Governance and Economic

Governance and Economic Sustainability Management Goals

The Company recognizes the importance of managing corporate governance and economic dimensions in an era where businesses face volatility and rapid changes, with a focus on creating shared value throughout the supply chain alongside adherence to good governance principles and business ethics. In 2024, the Company elevated its assessment of key sustainability issues by integrating corporate governance and economic dimensions into systematic organizational development, covering the improvement of definitions and scope of key issues, development of impact assessment methodologies, and prioritization alignment with the growing organizational context, to lead to the development of competitive capabilities, building stakeholder confidence, and sustainable growth.

Good Corporate Governance

The Company is committed to conducting business based on integrity, transparency, and accountability within the legal framework, recognizing that good corporate governance and ethics are the cornerstone of sustainable operations, which are crucial factors in building credibility and trust from all stakeholders. The Company places utmost importance on preventing risks from corruption and bribery that may severely impact confidence and cause financial damage. Therefore, it has clearly declared its commitment to being an organization free from all forms of corruption, while strictly adhering to the prevention of illegal activities.

The Company has established a systematic governance structure with the Board of Directors providing oversight at the highest level, along with specialized sub-committees comprising the Audit Committee, Risk Management Committee, Nomination and Remuneration Committee, Corporate Governance and Sustainable Development Committee, and Executive Committee. The Company has developed comprehensive policies covering all dimensions, including good corporate governance policy, business code of conduct, insider information prevention policy, conflict of interest policy, and anti-corruption policy. The Company conducts communication and training for executives and employees at all levels to instill these as part of the organizational culture, requiring all executives and employees to sign acknowledgment and strictly comply with the policies.

Corporate Governance Structure

Corporate Governance and Sustainable Development Structure

Click to Enlarge

Medium-Term Goals

Achieve FTSE Russell "Good" level rating in 2026.
Participate in the CAC Change Agent program.
Upgrade FTSE Russell rating to "Best Practice" level in 2027.

Long-Term Goals

Continuously renew CAC certification.
Maintain rating levels and good corporate governance standards sustainably.

Corporate Ethics and Code of Conduct Promotion Project

The Company has developed a Corporate Ethics and Morality Promotion Program to enhance knowledge and understanding of business ethics and moral principles among employees at all levels, enabling them to implement these principles in practice. The key objectives are to conduct business transparently and responsibly, create a valuable and sustainable work environment, and communicate knowledge on important issues to employees throughout the organization. This includes anti-corruption, human rights principles, workplace ethics, and whistleblowing channels. The program is committed to creating an operational framework that respects and honors employees, as well as promoting adherence to good governance principles and morality in every work process.

In 2024, the Company conducted four main activities: building basic understanding through year-round ethics promotion via the intranet, developing principles and tools by creating a good corporate governance and business ethics handbook, producing digital content covering three key areas - transparency tools, misconduct reporting, and customer focus, and conducting evaluations through a "Speedy Quiz" knowledge test in September. The results showed that out of 1,231 total employees, 1,109 employees passed the test, representing 92.78%. For employees who had not yet passed the test, the Company notified department heads to arrange additional training and knowledge enhancement, with follow-up on subsequent test results to ensure all employees pass the test completely and create correct understanding throughout the organization.

Thai Private Sector Collective Action Against Corruption (CAC) Participation Project

The Company implements the Thai Private Sector Collective Action Against Corruption (CAC) participation project to elevate good corporate governance standards and build confidence among all stakeholders, with a commitment to conducting business transparently and free from all forms of corruption. The main objective is to receive certification as a member of the Thai Private Sector Collective Action Against Corruption (CAC) by 2025, which will confirm the Company's commitment to conducting business with good governance and social responsibility.

The Board of Directors resolved to join the project and declared its intent on February 28, 2024, while appointing an Anti-Corruption Sub-Committee as the main management mechanism. The Company has prepared knowledge dissemination documents and provided training for employees at all levels, conducted anti-corruption seminars, promoted policies to all stakeholders, prepared letters to business partners to create cooperation, and established concrete prevention and risk control measures. There is an implementation plan for evaluation from January to May 2025 to apply for CAC certification in May 2025, with the certification results expected to be announced in November 2025.

