To implement the requirements of ISO 27001 Information Security Management System, TMC has deployed an information security management system for the company, and has taken appropriate protective measures for important information assets within the scope of implementation of the company's information security management system. Through the annual information security management review meeting, the effectiveness assessment of customer expectations for confidentiality, integrity and availability of assets enables various business activities to be carried out smoothly and securely, provides customers with excellent services and meets their needs.
Provide a reliable information security operating environment, maintain the legal use of information systems and data, meet customer needs, ensure the continuous operation of the company's important services, and achieve the company's information security management goals. TMC takes responsibility in protecting confidential customer information and confidentiality agreement, and must not disclose confidential information to any third party in any way.
Information Management Department
In 2020, TMC obtained the certification for Information Security Management System International Standard ISO/IEC 27001:2013.
In 2020, TMC established initiatives for planning information security management system improvement, creating and maintaining the information security management system, and implementing the information security management system.
In 2021, TMC completed the first annual audit and verification of the ISO 27001 Information Security Management System, implemented IP Guard endpoint protection, introduced O365 RMS management, controlled event logs, and formulated the information security protection plan for 2022.
| Goals of Information Security Management | Short-term | Mid-to-long-term |
|---|---|---|
| Unauthorized data disclosure | 0 | 0 |
| Data tampering or unauthorized access | 0 | 0 |
| Availability of information infrastructure | 99.78% | 99.99% |
| Regular backup procedures for information systems | 99.99% | 99.99% |
| Login credentials in accordance with security protocols | 99.99% | 99.99% |
| Control of leaked information in secure areas | 0 | 0 |
| Drills of continuity plans for business operations | 3次 | 3次 |
| Limiting unplanned operational interruptions | 0 | 0 |
-
Completed the second annual audit and certification for ISO 27001 Information Security Management System in 2022.
-
Executed the 2022 Information Security Protection Plan, focusing on improving operations related to cybersecurity issues.
Network Security: upgraded network infrastructure, conducted social engineering drills, and implemented Intrusion Prevention System (IPS).
System Security: Conducted regular vulnerability scans, upgraded Active Directory (AD) and Exchange services, and replaced end-of-service (EOS) computers.
Application Security: Monitored endpoint protection and updated policies for legitimate software, and performed upgrades on outdated antivirus software.
Data Encryption and Identity Verification: Updated security certificates (SSL certificates).
Backup Plan: Implemented the 3-2-1 backup principle to ensure effectiveness and prevent ransomware.
-
Drafted the Information Security Protection Plan for 2023.
Information Environment Security
TMC is committed to maintaining the security of the information environment to provide excellent service to customers and meet their needs. Through the annual information security management review, we effectively assess customer expectations for the confidentiality, integrity, and availability of assets. This is done to achieve the information security management goal of "ensuring the confidentiality, integrity, and availability of information assets in compliance with legal, regulatory, and contractual requirements and providing continuously available services." This ensures that all business operations proceed smoothly and securely.
TMC's Information Security Policies provide a reliable information security operating environment, maintain the legal use of information systems and data, ensure a continuous normal operation of company services, and achieve the company's information security management objectives. This ensures the security and privacy of customer information and sustainable operations.
TMC joined the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) and formulated an information security protection plan, which is implemented and reviewed annually by the Information Management Department.
To promote the importance of information security and goals related to TMC, all new employees will undergo a one-hour cybersecurity training session with a corresponding assessment. In 2022, all employees have completed one hour of cybersecurity education training, achieving a 100% completion rate and a test accuracy rate of 90% or above.
To protect customer information, encryption is employed for storage, and data is stored in a highly restricted area. All visitors and vendors entering the premises must be accompanied by authorized personnel. If there are devices with camera functionality, they must have a security sticker affixed to the lens. Additionally, peripheral devices such as USB drives, external hard drives, and mobile phones are not allowed to connect to the company's network and information equipment without authorization. To prevent data loss and damage, TMC has established a backup 3-2-1 principle. This principle dictates that data should be backed up in three copies, using two or more different backup media, with one copy stored offsite.
Most of TMC's products are customized according to customer requirements. TMC has obtained ISO/IEC 27001 certification for its information security management system. All servers are equipped with necessary security measures, including firewalls, network segmentation, and antivirus systems. Access to customer-related systems and sensitive data is restricted according to access control policies, preventing unauthorized personnel from using them. There have been no complaints or incidents violating customer privacy from 2020 to 2022.