Chunghwa Post has always been committed to maintaining the security of the information environment. However, the rapid development of information technology and the fast changes of the overall business environment, Chunghwa Post has to not only work on the diversified development of its business and provide better services to its customers, but also enhance information security management and further protect customer privacy and reduce security risks. The Cyber Security Office is the dedicated unit for information security, whose major task is to ensure the Company’s core information communication system to reach the goals of confidentiality, integrity, and availability.
All information equipment has safety control measures, including regular update of password, allowing USB flash drive to read instead of to write, controlling the computer authority for software installing and so on. In addition, social engineering drills are held regularly, and phishing emails are sent to test our associates’ awareness of information security protection. A total of 4 social engineering drills were held in 2022 with 10 test emails sent at each drill, and approximately 25,000 people were tested, with the pass rate of 99.84%. Information security education and training are strengthened to those who failed the tests.

To comply with the requirements in the Personal Data Protection Act and to protect the right of the person involved, the third-party verification (BSI) of the Personal Data Protection Management System (BS 10012) and the International Standard Privacy Information Management System (ISO 27701) have been introduced to maintain the validity of the certificate to reduce any possible impact and risk brought by a personal data infringement event. According to the statistical results in the measurement period in 2022, all the 8 indicators have reached the targets. There were no confirmed incidents of information leakage, theft, or loss of customer data in 2022.