Anti-Corruption Promotion Project Within and Outside the Organization

The Company implements an anti-corruption promotion project both internal and external to the organization to create a corporate culture free from all forms of corruption and extend good practices to the business chain. The objectives are to raise awareness and commitment to anti-corruption among personnel at all levels, as well as encourage business partners and allies to jointly uphold and practice the same anti-corruption guidelines, in order to create a transparent and well-governed business ecosystem.

Operations are divided into two main parts. For internal operations, the Company requires all executives and employees to sign acknowledgment of the anti-corruption policy, communicates transparent business conduct guidelines through the intranet and website, and conducts training by speakers from Office of the National Anti-Corruption Commission (ONACC) and online training, with 258 executives and employees participating, along with orientation for new employees. For external operations, the Company formally notifies business partners of the policy, resulting in 89 new business partner companies signing acknowledgment and commitment to compliance, with regular reporting of operational results to the Audit Committee. The target is set for 100% of all new business partners and existing Tier 1 partners to sign acknowledgment, in order to expand the cooperation network in anti-corruption to cover the entire supply chain.

Cases of Business Code of Conduct Violations (Cases)	2024
Complaints of Business Code of Conduct Violations
Corruption	4
Conflicts of Interest	0
Violations of Internal Company Regulations	3
Obstruction of Trade Competition	0
Other Complaints
Society and Community	0
Environment, Occupational Health and Safety	0
Human Rights Violations	0
Others	0

Actions Taken After Investigation and Confirmation of Business Code of Conduct Violations (Cases)	2024
Termination of Employment	4
Disciplinary Action	3
No Penalty	0
Branch Transfer	0
Others	0

For all 4 corruption cases, after conducting fact-finding investigations and confirming the violations were genuine, the company imposed the maximum penaltyimmediately terminating the employment of the involved employees. This action was in accordance with the company's good corporate governance policy and anti-corruption measures, which are strictly enforced.

Risk Management

The Company places utmost importance on ESG risk management due to the rapidly changing business environment today, believing that effective ESG risk management will create long-term shared value in terms of improving operational efficiency, reducing costs, and building confidence among all stakeholders. Moreover, ESG risk management presents opportunities to create competitive advantages and serves as an important foundation for sustainable growth in the future. The Company defines "risk" as uncertain opportunities or events that may prevent plans from achieving objectives and cause negative impacts on the organization in terms of finance, image, and reputation.

The Company systematically implements risk management policies according to COSO standards, covering all levels from the Board of Directors to all personnel, focusing on managing risks to levels acceptable to the organization to ensure confidence in achieving objectives. The scope of risk management for 2024 covers 5 main categories: (1) Strategic risk related to business and competitive changes (2) Operational risk focusing on work process efficiency and supply chain (3) Governance risk ensuring confidence in regulatory compliance (4) Financial risk covering liquidity management and cost control and (5) ESG risk. Additionally, the Company has considered adding a corruption risk management framework which has been approved and will officially begin use in 2025. Operations are based on the COSO standard framework covering governance and organizational culture creation, strategy and objective setting, risk assessment and management, review and improvement, as well as communication and result reporting.

Environmental, Social, and Governance and Economic Risk (ESG Risk)

Risk from the ability to procure quality products to adequately meet customer demands

Risk from revenue loss due to weather conditions - floods, drought, unseasonable weather conditions

Risk from transition to a low-carbon society, such as laws or taxes related to carbon emissions

Human rights risk in the value chain

Occupational health and/or safety risk in the work environment

Medium-Term Goals

Develop the organization's BCP to comprehensively cover business continuity management risks in all dimensions by 2027.

Long-Term Goals

Develop sustainable organizational culture in risk management.
Completely integrate risk management into all organizational work processes.

Business Continuity Enhancement Project

In 2024, the Company implemented a business continuity enhancement project to strengthen sustainability by focusing on reviewing and testing the Business Continuity Plan (BCP) to prepare for and enhance capabilities in responding to emergency situations that may impact business operations.

Warehouse Flood Response Plan

Fire Emergency Response Plan

Information Security and Cybersecurity Plan

These actions align with the objective of reviewing and developing the Business Continuity Plan (BCP) to comprehensively cover the organization's key risks, thereby strengthening stability and confidence in continuous and sustainable business operations.

