Information Security
Information Security
In order to maintain the information security of the Company, TXC has adopted information security standards and frameworks to review critical information facilities and their applications, continue to improve the cyber environment, strengthen protection and management mechanisms, and train information security talents to protect our business can be sustained, and to identify and cope with the impacts.
Information Security Objectives
To ensure the achievement of the information security objectives, TXC constantly supervises the process of effectiveness evaluation, immediately reports any non-compliance and takes corrective measures, as well as reports the implementation of information security objectives to the Information Security Management Committee. Through information security training and advocacy activities, as well as information security-related presentations in supervisors' meetings, we promote employees' awareness of information security and strengthen their knowledge of related responsibilities.
- To safeguard the Company's business activity information from unauthorized access, modification and improper disclosure.
- To protect the correctness of the Company's critical business information processing.
- To ensure the high availability of the Company's information technology operations.
- To provide information security education and training, and to communicate information security-related messages in supervisors' meetings to raise employees' awareness of information security and reinforce their knowledge of related responsibilities.
- To implement an internal audit system for information security to enhance the implementation of information security management.
Implementation and Resource Investment
-
Implement the ISO27001 information security management system
From 2011, the Company continues to pass the annual third-party certification for the ISO27001 information security management system. The Company has also passed the annual certification for the ISO27001 information security management system in September 2021. Up to date, the Company has maintained the validity of the certificate. -
Reinforce internal and external information security
The Company applies Cyber-Defense Matrix framework to plan the information security protection network. In 2020, we focus on vulnerability scanning and analysis, anti-virus, UPAS (IP management and network access control), email defense, and strengthening firewall construction and zone defense to prevent the failure of the entire company network due to a single point failure. -
Promote information security importance throughout the factory
In 2022, we have introduced Managed Detection and Response (MDR), and have continued to upgrade the firewall, endpoint management, and email defense of each domain. We have also increased information security awareness through monthly information security e-newsletters (12 times) and annual company-wide information security promotions (4 sessions).
