and Economic
01 January 2025
Communication, Training and Building Awareness
Communication, Training and Building Awareness
Governance and Economic
01 July 2024
Communication, Training and Building Awareness
Explore All Activity in Governance and Economic