Supply Chain Management

In an era where the world is facing rapid changes from globalization, leapfrogging technological development, and various crises such as COVID-19, the Company recognizes that efficient and sustainable supply chain management is a key factor in creating resilience and readiness to respond to unexpected situations. At the same time, sustainability demands are playing an increasingly important role, both from consumers who want products and services that do not impact the environment and from stricter environmental regulations.

Supplier Code of Conduct

The Company has established a comprehensive Supplier Code of Conduct that covers both social and environmental aspects, focusing on preventing human rights violations, child labor, environmental care, as well as conducting business transparently and fairly. This code of conduct has been disseminated through the Company's website and various communication channels to ensure that all suppliers can access the information comprehensively.

Supplier Classification and Management

The Company categorizes suppliers into 4 tiers based on transaction value and product importance to assist in prioritizing management:

Tier 1 (Key Suppliers): Annual purchases exceeding 10 million baht with no substitute products. Must sign acknowledgment of the Supplier Code of Conduct
Tier 2: Annual purchases exceeding 10 million baht but with available substitute products
Tier 3: Annual purchases between 1-10 million baht
Tier 4: Annual purchases not exceeding 1 million baht

This classification helps the Company appropriately prioritize and allocate resources for management, starting with Tier 1 suppliers before expanding to other groups sequentially.

Evaluation and Monitoring System

The Company has developed a supplier evaluation system with clear criteria, requiring suppliers to have a total score of no less than 50% and an ESG score of more than 60%, along with regular monitoring and verification of code of conduct compliance, including tracking improvement results for identified deficiencies to ensure suppliers continuously implement improvements.

Supplier Relationship Development

The Company emphasizes positive supplier relationship development by creating understanding of sustainability operational approaches, supporting capability development, and promoting knowledge exchange and best practices sharing. These operations help strengthen close relationships and elevate supplier’s operational standards.

The Company systematically collects evaluation data and code of conduct compliance information for use in long-term business cooperation decision-making and development, while continuously reviewing and improving supplier management to align with changing situations and create greater efficiency in building sustainability throughout the supply chain.

Medium-Term Goals

All suppliers must pass minimum evaluation criteria.
Initial supplier evaluation score of no less than 50%.
ESG evaluation score of more than 60%.

Long-Term Goals

100% of both domestic and international suppliers must have no violations of environmental laws and social laws.
Purchase volume from companies in Thailand for distribution at 30% per year.
80% of key suppliers (Tier 1) in Thailand to receive ESG on-site audits by 2027.
Create a completely sustainable supply chain.
Develop strategic partnerships with suppliers in creating sustainability innovations.

Supplier Ethics Training and Communication Program

The Company has established a project to promote knowledge and understanding of business ethics principles with suppliers, create awareness in complying with laws and ethical standards, and strengthen sustainable relationships based on fairness and transparency.

Main Activities

Practical training workshops in both online and On-site Training formats to enhance knowledge of ethics and best practices.
Development of a Supplier Code of Conduct Handbook that compiles clear and comprehensive practice guidelines.
Systematic internal organizational communication to create shared understanding at all levels.

2024 Performance Results

Key domestic suppliers signed the Supplier Code of Conduct in full at

100%

in 2024 (11 key suppliers, Tier 1).

Suppliers have increased knowledge and understanding regarding

the importance of business ethics

Created sustainable business relationships and enhanced

long-term credibility

The Company achieved success in implementing its sustainable supply chain management policy, with all 11 key suppliers (Tier 1) in the country having signed acknowledgment and confirmed compliance with the Supplier Code of Conduct in full, representing 100%, which is considered a significant achievement in the Company's value chain management and reflects the establishment of solid cooperation with suppliers. In terms of supplier performance evaluation, throughout 2024, it was found that all suppliers passed the evaluation criteria in both operational and sustainability aspects, with no suppliers found to have scores below the established standard criteria. Furthermore, from close monitoring and coordination with suppliers in Thailand, no cases of violations or risks that might lead to environmental law violations were found. This success confirms the Company's commitment to developing and maintaining sustainability within the supply chain, both in social and environmental aspects.

Cyber Security and Personal Data Protection

With the rapid expansion of sales channels through digital platforms, the Company recognizes the importance of cybersecurity and personal data protection as critical factors for business sustainability. The growth of online systems has resulted in increased risks from more complex cyber threats, such as malware attacks, ransomware, and data breaches, which may negatively impact reputation, finances, and stakeholder confidence. This is compounded by stricter legal requirements, such as GDPR and PDPA, which encourage organizations to elevate their personal data protection standards.

