Information Security

Information Security Governance

TECO has established an Information Security Committee under the "Corporate Governance and Sustainability Committee" of the Board of Directors and appointed a Chief Information Security Officer. The information security management unit is the "Digital Development Office", which continues to supervise information security enhancement measures.

• Chairman Chiu manages TECO Group’s digital transformation and information security-related strategies. The company obtained ISO/IEC27001 and CNS27001:2014 Information Security Management System (ISMS) certification on 110.11.4.
• Independent Director Li-Chen Lin, who was a director of Taiwan's China Petroleum Corporation, participated in the review of China Petroleum Corporation's plans for information security diagnosis and strengthening defense due to hacker attacks.
• Board Director Li-Chong Huang, has a background in information security management. He has served as IT industry process reengineering (BPR) and information system (PLM) manager, building information management software systems and hardware room equipment operations, firewalls, remote backup and other information Security Measures.
• Chief Information Security Officer (CISO) Albert Tseng, who has a background in information security management, served as deputy general manager and solution director of Microsoft Greater China Public Sector Group, and Tivoli SW Associate Manager of IBM Software Department Greater China. He will serve as Chief Information Security Officer from August 2023.
• Executive Manager: Vincent Hu, serves as the Director General of the Information Security Committee and has ISO 27701 and IEC 62443-2-1 lead auditor certificates.

Information security protection

To strengthen information security management, ensure the confidentiality and integrity of information, as well as the reliability and availability of information equipment and network systems, an “Information Security Policy” has been formulated to manage information security risks, so that the company's information operations can reach international standards. Information security standards. In addition, we plan management and reporting policies, include information security as part of performance appraisal, and conduct information security education and training every year.

Process

Business continuity plan (BCP) is performed at least once every six months. In 2023, drills for uninterrupted operations were conducted for the ERP system, global order system, firewall and other systems. An information security health diagnosis and penetration testing project has been planned in 2022, using hacker thinking to simulate attack techniques to conduct penetration testing on TECO’s external service website, and the penetration testing has been performed.

We maintain ISO 27001 verification at this stage and will evaluate other verifications (BS 10012/ISO 27701) in the future. In 2012, we have formulated a personal data file security maintenance plan and processing methods to promote and implement personal data protection.

Risk Control

To ensure the stable and safe operation of information systems, we strengthen defense in depth and target the three main axes of anti-virus, anti-hacking and anti-leakage. Strengthen network firewall, anti-virus, and network whitelist control, identify malicious traffic through intrusion detection systems, and proactively block such traffic from entering the network. Improve the ability to defend against external attacks and ensure the security of internal confidential information, ensuring that various information assets are not unavailable due to various threats and damage, resulting in information service errors or interruptions.