Cybersecurity Management Policy

Home > Corporate Sustainability > Management System Policy > Cybersecurity Management Policy

Our cybersecurity targets are to ensure the confidentiality, integrity, availability, and compliance of our core system management operations (i.e high-availability information systems and related management activities). Cybersecurity performance metrics are defined and measured for each grade and role to ensure that the implementation of the cybersecurity management system meets the cybersecurity targets. Risk assessment meetings or other types of meetings are held to assess and conduct a panoramic analysis of internal/external topics and stakeholder requirements.

A cybersecurity policy with the following attributes should be established, implemented and maintained within the defined boundaries of the cybersecurity management system:

Confidentiality: Prevent the any leaks of sensitive company data.
Integrity: Ensure the veracity of company data.
Availability: Maintain the high-availability of key company information assets.
Compliance: Ensure that TASC is in compliance with cybersecurity laws.

Multiple security measures have been implemented to protect client and company trade secrets, including: Network security, terminal security, mail security, document security, as well as routine cybersecurity awareness and training to get employees into the habit of practicing proper security and hygiene online.

External rating and assessment of cybersecurity maturity is used to analyze cybersecurity risks and vulnerabilities exposed to the Internet. Vulnerabilities are patched in order depending on whether the risk rating is higher, moderate, or low. Monthly third-party risk assessments and persistent internal cybersecurity monitoring are carried out to reduce the risk of hacker attacks.

Many state-owned and private enterprises in Taiwan had been badly affected by a spate of hacker attacks in recent years. Emergency response drills were therefore organized within our fabs to simulate the activation of the cybersecurity incident reporting procedure after system disruption, followed by coordination of each unit to communicate with external clients and start the internal backup and recovery procedure. The drills help strengthen TASC resilience against hacker attacks.