Risk Management
The Company implements Enterprise Risk Management (ERM) in accordance with the international ISO 31000 standard, while Business Continuity Management (BCM) is managed following the ISO 22301 global framework. Our risk management policy is further reinforced by fostering a corporate culture that instills risk awareness across all levels. We emphasise that risk management is a shared responsibility, ensuring that every employee understands its importance and can consistently apply risk management practices across all operational processes throughout the organisation.
Sustainability Risk Management
To ensure that sustainability is driven systematically and tangibly, the Board established the Corporate Governance and Sustainability Committee to provide oversight on sustainability management.
Furthermore, a Sustainability Working Group—comprising executives from across all departments—was formed to execute these initiatives. This group is responsible for driving success, with the Sustainability Department serving as the central hub for coordination and evaluation. This structure ensures full alignment with the Committee’s policies and processes while effectively embedding sustainability awareness throughout the organisation.
The Company promotes sustainability in accordance with the ISO 31000 risk management process, which involves five steps, (1) Risk identification (2) Risk assessment (3) Risk control (4) Risk monitoring, and (5) Risk reporting, as displayed below. Materiality assessment is carried out by the sustainability management department and encompasses the identification and assessment of risk. The result of this activity is material issues, from which the sustainability working group derives the objectives and strategies put into practice by relevant units each year. These operations are part of risk management and are monitored by the sustainability management department, which issues reports to the Sustainability Working Group and Corporate Governance and Sustainability Committee.
Risk Identification
Risk Assessment
Risk Control
Risk Monitoring
Risk Reporting
For ESG-related risks that may directly impact the company's operations, such as climate change, employee safety and health, labor law compliance, and cybersecurity, these risks are considered enterprise-wide risks. Therefore, they are systematically managed to control risk as outlined in the 2025 One Report under the section on risk management.
Moreover, the Company’s Quality Control Department and Occupational Health and Safety Department actively monitor changes to regulations relevant to operations, including those involving sustainability matters. These departments carry out risk management to ensure the Company is able to adapt to any changes within an appropriate time and capital frame, as well as oversee and evaluate legal compliance.
Risk Culture Promotion
The Company focuses on promoting awareness and knowledge in risk management at all levels so it may genuinely become part of the corporate culture. This begins with the Risk Management Committee and Heads of Department, who play an important role in instilling awareness and knowledge on risk management.
Internal communications are utilized as a tool for further promotion, through channels such as newsletters, meetings, training, and the integration of the “4S” concept of “Fun, Style, Relations, and Sustainable Creativity” into different activities so employees may be made more aware of the need to participate in and see risk management processes as important.
A risk management system dubbed RedRadar was created by the Company through which risk managers can collect and analyse risks. Information from the system is used to improve the risk management process, with reports presented to the Board quarterly to support timely and effective decision making.
Active training and drills are staged by the Company, wherein employees engage in simulated risk situations to enhance their capabilities and readiness to respond. These training sessions also emphasise the ability of employees to appropriately apply their knowledge to work. Regular evaluations are carried out so this process may be made even more efficient.
Business Continuity Plan
The Company strives to develop its Business Continuity Management (BCM) plan in accordance with the ISO 22301 standard so that it may address any emergencies and their impacts on its business. The plan was drafted to align with the Company’s Emergency Response Plan and Recovery Plan such as flooding, heat waves, power outages, or communications technology disruptions. In these circumstances the Company aims to return to normal operation in the shortest amount of time possible. The plan also involves making the Company flexible in its management.
In 2025, the Company consistently tested and enhanced its Business Continuity Management (BCM) plans. Key initiatives included the preparation and installation of backup computer systems to ensure seamless passenger check-in services in the event of primary system failures. Additionally, the Company maintains emergency power systems at major airports and conducts regular Disaster Recovery testing to ensure that critical organisational systems remain operational under any circumstances.
Furthermore, the Company has collaborated with key partners, such as Airports of Thailand Public Company Limited (AOT), to develop Integrated Business Continuity Plans. This collaboration ensures operational readiness at primary hubs, including Don Mueang, Chiang Mai, and Phuket International Airports. These joint efforts strengthen the resilience of critical infrastructure against potential disruptions, effectively minimising impacts on passengers and business partners.
Heatwave Preparedness
FloodResilience
Wildfire Contingency Plan
Crisis Management
Importantly, the Company carries out crisis management to prevent unwanted incidents, crises and emergency situations that could lead to loss or negative impacts to its business, including aircraft accidents, missing aircraft, hijackings, bomb threats, natural disasters and public health emergencies. Effective crisis management entails the following:
1. Emergency preparedness
- In preparing for emergencies, the Company published an Emergency Response Manual (ERM) and Station Emergency Response Plan aligned with ICAO requirements and relevant airport plans.
- In addition to manuals and plans, theoretical training is provided so employees understand their crucial roles. The Emergency Response Plan (ERP) is incorporated into the training of all employees and of outsourced personnel. Reviews are conducted every two years to ensure all personnel remain aware of their roles in an emergency.
- Practical training is carried out so employees may actively use documents, communication methods, prepare necessary resources and facilities, and roleplay different scenarios. ERP table-top exercises take place at the management and employee levels once a year.
- Full scale and partial emergency exercises are carried out to promote cooperation and understanding between different units both internal and external to airports with the objective being quick to a normal state after an emergency.
2. Emergency response
- The ERP defines appropriate roles for employees in different departments so emergency response may be carried out effectively.
- Top management, led by the CEO, are tasked with forming an Emergency Operation Centre that commands, coordinates, supports and concludes decisions in the case of an emergency.
- Employees on the scene, such as station managers, are to form a Station Crisis Team that can begin acting within 30 minutes. The team must establish a Survivor Reception Centre, Family and Friend Reception Centre, Family and Friend Holding Area, Immediate Response Team, and Crew Rest Area. The station manager must gather all relevant data and coordinate between units from the Station Coordination Centre.
- Emergency Assistance Team: The Company understands that in the event of an emergency in a remote location or minimally staffed airport, an assistance team from headquarters must be dispatched as soon as possible.
- The Go Team is to be staffed by representatives from all departments of headquarters necessary to the task, such as investigators who will coordinate aid and data, aircraft engineers who will coordinate the handling of any wreckage.
- The Special Assistance Team (SAT) provides emotional recovery to victims and their families. The SAT is to be composed of personnel trained in crisis counselling by psychology experts and is to provide assistance, coordination, and guidance to affected individuals to minimise negative impacts as much as possible.
3. Recovery process
- Once the emergency situation begins to subside, management will establish a Post-Recovery Team. This team is responsible for summarising the situation and developing an action plan to ensure business continuity in accordance with the BCP, with the goal of returning operations to normal as quickly as possible.
Emerging Risk
Number of employees, Head of Departments, and Board of Directors who have completed risk training to date
Note:
Employees
A total of 4,746 employees have completed risk training. All employees who completed the training took the company's internal course titled "Risk Awareness for Allstars."
Head of Departments
A total of 14 members of Head of Departments have completed risk training. 11 members attended the "Risk Awareness for Allstars" course in 2023. The other 3 members have completed the "Director Certification Program (DCP)" from the Thai Institute of Directors (IOD), with 2 members completing it in 2011 and 1 member completing it in 2018.
Board of Directors
A total of 5 members of the Board of Directors have completed risk training. All of them completed the "Director Certification Program (DCP)" from the Thai Institute of Directors (IOD). Specifically, 2 members completed it in 2000, 2 members completed it in 2011, and 1 member completed it in 2018.