Information Security

Faced with various information security threats nowadays, CTCI has adopted ISO 27001 standards for information risk management since 2014, and is committed to reduce the likelihood and impact from security risks as well as improve the company's ability to carry on business operations. An information security promotion committee was also established, with the President serving as the chairman of the committee. The committee is responsible for the promotion of information security and holds at least one information security management review meeting every year, where they review the risk assessment report, "risk treatment plans," and other matters related to information security management. The outcome of information management needs to be reported to the Board each year. A complete notification process has been set up for information security-related issues. The Information Security Promotion Committee assists the Chairman of the Information Security Promotion Committee in managing information security goals, and President Todd Chen is doubled as the CISO. Director Johnny Shih, who holds a master's degree in computer science and an MBA degree from Columbia University in the United States, has a solid IT background and provides professional advice related to information security. In response to the increasing importance of information security and in compliance with the requirements of Taiwan's Financial Supervisory Commission, an independent organization has been established to carry out audit operations.
▼ Information Security Team-Information Security Promotion Committee

▼ Four Major Goals of the CTCI Information Security Policy

CTCI understands that it is necessary to continuously make improvement by adopting Plan-Do-Check-Act (PDCA) approach when it comes to managing security risks. Three measures, including expanding skills, initiating change, and sharing knowledge, are supplemented to ensure the effectiveness of the overall information security management.
▼ ISMS implementation cycle of CTCI - The management cycle of information security system

Information Security Risk Assessments

Through annual information security risk assessments, CTCI has evaluated possible threats and weaknesses, which include:

▼ Key Security Management Measures

Investments and Trainings on Information Security

CTCI continues to invest resources in information security every year, including strengthening information security facilities, improving security management systems, and providing education and trainings, and among others.
▼ Frequency of Information Security Affairs

In terms of Advanced Persistent Threat (APT) that has prevailed in recent years, CTCI has adopted the following control measures to reduce such possibility and risk impact.
▼ APT Monitoring and Control

▼ Information Security Management Outcomes

▼ Risk occurrence of social engineering drills over the past three years

Validity of the ISO 27001 Information Security Management Certificate continues to be maintained (Certificate valid until December 24, 2023)