The Company has therefore established information security and cybersecurity policies, as well as personal data protection policies that comply with Thai law, by setting up a PDPA working committee and the Information Technology Department as the main responsible units, along with strict control measures including: data access rights restrictions, Firewall configuration for AD Domain systems, annual rights reviews, and secure disposal of unused data. Additionally, the Company has hired external agencies to conduct risk assessments through Vulnerability Assessment and Penetration Test to identify vulnerabilities and continuously improve systems, including requiring security measures to be reviewed and audited at least once a year to effectively respond to evolving threats and build confidence among customers and stakeholders in the digital era.

Medium-Term Goals

1. Cybersecurity.

Zero cases of system breaches or information security threats or other cybersecurity incidents.
Zero cases of data breaches, including leaks, theft, and loss of personal data.

2. Personal Data Protection.

Zero complaints regarding personal data leaks.
Zero complaints regarding personal data leaks from regulatory authorities.

3. Implement and develop ISO/IEC 27001 standard system to achieve certification of this standard.

4. Upgrade data storage by migrating 100% of data from Server to Cloud to enhance operational efficiency and prevent data loss from unexpected events.

5. 100% of target group employees receive training to build knowledge and understanding of cybersecurity and personal data protection.

Long-Term Targets

1. Cybersecurity.

Zero cases of system breaches or information security threats or other cybersecurity incidents.
Zero cases of data breaches, including leaks, theft, and loss of personal data.

2. Personal Data Protection.

Zero complaints regarding personal data leaks.
Zero complaints regarding personal data leaks from regulatory authorities.

3. Pursue ISO/IEC 27701:2019 Privacy Information Management certification (or newer version that may be officially announced in the future), to be implemented after obtaining ISO/IEC 27001 certification as it is a standard that extends from ISO/IEC 27001.

4. Develop an efficient personal data management system with the goal of having no complaints regarding customer privacy violations and customer data loss.

Cyber Security Awareness Training Program

The Company has organized cyber security awareness training courses to enhance knowledge, understanding, and awareness of various forms of cyber threats, leading to proper use of information systems and organizational networks in accordance with company policy. In 2024, 275 employees participated in the training, representing 84% of all employees, with 95% of participants able to pass the understanding assessment criteria, reflecting the effectiveness of the course in enhancing cybersecurity knowledge.

The Company is committed to continuously developing and improving training courses to ensure personnel are ready to deal with ever-changing cyber threats, while supporting the creation of a cybersecurity culture within the organization, emphasizing the commitment to sustainably enhancing the security of data and information systems.

Vulnerability Assessment and Penetration Testing Project

In 2024, the Company implemented a vulnerability assessment and penetration testing project to evaluate security risks in the organization's critical network systems and applications. This covered examination of network systems, servers, and critical applications, along with preparing assessment reports and recommendations for improving protective measures. The Company conducted 2 assessments along with 2 Phishing Simulation exercises to evaluate the level of information technology security awareness among personnel.

The results revealed a total of 24 security vulnerabilities, with 15 high-risk vulnerabilities. The Company has already remediated 6 items and planned to fix the remaining vulnerabilities by completion within 2025. In the interim, the Company has implemented additional security measures including software updates, security configuration improvements, and increased stringency in system access monitoring.

The implementation of this project reflects the commitment to enhancing information technology system security, reducing risks from cyber threats, and building confidence among system users. This is part of a long-term strategy for data security protection and sustainable development of information technology infrastructure.

Firewall System Enhancement Project for Greater Efficiency

In 2024, the Company implemented firewall system improvements to enhance the efficiency of network security protection within the organization. The upgraded firewall system has capabilities to monitor and filter data entering and exiting the network system, prevent unauthorized external access to the system, detect and prevent abnormal activities on the network system, control access to undesirable websites and applications, and prevent connections to malicious content.

The system improvement was completed in 2024, which helped increase efficiency in preventing cyber threats, strengthen network security, and elevate the organization's information security measures to comply with international standards. This investment in security infrastructure improvement reflects the Company's commitment to comprehensively and sustainably protecting data and digital assets.

