ESG
Governance
Information Security
A dedicated division was set up to strengthen information security management
Information Security
A dedicated division was set up to strengthen information security management
2023-08
In view of the growing importance of information security and increasingly rampant cyber attacks‭, ‬WT set up a dedicated Information Security Department and installed a Chief Information Security Officer at the level of deputy general manager in 2022‭. ‬The Department‭, ‬composed of one dedicated director and two dedicated personnel‭, ‬is responsible for information security incident investigations‭, ‬system vulnerabilities disclosure‭, ‬and new information security architecture evaluation and introduction‭, ‬etc‭. ‬The main tasks that have been completed are as follows‭:‬


    

  1. The ISO/IEC 27001:2013‭ ‬and CNS 27001:2014‭ ‬verifications were obtained in 2022‭ (‬valid until October 31‭, ‬2025‭), ‬and the threats and impacts posed by information security incidents were reduced through standardized and systematic control and management‭;‬
    2. 

  2. A dedicated information security mailbox was set up to receive external information security notifications from customers‭, ‬suppliers‭, ‬integrated cyber threat intelligence providers‭, ‬information equipment suppliers‭, ‬service providers‭, ‬etc‭.‬
    3. 

  3. A dedicated person was appointed to collect‭, ‬analyze and keep record of information on important information security news‭, ‬vulnerability releases‭, ‬zero-day attacks‭, ‬and vulnerability utilization trends‭, ‬and rate incidents for severity‭. ‬Incident severity levels have been internally defined‭. ‬The contact person in the information division keeps record of incidents‭, ‬and‭, ‬in the case of a major information security incident‭, ‬immediately notify the Chief Information Security Officer‭. ‬The Information Security Department must verify‭, ‬eliminate and resolve the information security incident within the target processing time‭. ‬After the handling is completed‭, ‬the Incident Response team‭ (‬IR team‭) ‬must conduct root cause analysis‭, ‬track and record the implementation effectiveness of corrective measures‭, ‬so as to continuously improve the intervention methods and prevent recurrence of similar incidents‭. ‬In addition‭, ‬information security incidents have been divided into four severity levels‭, ‬and their response mechanisms and‭ ‬standard operating procedures are formulated respectively to speed up the recovery time of information system services‭.‬
    4. 



 


Information Security Management and Protection


Software‭, ‬hardware and network protection and monitoring


WT has a dedicated information security mailbox to receive external information security notifications from customers‭, ‬suppliers‭, ‬Taiwan Computer Emergency Response Team‭ (‬TWCERT‭), ‬information equipment suppliers‭, ‬service providers‭, ‬etc‭. ‬A dedicated person‭ ‬is also appointed to collect‭, ‬analyze and keep record of information on important information security news‭, ‬vulnerability releases‭, ‬zero-day attacks‭, ‬etc‭. ‬and rate incidents for severity‭. ‬Incident severity levels have been internally defined‭. ‬The contact‭ ‬person in the information division keeps a record of incidents‭, ‬and‭, ‬in the case of a major information security incident‭, ‬immediately notify the Chief Information Security Officer‭. ‬The Information Security Department must eliminate and resolve the information security incident within the target processing time‭. ‬After the handling is completed‭, ‬the Department must conduct root cause analysis‭, ‬track and record the implementation of corrective measures‭, ‬verify their effectiveness‭, ‬and use Plan-Do-Check-Act‭ (‬PDCA‭) ‬for continuous improvement and recurrence prevention‭.‬


10‭ ‬tips to improve personal cybersecurity




System backup and information security incident management


Backup and recovery plan in case of malicious intrusion


WT has comprehensive network and computer-related information security protection measures in place‭. ‬Nevertheless‭, ‬no matter how‭ ‬perfect the protection measures are‭, ‬they cannot 100%‭ ‬guarantee that the Company’s core system is safe from black swan or gray‭ ‬rhino incidents‭. ‬Therefore‭, ‬our top priority is to increase the Company’s resilience and ensure the system can be quickly brought back to operation‭. ‬Therefore‭, ‬in addition to further investing in information security software and hardware‭, ‬we continue to strengthen our continuous operation capabilities‭, ‬so that the Company’s operations can be resumed in the shortest time in the event of an information security incident‭.‬




Information security capabilities was further improved to equip the Company with first-class operating capabilities


WT’s operation is based on continuous delivery capability‭. ‬WT is committed to providing products and services that meet confidentiality‭, ‬integrity and usability requirements‭. ‬In order to be a first-class enterprise in the sector‭, ‬we apply and introduce international information security frameworks‭, ‬and continuously strengthens the security control measures to ensure a high level of‭ ‬information security protection capabilities‭. ‬We therefore constantly evaluate the information security protection mechanism from point‭, ‬line and plane‭, ‬and develop different technical combinations to shorten the system recovery time‭. ‬In addition‭, ‬information security management system verification and red team exercises‭, ‬etc‭. ‬were introduced to review and upgrade the system with‭ ‬the assistance of independent organizations‭. ‬In 2022‭, ‬a number of external power outages happened unexpectedly‭. ‬As a precaution‭ ‬against unexpected power outages‭, ‬WT conducted a power supply abnormality exercise to ensure that emergency generators can be activated immediately and normal operation of the facilities and systems can be maintained‭. ‬After the exercise‭, ‬it was confirmed that the emergency response procedures were appropriate and all the facilities and systems were in normal operation‭.‬


 


By strengthening information security and employees‭’ ‬security awareness‭, ‬there were no sensitive information leakage or major information service interruption incidents‭, ‬nor financial losses caused to customers or suppliers in 2022‭.‬


Information security concerns of stakeholders were addressed


Through annual routine information security self-assessment questionnaires returned from our customers and suppliers‭, ‬information security management evaluations conducted by the competent authorities‭, ‬and inquiries raised on specific information security‭ ‬topics‭, ‬the questions and concerns we heard from the customers in 2022‭ ‬were mainly about the handling of major vulnerabilities‭, ‬security controls and measures‭, ‬ISO 27001‭ ‬certification‭, ‬information security management for sustainable operation‭, ‬etc‭. ‬The Information Security Department has answered all the questions to meet stakeholders‭’ ‬expectations and requirements‭.‬
Related Reading
2023-08
Financial Performance
Continued growth in 2022! 28% increase in group operating revenue
WT’s operating revenue increased by 28%‭ ‬from NTD447.9
read more →
2023-08
Ethical Management
The global corporate governance philosophy of transparency and anti-corruption has been followed
Integrity is WT’s most important core value and busines
read more →
2023-08
Corporate Governance
Strengthened risk control and self-monitoring to adapt to market conditions
Board Composition and Functions WT has established a co
read more →
Privacy Policy
Stakeholder Engagement
Operations Profile
Action Guidelines for Sustainability Management
Analysis of material disclose issues
About this Report
The last report was released in June 2023. This report was released in Augest 2024.

Contact person:Pow Ling, General Director of Public Relations Department
Address:14F, No.738, Chung Cheng Road, Chung Ho District, New Taipei City 235603, Taiwan (R.O.C.)
Telephone:+886-2-8226-9088 
Email:esg@wtmec.com
Copyright© WT Microelectronics Co., Ltd., All Rights Reserved.