INFORMATION SECURITY & PRIVACY
Along with migration onto digital platforms, it has become imperative for us to ensure the security of our data, as well as that of our guests, Allstars and third parties.
Accordingly, in 2018, we outlined a data governance roadmap to the year 2021 to set up a robust framework to protect the confidentiality of all data within our systems.
This includes the implementation of data security control measures as well as tools to monitor their effectiveness.
Data security at AirAsia is assured by its Data Governance Policy which is supported by an Information Security Policy and Access Control Policy as well as SOPs for:
Server, Database and Network Hardening
Information Security Incidents Response
Data Governance Policy
This policy outlines the following:
How business activity should be carried out to ensure organisation data is accurate, accessible, consistent and protected
Roles and responsibilities for management of information under various circumstances
Procedures to manage and protect different types of data
Compliance with applicable laws, regulations and standards
Documentation of data trails within the processes associated with accessing, retrieving, exchanging, reporting, managing and storing of data
Our Group Information Security and the Information Communication Technology (ICT) Departments are responsible for guiding IT activities across the Group, establishing and maintaining IT policies, a security services framework, standards, guidelines, procedures, roles and responsibilities to manage our increasingly complex network.
Information Security Policy
In 2020, we revised our IT Security Policy into Information Security Policy.
The policy is designed to protect AirAsia information resources hence the Group’s reputation, legal position and ability to conduct its operations. Among others, it provides guidelines for IT users in AirAsia on how to use their laptops and other devices safely.
Access Control Policy
Issued in March 2020, the Access Control Policy supersedes our User and Vendor Access Management SOP. It serves to implement access controls across AirAsia networks, information systems, and services to protect data confidentiality, integrity and availability.
Server Database, Network Hardening SOPs
Issued in June 2020, these SOPs outline rules and procedures for further protecting the servers, database and network equipment, thus minimising IT-related risks.
Information Security Incident Response SOPs
These SOPs provide technical guidelines on effective and efficient response to incidents ensuring the quick recovery of operations while minimising loss of information and service disruption. In line with our commitment to ISO 27001:Information Security Management System, we conduct a mandatory training on Information Security Awareness each year to ensure proper handling of data.
For full details and the complete AirAsia Sustainability Report 2020, click here.