Click to Enlarge

2024 Performance Results

Click to Enlarge

Training to enhance cybersecurity knowledge and understanding for

327

target group

No cases

of all employees are cared for under the occupational health and safety management system

The Company has systematically implemented cybersecurity and personal data protection plans by conducting training to enhance cybersecurity knowledge and understanding for 327 target group employees along with vulnerability assessments in information systems and firewall system improvements to increase threat prevention efficiency. The 2024 performance results reflect the effectiveness of proactive measures, with no cases of security system breaches or personal data leaks found, which resulted from the implementation of modern technology such as high-performance firewall systems, encryption of critical data, regular risk assessments, and strict management of data access rights.

The Company places importance on creating awareness among employee groups through training on cyber threats and practices according to personal data policies. These measures help reduce risks from cyber threats and build confidence among stakeholders. Furthermore, the Company aims to obtain cybersecurity standard certification to elevate long-term operations and create confidence in international-level data security protection standards.

Cybersecurity	2022	2023	2024
Number of information security system violations or other cybersecurity incidents.	0	0	0
Number of data breaches, including leakage, theft, and loss of personal data.	0	0	0

Personal Data Protection	2022	2023	2024
Number of complaints about personal data leakage. incidents.	0	0	0
Number of complaints about personal data leakage from regulatory agencies.	0	0	0

Process Innovation Development

Process innovation is a crucial component in driving organizations amid rapidly changing business competitive environments. Key driving factors include technological changes, evolving consumer behavior, the necessity to reduce operational costs, and awareness of environmental responsibility through resource usage reduction. Process development creates positive impacts on stakeholders across multiple dimensions by helping enhance customer service experiences, reducing redundant workloads for employees, and creating opportunities for suppliers and partners to jointly develop value-added projects, although there may be challenges in adaptation and learning new systems during transition periods.

The Company has established a comprehensive process innovation development approach covering operations in all dimensions through the implementation of automation systems for repetitive processes, such as automatic billing based on purchase orders and document verification through systems. Information system integration connects databases between departments to support end-to-end operations, from store management, order management, product distribution, and warehouse management, including assigning each department responsibility for continuous monitoring and evaluation of innovation projects to analyze and sustainably develop further process improvements.

Software Development Process

Click to Enlarge

The Company has assigned the Information Technology Department as the main responsible party for managing and developing the organization's technology systems. In 2024 and 2025, the focus is on developing and implementing software to enhance internal organizational management efficiency. The Company has established a 5-step system development and integration process as follows:

Project Goal Setting and Planning

The Company begins by setting project goals focused on improving work process efficiency and responding to stakeholder needs. The Information Technology Department collaborates with relevant departments to plan projects, allocate resources, budget, and implementation timelines.

Requirements Analysis

The technology development team collects and analyzes requirements from all departments, covering system improvements, bottleneck problem solving, and developing necessary new functions to prepare technical specifications. In cases where systems are under external service provider management, operations involve collaboration between the technology development team and service providers in preparing specifications and system development plans.

Design and Development

External service providers are responsible for designing and developing systems according to technical specifications that have been analyzed and confirmed jointly with the Company, covering technology architecture design and functional operations, while considering compatibility with existing systems and future scalability capabilities.

Testing

Developed systems undergo comprehensive testing to ensure performance efficiency according to specifications without errors or vulnerabilities, including User Acceptance Testing (UAT) from actual users.

Implementation

After testing, the Information Technology Department installs systems and conducts employee training to enable full-efficiency system usage, while monitoring and evaluating initial usage results to improve and fix potential problems and ensure systems can efficiently meet organizational needs.

This 5-step development process is a crucial mechanism that enables the Company to develop the most efficient information technology systems, aligned with sustainable process innovation development goals in 2024 and the long term.

Medium-Term Goals

Develop data management and analytics capabilities so that all departments can efficiently access and utilize data, developing automated reporting systems that respond to the specific needs of each department.
Develop Data Transformation and Analytics systems to enhance the Data Center so that the business can access necessary data to create new revenue opportunities, reduce costs in various processes, or create innovations and quickly adapt to market changes.
Develop appropriate and modern technology media or online systems (E-Learning) to continuously enhance employee skills and knowledge.
Develop warehouse management systems to increase operational efficiency in inventory management and reduce product shortages or overstocking.
Increase the use of automation technology in Supply Chain operations to make work processes faster and more accurate, reduce human dependency in managing various processes, including reducing costs and increasing efficiency in management from procurement to product delivery.

