Thailand: Adopted CSSC Code of Conduct and Framework Standards for Cybersecurity for Government Agencies and Critical Information Infrastructure Organizations, B.E. 2564 (2021)

On 2 August 2021, the Cyber Security Supervisory Committee (CSSC) adopted the Code of Conduct and Framework Standards for Cybersecurity for Government Agencies and Critical Information Infrastructure Organizations, B.E. 2564 (2021). The code sets minimum cybersecurity measures for government agencies and critical information infrastructure organisations. It mandates the establishment of a cybersecurity framework, including risk assessment, incident response, and data protection measures. Organisations must implement access controls, continuous monitoring, and periodic audits to ensure compliance. The regulation also requires the appointment of a cybersecurity officer, regular staff training, and the reporting of cybersecurity incidents to the relevant authorities within a specified timeframe.