For efficient operations and high accuracy in work quality, CPC has adopted a highly information-oriented approach to its operations. Both internal operational process forms and customer data are managed and stored systematically. Therefore, robust information security and personal data management are crucial for maintaining efficient and legally compliant continuous operations. Moreover, CPC has implemented the ISO 27001 Information Security Management System operational procedures since 2019, and officially obtained certification in March 2021. Through continuous periodic reviews and maintenance, CPC strives to consistently improve its internal management.
There were a total of 15 internal auditors for ISO 27001 in 2023.
Cyber Security Policies
Establish an information security management system step by step under the ISO/IEC 27001:2022 standard, and maintain its effectiveness continuously.
Maintain the confidentiality, integrity, availability, and legal compliance of information assets to ensure secure and stable operations of cyber activities.
To uphold information security and drive continuous improvement, measurable objectives will be reviewed and revised annually based on actual needs. This will be supported by advocacy from all levels of management to enhance staff understanding and ensure the effective implementation of the system in daily operations.
Implement audit execution and management review processes to achieve continuous improvement of the information security management system.
Information Management Promotional Committee
The “Information Management Promotional Committee” has been established since 2021, holding two committee meetings each year. During these meetings, the task execution units present their annual work plans and provide execution results review reports in July and at the end of the year. Starting in 2022, an annual internal audit for ISO 27001 has been conducted across all departments, and management review meetings are held. These meetings review the results of internal audit improvements, the progress of C-level specific non-governmental organization tasks, key information items, discussion matters, and any motions.
In addition to ongoing regular operations, the Audit Office annually focuses on key audit items to detect anomalies early and reduce risks. This is crucial for the organization’s continuous operation and for preventing the leakage of important data.
ISO 27001:2022 Certification Certificate
Successfully passed the regular re-certification audit and received updated certification for ISO/IEC 27001:2017, ISO/IEC 27001:2013 + COR 1:2014 + COR 2:2015 version in 2023.
Information Security Management Awareness Training
- Conduct courses in accordance with the requirements for C-level Specific Non-Government Agency Cyber Security Management as stipulated by the Cyber Security Management Act of the Executive Yuan.
- Since most of CPC's information systems are developed in-house, to enhance employees' understanding of security in system development, an online course on secure development and vulnerability remediation was conducted in 2023.
- To enhance the professional competencies of information personnel, a professional cyber security training course was conducted in 2023, as required every two years.
- In response to the transition from ISO 27001:2013 to ISO 27001:2022, training on the 2022 version was conducted.
- To verify the implementation of information security awareness among employees, social engineering drills have been conducted annually starting in 2023.