Cyber Security Policy
Home About AIR ASIA Cyber Security Policy

The Company's Cyber Security Policy (hereinafter referred to as the Policy) is referred as the highest guidelines for the cyber security management within Air Asia Co., Ltd. (hereinafter referred to as the company). This policy enhances the safe and stable operation of the information and communications and provides reliable services for information and communications and ensures the confidentiality, integrity and availability of information assets which promotes the company’s business successfully with the compliance of the ISO 27001 international standards.


(1) To ensure the confidentiality of relevant information about the Company's business and to safeguard the national secrets and personal data.
(2) To ensure the integrity and availability of relevant information about the Company's business and to improve administrative efficiency and quality.
(3) To get in line with the promotion of the National policy and this policy in order to enhance the capability of the protection for the cyber security.
(4) In accordance with the national laws and regulations and the norms of the company to achieve the goal of continuous operation of the business.


(1) Should take into account the relevant laws and regulations and operational requirements, assess the security needs of operations for information and communications, and establish the relevant procedures to ensure the confidentiality, integrity and availability of information assets.
(2) To establish the company's cyber security organization and establish a division of labor powers and responsibilities to facilitate the implementation of the cyber security operations.
(3) To implement the items in accordance with the Regulations on Classification of Cyber Security Responsibility Levels.
(4) Establish a mechanism for notifying and responding to cyber security incidents to ensure that the incidents are properly responded, controlled and handled.
(5) Regularly carry out cyber security audit to ensure the implementation of cyber security management.


This policy is approved by the Chief Cyber Security and is evaluated at least once a year or re-evaluated in the event of significant organizational changes (e.g., organizational adjustments, business changes, etc.). It shall be appropriately revised in the basis of the results of the assessment, the relevant laws and regulations, the latest developments in technology and business.