Information Security
We have established an information security policy and information security management system to ensure the confidentiality, completeness, and availability of information assets, and also aims to achieve compliance of information operations and services by implementing information security risk management. In response to the expansion and diversity of the insurance business, we made information security internal controls and related regulations applicable to the entire company. As such, business units not only play the role of user, but also play the role of responsible unit and maintenance unit, which further enhances the Company's overall information security management.
The Company implemented a management system according to the international information security management framework to ensure solid information security. We have also maintained the effectiveness of our ISO 27001 Information Security Management System certification, and improved our protection for customers' rights and interests.
The immediate reporting of information security incidents will significantly improve the effectiveness of subsequent tracking, response, and handling. By properly handling information security incidents, the level of damage can be reduced.
All members of the information security audit team have the ISO 27001 Information Security Management System Lead Auditor certificate, and we continue to assist and encourage employees to obtain information security certifications.
We implemented the personal information management system (PIMS) according to BS 10012: 2017 Personal Information Management System, and embedded personal information protection and management into the corporate culture. We completed an applicability evaluation mechanism for the European Union's General Data Protection Regulation (GDPR).
We have established a Personal Information Management Committee with the president as the convener. The committee meets regularly and the overall operating status of personal information protection. We also have a Personal Data Protection Working Group that examines if personal data management, management procedures, and safety management mechanisms are implemented according to plans.