- Latest ESG News
- Sitemap
- Stakeholder Service
- Management Commitment and Philosophy
- Sustainability Performance
- Corporate Sustainability Management
- Corporate Governance
- Sustainable Supply Chain Management
- Conflict Minerals Management
- Sustainable Envrionment
- Talent Transition and Happiness in Workplace
- Social Participation
- Interactive zone
- Policy and Certificate
- Sustainability Report
▶️Information Security Management
Information security is the main foundation for corporate sustainability and maintenance of core competitiveness, which means that corporate sustainability can only be achieved by safeguarding the main business information. WPG Holdings has established the Information Security Management Regulations to provide a safe and reliable information management system and electronic exchange environment, as well as to ensure the security of data, servers, application systems, equipment and networks, storage of information, and the feasibility and effectiveness of cyber security practices, so as to avoid the impact and harm from human neglect, malicious attack or natural disasters, improper use, disclosure, alteration, destruction, and other incidents.
Information Security Governance
For the purpose of executing the diverse tasks of the information security management system effectively, WPG Holdings has formulated various information security development directions and strategies and established the "Information Security Management Committee" to manage the operation of the Company's information security management system, including the execution of the tasks of information security-related topics, formulation of procedures, review and other information security matters. Through the operation of the information security organization, the information security management system continues with a steady operation.
Information Security Incident Management Mechanism
With the aim of ensuring that the classification, reporting, handling process, statistics, and tracking of information security incidents of WPG Holdings are more systematic, the company set up an incident notification and processing mechanism, so that when an information security incident occurs, the incident can be quickly reported, dealt with, and responded in the shortest time to assure the normal operation of various businesses.
Handling Process of Information Security Incident Reporting
Introduction of Information Security Management Mechanism
WPG Holdings established its information security management systems in 2020. to establish a comprehensive information security management system for confidentiality, integrity and availability, and to establish a complete information system for planning, execution, testing and action. The Company has formulated information security management requirements to define the information security management indicators and goals, and obtained ISO 27001 certification in July 2021. The certificate still remains valid now. In 2022, in order to strengthen the cloud-based service management and implement the cloud-based service information security control operation specifications, the Company obtained ISO 27017 cloud-based service information security management certification in September 2023.
According to the information security management standards currently in place, the management mechanism is to be conducted at least once a year, including:
Information Security Education Training and Advocacy
The information security execution unit plans the education and training of information security annually. They collect, track, and integrate the results of education and training, and formulate the goals and basic hours (3 hours) of information security education and training that the colleagues need to receive annually. In accordance with the arrangement of current information security, when the employees are formally appointed, new employees will be arranged to receive training on information security topics to ensure the understanding of their responsibilities and obligations, to enhance the employees' information security awareness. They advocate the precautions related to the recent information security incidents to the managers and the employees of the whole group, assisting the colleagues to increase information security awareness.
Business Continuity Plan (BCP)
WPG Holdings implements the business continuity plan so that when the system is abnormal and cannot provide the services as per usual, all system services can be switched to the backup data center to respond quickly and effectively, to avoid system service interruption and lead to the malfunction of the company. WPG Holding conducts tests and reviews at least once a year, and amendments if necessary.