Information Security/Cybersecurity

  • Information Security/Cybersecurity
  • Privacy and Security
Information Security/Cybersecurity
TOP

Information Security Risks and Vulnerability Analysis

To enhance the internal information security protection of SinoPac Holdings, the Group conducts evaluations on information security risks and their vulnerability based on different frequencies to learn about the potential information security threats in the system and internal controls. In addition, SinoPac Holdings also established detailed response procedures and management measures for information security incidents to effectively prevent the occurrence of information security or network security risks. The Company continues to strengthen the information security mechanisms and personal data protection and management in the aspects of APT defense system, defense against DDoS attacks, e-mail content filtering, malware detection, website and app vulnerability scanning, and security inspections. SinoPac Holdings also isolated and strengthened the security of high-risk systems (such as ATM and SWIFT systems). The system management, database management, network management, information security management, and related infrastructure maintenance activities of the information technology units of Bank SinoPac and SinoPac Securities have received ISO 27001 certification.

Information Security Management Process and System

According to the "Information Security Policy" of SinoPac Holdings, all units shall process information security incidents in accordance with the "Emergency Incident Response Rules". The Information Security Division shall evaluate the scope of the impact, specify the scope of the evaluation of impact, prepare the response plans, and report the response plans. It shall also report to the convener of the Information Security Committee for necessary decision making and work assignments. In addition, SinoPac Holdings and subsidiaries execute the Business Continuity Plan (BCP) and tests for response to emergency incidents to improve the Business Continuity Plan.