- Latest CSR News
- Stakeholder Service
- Management Commitment and Philosophy
- Sustainability Performance
- Corporate Sustainability Management
- Corporate Governance
- Sustainable Supply Chain Management
- Conflict Minerals Management
- Sustainable Envrionment
- Talent Transition and Happiness in Workplace
- Social Participation
- Interactive zone
- Policy and Certificate
- Sustainability Report
▶️Information Security Management
Information Security Governance
The information security policy of WPG Holdings (hereinafter referred to as the Company) is to define for all employees can comply with it and follow, to assist users in the smooth operation of various business operations, and to ensure the security of various information media in order to achieve the Company's information security objectives.
For the purpose of executing the diverse tasks of the information security management system effectively, WPG Holdings has formulated various information security development directions and strategies and established the "Information Security Management Committee" to manage the operation of the Company's information security management system, including the execution of the tasks of information security-related topics, formulation of procedures, review and other information security matters. Through the operation of the information security organization, the information security management system continues with a steady operation.
Information Security Incident Management Mechanism
With the aim of ensuring that the classification, reporting, handling process, statistics, and tracking of information security incidents of WPG Holdings are more systematic, the company set up an incident notification and processing mechanism, so that when an information security incident occurs, the incident can be quickly reported, dealt with, and responded in the shortest time to assure the normal operation of various businesses.
Handling Process of Information Security Incident Reporting
- If the handling unit of the reporting judges that it is an information security incident, they should record the incident, notify the information security execution unit, and conduct reporting operations in accordance with the Company's contingency process, and the business department will confirm whether the incident needs to be notified to the relevant external units for attention.
- If the impact level of an information security incident is above a certain level, the handling time of the incident should be evaluated. They shall notify the responsible supervisor of the information security execution unit, who, together with the information unit, will decide whether to activate another backup computer room or activate the emergency response operation procedure.
- The handling unit of the reporting shall record and track the information security incident processing status and finalized time, etc., responding promptly and tracking the progress record to maintain the wholeness of the record.
In the past three years, there have been no information security-related incidents and financial impacts, and there has been no leakage of customer information due to information security incidents.
Introduction of information security management mechanism
WPG Holdings established its information security management systems in 2020. In July 2021, the company obtained ISO 27001 certification, which will enable it to establish a comprehensive information security management system for confidentiality, integrity and availability, and to establish a complete information system for planning, execution, testing and action. In addition, the Company has established an information security management standard to define information security management indicators and management objectives. In June 2022, the Company successfully passed the first audit of ISO 27001 certification and concurrently also launched the ISO 27017 certification project to strengthen cloud service management obtain certification in September 2023.
Information Security Education Training and Advocacy