In response to personal information protection and information security needs, Tatung Company established the Information Security and the Personal Information Protection Committee as early as 2014, continuously obtained BSI third-party certification, passed the ISO27001 information security management system verification, and ensured the security of the company's personnel, data, information systems, equipment and network in accordance with the requirements of the BS10012 personal data protection standard. To ensure the safety of the company's personnel, data, information systems, equipment and network, establishing an information security policy as the highest guiding principle of the company's information security management system, achieving the goal of "uninterrupted service, no loss of information, personal information not leaked, and enterprise sustainable operation".
The actual implementation method is based on the pre-emptive and risk reduction pre-existing issues. Through the discussion of the monthly meeting of the Information Security Monthly Meeting and the emergency response, the review of the new internal and external security issues will be carried out to the annual plan. And in the annual information security and personal information management review report, explain the implementation results of this year and the information security budget plan for the next year. The annual activities include semi-annual external auditor's audits, two outsourcing consultants' external counseling every year, and an annual internal audit of the audit committee to determine the implementation status of the information security management system and whether to achieve the information security objectives of confidentiality, integrity, availability and compliance of each service.
In response to changes in the social environment, laws and regulations, and technological advancement, Tatung has formulated a privacy protection statement. The collection, processing and use of customer data are in compliance with the "Personal Data Protection Law" and related laws and regulations and properly protect the personal data of customers. The summary of key control measures is shown in Table 4.3-1. In 2021, there was no complaint related to infringement of customer privacy or loss of customer information. In addition, in recent years, there have been cases of fake official community accounts for fraudulent use. When we were informed of such news, we immediately went to the company's official website and our social group to announce warning messages to prevent consumers from being victimized.