Long-Term Targets

Develop AI-powered systems to enhance organizational work process efficiency for convenience, speed, and accuracy in operations, and use AI to improve various processes such as data analysis, production process management, customer support, and business planning.
Develop real-time transportation dashboard systems to immediately track and monitor transportation status and improve delivery planning for maximum efficiency.

Process Innovation Development Project

Point of Sale System Development Project

SAP Accounts Payable System Development Project

Park Invoice without PO Development Project (Non-PO Invoice Management System)

Transfer Deferred Input VAT Development Project (VAT Management System)

SAP Asset Management System Development Project

SAP Financial Statement Preparation System Development Project

SAP Import Planning System Development Project

E-commerce Order Management System Development Project

e-Tax Invoice Electronic Tax Invoice System Project

Product Quality to Meet Consumer Needs

The Company places importance on product quality to meet consumer needs, recognizing it as the vital core of sustainable business success. Products that truly respond to consumer needs will create customer satisfaction, trust, and loyalty, which are the foundation of long-term business growth and stability. The Company believes that investing in quality is a worthwhile investment, helping reduce costs from problem resolution, product returns, and customer loss, as well as creating opportunities for market differentiation in highly competitive environments, especially in an era where consumers want more than just functional products but also consider safety, reliability, and social and environmental responsibility.

The Company has established policies and practices regarding product quality management according to international standards and relevant laws, covering quality standards, safety, and usability, selection of certified suppliers, regular raw material quality inspections, as well as clear and standardized product return plans. The Company aims to continuously control and develop product quality to deliver quality products that meet customer needs, setting goals to reduce quality complaints and listen to customer feedback for analysis and product development to better meet market demands.

Medium-Term Goals

1% of complaints regarding non-quality products per annual sales volume.
Establish a timeframe for fact verification to be completed within 30 days after accepting quality complaints.
Develop a system for analyzing causes and approaches to prevent quality complaints.

Long-Term Targets

1% of complaints regarding non-quality products per annual sales volume.
Establish and announce quality and product recall policies.
Develop a preventive quality management system that covers the entire production process.

Supplier Quality Assessment Project for Quality Products

The Company implements a supplier quality assessment project to select and evaluate suppliers according to established standards to obtain quality, safe raw materials and products that comply with legal requirements. This covers inspection of production standards, relevant certifications, and sustainability principles to ensure suppliers operate to standard, create confidence in product quality, and promote responsibility throughout the supply chain. The Company requires all suppliers to be evaluated according to established criteria, considering both business potential and sustainability dimensions.

The Company has a process for evaluating all new suppliers according to standard assessment forms before beginning business relationships, focusing on business potential assessment, product quality, and verification of standard certifications according to legal requirements such as Thai Industrial Standards (TIS) and Food and Drug Administration (FDA) standards. In 2024, the Company evaluated all prospective suppliers according to established criteria and conducted business only with suppliers who passed the assessment, ensuring confidence that all suppliers have the potential to deliver quality products according to standards and support sustainable business operations.

Product Return Process Development Project

The Company has developed and established systematic and standardized product return procedures to define clear practice guidelines for managing product returns from customers. The main objectives are to create maximum customer satisfaction, reduce potential conflicts, and strengthen confidence in the organization's service standards. The product return process covers everything from store-level product management to warehouse returns, supporting various situations such as exchanging or returning defective products, correcting credit card processing errors, and managing cases where credit card or QR Payment transactions fail.

The Company has established systematic work processes in 3 main steps as follows:

1. Product Receipt Inspection - Verify price and product quantity information, symbols and certification standards from the Office of the Consumer Protection Board, and packaging quality.

2. Defective Product Management - Immediately coordinate with suppliers to analyze causes and determine corrective approaches.

3. Supplier Coordination - Report problem details, send photographs of defective products, and proceed according to established return or claim conditions.

The project began implementation in 2024 and is scheduled for completion by 2025. Currently, it is in the process of establishing return and recall procedures, along with defining corrective and remedial measures, including preparing employee manuals for sustainable practice guidelines.