The Thailand Office of Insurance Commission published an update confirming it has passed its first surveillance audit against ISO/IEC 27001:2022 and ISO/IEC 27701:2019, supporting the continued maintenance of its information security management system and privacy information management system following initial certification last year. The audit was conducted by Bureau Veritas Certification (Thailand) between 31 March and 1 April 2026. The certified scope covers the Office’s data centre operations, including infrastructure management, physical security, security device management and network security management, as well as the Insurance Bureau System for both non-life and life insurance across the headquarters in Bangkok, the data centre site and the disaster recovery site. The update also links the ISO/IEC 27001:2022 framework to cyber risk governance and business continuity for key systems, and describes ISO/IEC 27701:2019 as supporting compliance with Thailand’s Personal Data Protection Act B.E. 2562, including the Office’s role as personal data controller for the Insurance Bureau System.
Thailand Office of Insurance Commission 2026-04-23
Thailand Office of Insurance Commission passes ISO/IEC 27001:2022 and ISO/IEC 27701:2019 surveillance audit
The Thailand Office of Insurance Commission has passed its first surveillance audit against ISO/IEC 27001:2022 and ISO/IEC 27701:2019, confirming continued maintenance of its information security and privacy information management systems. The certification, conducted by Bureau Veritas Certification (Thailand), covers data centre operations and the Insurance Bureau System for non-life and life insurance, and is linked to cyber risk governance, business continuity and compliance with Thailand’s Personal Data Protection Act B.E. 2562.