Information Security Protection

Information Security Policy

Implement Information and Communication Security, Enhance Service Quality

Strengthen Information Security Training,Ensure Continuous Operations

Prepare for Emergency Response,Enhance Organizational Resilience

   

The Company has established an information security policy, and all employees are obligated to actively participate in promoting this policy to ensure the secure operation of data, information and communication systems, equipment, and networks. The Company expects all employees to understand, implement, and maintain these measures to achieve continuous business operations. To enhance the Company’s information security management and strengthen the protection of personal information and customer privacy, we have been following the ISO 27001 Information Security Management Framework since 2021. This framework helps us establish a comprehensive information security architecture and formulate management guidelines to control various information security risks, reducing the likelihood and impact of such risks.

Furthermore, to enhance the information security of SEEC and in response to the revision of the "Guidelines for Establishing Internal Control Systems for Public Companies" by the Financial Supervisory Commission, the Company has designated dedicated managers  and staff for cybersecurity since 2023. This move aims to drive the Company's cybersecurity infrastructure and compliance efforts. Additionally, plans are in place to establish a corporate-level Information Security Management Committee to coordinate the promotion of the Company's cybersecurity operations.

Information and Communication Security Framework

 

Information Security Control Measures

Information Security Education and Training

To supervise all employees in implementing information and communication security management, SEEC continuously conducts annual ICT security training to establish the concept of "Information Security is Everyone's Responsibility." This aims to enhance employees' understanding of the importance of ICT security and encourage compliance with ICT security regulations, thereby increasing ICT security intelligence and emergency response capabilities, and reducing ICT security risks to achieve continuous operational goals. The Company arranges information security courses during new employee training and holds regular information security seminars for existing employees. It also announces and promotes information security messages to all employees and prioritizes training for those who have not previously completed the Company's information security course. In 2024, three sessions of employee information security education were conducted, covering topics such as network security and data protection, to enhance employees' awareness of information security. A total of 142 employees participated this year.

Additionally, the Company periodically conducts information security drills to enhance employees' awareness of information security and regularly organizes emergency response drills for information security to ensure rapid recovery in the event of information system failures or major disasters, thus ensuring continuous operation of critical business functions and enhancing organizational resilience. In 2024, 1 information security drills and 11 emergency response drills were conducted. The information security drills involved phishing email simulations across the company, reaching 1,532 employees, to enhance their awareness of information security risks. The average pass rate for the company was 75%, and employees who did not meet the criteria were given further education and intensified training.The emergency response drills tested the core system's emergency response capabilities with scenarios involving database destruction, conducted by the information responsible person of the core system,practicing data backup and restoration. The drill results met the Recovery Time Objective (RTO), which requires restoration within 4 hours.

2023 Information Security Education and Training

Employee Information Security Drill

  • Date:4/27(total of 1 session)
  • Activity Name:Phishing Email Drill
  • Participants:All employees
  • Number of Participants:1,532

Employee Information Security Training

  • Dates:6/28、11/21(total of 3 sessions,each session 1 hour)
  • Course Name:Employee Information Security Training
  • Participants:Selected employees,prioritizing those who have not received training
  • Number of Participants:142

Employee Information Security Training

Information Security Emergency Response Drills

  • Dates:Executed according to schedule
  • Activity Name:Uninterruptible Power Supply (UPS) System Drill、ERP System Database Drill、ERP System AP Virtual Machine Restoration Drill、ERP System Database Server Drill (Hardware)、ERP System Database Storage Drill、Core Network Switch Drill、Server Farm Firewall Drill、ICT Service Drill
  • Participants:System-Related Responsible Person
  • Number of Participants:6

Information Security Seminars

 

  • 3 cybersecurity personnel from the company participated in cybersecurity seminars,achieving a 100% participation rate(including attendance at cybersecurity seminars)

 

 

 

Employee Information Security Training

 

To safeguard customer privacy, the company has established personal data protection management rules covering the collection, processing, copying,use, transmission, filing, deletion, and destruction of customer personal data. Detailed procedures for the protection of personal data are explained,and necessary training is conducted for relevant employees to ensure familiarity with all regulations and legal requirements. The company adheres to the Fair Trade Act, Personal Data Protection Act,Trademark Act, and requirements from the National Communications Commission and other government regulations for sales and promotional activities. In 2024, there were no complaints about customer privacy violations or loss of customer data, nor any breaches of cybersecurity regulations.

Strengthening Information Security Culture

TISAX Certification for Automobile Equipment Business Group

In recent years, cybersecurity incidents in the automotive industry have been frequent, prompting European car manufacturers to accelerate the completion of the VDA ISA certification of the automotive safety assessment information exchange platform (TISAX) for the supply chain. Since July 2022, the Electrical Products Business Group has obtained the VDA ISA TISAX AL2 level certificate for the first time, and will conduct the third renewal verification in December 2024, and is expected to pass the verification in March 2025 and update the validity label on the TISAX platform. This not only meets customer requirements, but also helps to expand European car manufacturers' customers, and strengthen the company's internal information security management.

Advancement of Information Security Management

Our company continues to promote information security enhancement measures, including conducting information asset inventory, annual risk assessments, internal information security audits, and information security management reviews to implement the ISMS management cycle, identify information security risks, and develop corresponding countermeasures.

To further enhance information security management, our company plans to introduce the ISO 27001 Information Security Management System in 2024. Currently, we have completed the first stage audit by the third-party verification机构 in December 2024, and the second stage audit will be completed in January 2025, with the aim of obtaining certification in March 2025.

 
Inventory and Risk Assessment Course for Information Assets、Risk Assessment Meeting

 

 

Contact:Sustainable Development Division ESG@seec.com.tw

Subscribe to newsletter

訂閱服務確認

已發送 Email 驗證信給你,請點擊信件連結以完成訂閱程序

訂閱失敗

暫時無法接受訂閱,請稍候重新嘗試
ASK SEEC ESG!