Menu
Information Security
Information Security Organization
GlobalWafers established its Information Security Committee in March 2023. The committee members are comprised of the highest-ranking information or information security officers from the company’s subsidiaries. Since its inception, the committee has convened biannually, but starting from December 2024, meetings will be held quarterly. The committee aims to coordinate the formulation, implementation, risk management, and compliance of policies related to information security.
To integrate information security management policies and risk management into daily operations, the company also requires each subsidiary within the group to establish its own Information Security Task Force. Members of these task forces are representatives from various departments, who discuss and communicate information security matters relevant to their departmental operations during meetings. They are responsible for implementing the information security policies and practices set forth by the Information Security Committee.
Additionally, the company incorporates information security into performance evaluations. The Information Security Office at GlobalWafers headquarters tracks the performance indicators of information security implementation at all group locations on a monthly basis. Based on operational needs, it provides information security goals, improvement guidelines, and necessary resource support to help achieve the group’s overall information security objectives. Departments are also required to implement the resolutions of the Information Security Committee, share experiences in improving information security, establish a group-wide joint defense mechanism, and enhance the overall information security framework.
GlobalWafers has established a Chief Information Security Officer (CISO) and an information security organization to lead the execution of the company’s information security operations and the effectiveness of information security risk management mechanisms. At least once a year, the CISO reports the effectiveness of information security management and the strategic direction of information security to the Board of Directors. The overall information security management organization and the execution effectiveness of related information security operations and systems are supervised by Chairperson Hsiu-Lan Hsu, who has a background in computer science. These are regularly reviewed and revised.
Information Security Strategy and Operating Model
GlobalWafers takes “Information Security Governance” as the theme of the information security strategy – pursuit in compliance with the Information Security Policy, with timely introduction of new technologies for the improvement of the capacity in security information governance. “Compliance” – the Company reviews newly enacted legal rules and regulations and introduces new technology products for enhancing information security management. “Application of Technology” – cooperation with famous professional information security service provider to make improvement of information security governance capacity in these 3 aspects. Through close cooperation and mutual support, and endless improvement, the Company optimizes its capacity in overall information security defense. The Company has adopted the PDCA cycle operation model to achieve the objectives and provide continuous improvement, established information security monitoring and vulnerability scanning systems to prevent external hacker intrusions and internal secret theft, and implemented strict software and hardware control (including Internet and personal information equipment) to ensure personal data and internal confidential data protection and security.
Specific Information Security Management Programs
Implementation Results of the Promotion of Cyber Security Measures
✔The Company implements “Cyber Security Related Education and Training” to all employees every year. Each employee has completed at least two IT security related training courses.
✔Dedicated information security personnel (currently three designated information security personnel) has completed average 40 hours of professional information security-related training in 2024.
✔In 2024, social engineering drill was conducted for three times, and all users passed the test.
✔The external service system vulnerability scanning monitoring scored 98 points.
ISO 27001 Certification
GlobalWafers has implemented the ISO 27001 Information Security Management System in 2024 and obtained ISO 27001 certification. The certification is valid from September 21, 2024, to September 21, 2027. Through the adoption of the ISO 27001 Information Security Management System, we have strengthened our ability to respond to information security incidents and ensured the protection of both our assets and those of our customers.
