Information Security Risk Management
In order to maintain customer information security and implement information risk management, and to meet the service requirements of system security urgency, immediacy, and thoroughness, SKS's 24-hour control center has passed ISO 9001 quality management system certification and ISO 27001 information security management certification. The Company is in line with the NIST framework principles of Identify, Protect, Detect, Respond, and Recover, to ensure the confidentiality and security of information and prevent information attacks.
Additionally, SKS formulated the Information Security Management Regulations and the Disaster Recovery Plan for Administration in 2009. These established preventive measures and recovery plans for incidents such as power system faults, communication line failures, host equipment and system damage, malware intrusions, hacker break-ins, and human factors. Moreover, disaster recovery drills are held periodically, and off-site backup data storage is also conducted on important data, with an aim to protect customer data and maintain normal information management operations, thereby providing secure and efficient customer services.
Taiwan Shin Kong Security Co., Ltd., President
ISO 9001 & ISO 27001 Certifications
In 2023, there were no information security incidents that would have had a material impact on the Company’s finances.
Risk Management Structure of Information Security
SKS has established the Information Security Promotion Committee to review and promote matters related to information security management. They report regularly to the Board of Directors on the Company's overview of information security governance. The latest report date is December 14, 2023.
Information Security Policy
Establish awareness of information security among all employees, and maintain the confidentiality, integrity and availability of customer information through operational management and technical means, to ensure the privacy of customer information, enhance the security of corporate and supply-chain information, and ensure public trust, thereby strengthening SKS’s brand value.
Comply with regulations on information security management, and provide appropriate protection measures for our information assets, to ensure their confidentiality, integrity, availability and legal compliance.
Regularly evaluate the impact of all artificial and natural disasters on our information assets, and formulate disaster prevention and recovery plans for our critical information assets and business-critical operations, to ensure the continuity of our business operations.
Supervise employee implementation of information security protection, establish the concept of “information security is everyone’s responsibility”, and raise awareness of information security among all departments and personnel.
Require all employees and vendors connected to the Company’s information and communication system or providing services to comply with SKS's information security-related regulations. In case of violations, penalties will be imposed in accordance with the SKS regulations and contracts, depending on the circumstances, and serious cases will be subject to legal action.