Information Security & Management

Home»Corporate Governance»Risk Management»Information Security & Management

Information Security & Management

  • Information Security & Management
  • The Company’s Board of Directors has resolved to establish a designated information security unit and a position of Information Security Officer in Q1 2022. The designated information security unit is named the “Information Security Center,” which reports directly to the CEO or his designated agent, and calls PIS (Proprietary Information Security Committee) meetings. Information Security Center consist of “Information Security Management Division” and “Information Security Technology Division” . The Information Security Center regularly reports relevant IT risks, issues and effectiveness of IT management. The Committee would report to the board of directors at least once every year on the progress of information security implementation and the latest reporting date was on November 10, 2023.
  • 5.2.1.1. Information security policy, concrete management programs and resources invested in information security management:
  • The Company values the importance of information security maintenance. We have established "Information Security Management Policy" and "Information Security Risk Management Framework" in 2009. We initiated plans to obtain ISO27001 certification since 2020, and proactively promote the implementation of information security measures in 2021 and successfully obtained the certification in Q2 2022 with validity from May 4, 2022 to May 4, 2025 (for details on our ISO certificates, please refer to https://www.quantatw.com/Quanta/english/corporategovernance/certificates.aspx). The Company is devoted into expanding the scope of certification through the implementation of information security management system to con-currently protect the Company and customers. We will further strengthen our capabilities in information security incidents response to meet the rising information security needs.
  • Quanta has invested in information security insurance from internationally known insurance companies since 2008. Specifically, the Company has increased the insurance premium in response to rising awareness of information security issues and stakeholders’ expectation. We have increased coverage by purchasing supplemental insurance on Social Engineering and Network Interruption-System Failure, to transfer and diversify contingent risks. Moreover, considering the difficulty of implementing boarder information security control, we have further extended the insurance coverage to include all major operation sites around the world. Planning of relevant insurance amount and insurees is based on the Company’s financial status and actual needs.
  • Major operations is highlighted below, please refer to the Company’s website and the “Information Security Management” section under the “Sustainable Governance and Ethics” chapter of the Company’s annual ESG report for more details (https://www.quantatw.com/Quanta/english/esg/ESG2022/ch03.html)
  • riskmanagement report