Thailand: Adopted NCSC Minimum Standards for Data and Information Systems B.E. 2566 (2023)

Adopted NCSC Minimum Standards for Data and Information Systems B.E. 2566 (2023)

On 18 December 2023, the National Cyber Security Committee (NCSC) adopted an order on the Minimum Standards for Data and Information Systems B.E. 2566. These standards outline cybersecurity control measures to improve the confidentiality, integrity, and availability of critical national information systems. Organisations must implement measures based on their risk levels (low, medium, and high). The measures include risk assessments, incident response plans, asset management, and cybersecurity awareness training, among others, tailored to the systems' cybersecurity risk levels.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2023-12-18

adopted

On 18 December 2023, the National Cyber Security Committee (NCSC) adopted an order on the Minimum S…

2025-01-18

in force

On 18 January 2025, the National Cyber Security Committee’s (NCSC) order on the minimum standards f…

Description

Adopted NCSC Minimum Standards for Data and Information Systems B.E. 2566 (2023)

Scope

Complete timeline of this policy change