(Jan. 30, 2002, Taipei) Bank SinoPac (TSE 2839), a leader in Taiwan's banking industry, today announced that its security management system has passed the BS7799:Part2:1999 certification process by the DNV Certification Company and obtained the certificate in the Great Britain (Certificate No. 02022-2001-AIS-LDN-UKAS). Bank SinoPac is the first bank in the Southeast Asia and the first enterprise in Taiwan to obtain such a certificate. It affirms that the bank's information security policies, system management, data maintenance, backup facilities and resumption of operations after disasters follow international standards.

The full title of the BS7799 certificate is “A Code of Practice Information Security Management.” Developed by BSi in February 1995 and revised in June 1999, it is the most renowned information security standard in the world, covering all information security issues and applicable to all organizations and enterprises. It is a comprehensive information security standard currently used in the United Kingdom, Sweden and Norway.

Bank SinoPac Chairman Paul Lo said, “The bank's operations and assets management quality have always been recognized by local and international communities as following a global standard. The bank was ranked as ‘The Best Commercial Bank in Taiwan” by The Asset and Asiamoney journals. Now, it's the first bank in the Southeast Asia to obtain the BS7799 certificate. We're very proud. In the new knowledge-economy era, it's important for us to apply the new technology in our management and services. Getting the international certificate reaffirms the bank's commitment of ensuring security for the information of its customers. We hope that our customers have observed the bank's efforts in continuously improving its service quality through providing a more convenient and safer financial transaction platform.”

Joan Fang, vice president in charge of the project, said, “The BS7799 certification process involved 10 chapters and 36 management goals, with a total of 127 items tested, including the making of security policies, security-related responsibilities, risk assessment, data processing and the ability to continue operations after disasters strike. Many people equate data security with network security, believing the use of firewalls is good enough. Actually, data security is involved with several other factors. Effective implementation plays as important a role as policymaking. For example, in 2001 Typhoon Nari caused flooding in the bank's headquarters building in Sungsang, so systems were shut down there. However, the MIS immediately initiated its backup system in Taichung to sure normal operations of the bank. To resume system operations in such a short time takes careful planning and continued testing. The approval of Bank SinoPac for the certificate indicates that the bank's MIS operation has thought of all the potential problems and solutions, thus ensuring the confidentiality and security of the information of bank's customers. That's essential for the bank to keep normal operations under any circumstances.