Information Security



Information Security


 


Information Security Governance and Organization


The role of information security is crucial to the operation of CTCI. Therefore, we have incorporated Information Security into the company's overall risk management framework. We have established the Information Security Promotion Committee, with the President serving as the chairman. The committee is responsible for reporting annually to the Board of Directors on the effectiveness of information security management and the direction of information security strategies. Oversight is provided by Director Johnny Shih, who holds a Master's degree in Computer Science and Business Administration from Columbia University in the United States, with a professional background in Information Technology (IT), offering professional insights and recommendations. This ensures alignment between the direction of information security initiatives and the sustainable development goals of the company.
 




We have established Information Security Policy Statement as the basis for promoting information security management. In terms of execution, the Information Security Promotion Committee is responsible for formulating information security objectives, strategies, and management procedures. At least once a year, the committee convenes an Information Security Management Review Meeting to review information security management matters, conduct a risk assessment report, and review risk treatment plans. Additionally, recognizing the increasing importance of information security and to comply with the requirements of Taiwan's Financial Supervisory Commission for secondary exchange listed company, CTCI has established an Information Security Audit Section under the Information Security Promotion Committee to carry out IT audit operations.
 




 


Information Security Risk Assessment


CTCI has incorporated information security into the company's overall risk management framework, conducting at least one annual information security risk assessment. For risks exceeding acceptable thresholds, risk treatment plans are proposed, implementing risk management measures to continuously monitor and ensure the completion of improvements.
 




 


Information Security Management and Control Measures


CTCI deeply understands the critical importance of avoiding any lapses in managing information security risks. Therefore, we continuously strive for improvement by employing the PDCA (Plan-Do-Check-Act) management system cycle to ensure effective implementation of risk control. Additionally, we enhance the effectiveness of information security management through three key initiatives: expanding skills, initiating change, and sharing knowledge.
 


ISMS implementation cycle of CTCI - The management cycle of information security system




 


Information Security Promotion Achievements


CTCI continues its proactive efforts in promoting information security, firmly adhering to the four main objectives in information security policy. We are dedicated to safeguarding the confidentiality, integrity, and availability. These efforts not only reflect our strength in the field of information security but also highlight our high regard and commitment to corporate operations and information security of customer.