Due to the rapid development of information technology, the overall business environment is changing rapidly. In addition to working on the diversified development of our businesses, digital transformation is also accelerated to provide more complete and convenient data services. However, this is accompanied by increased information security risks. Therefore, Chunghwa Post established an Information Security Officer (concurrently held by the vice president or equivalent position holder), Cyber Security Office, and the Information Security & Personal Data Protection Committee to coordinate the promotion of information security and personal information solutions and maintain information security and the normal operation of information security and the personal information management system to ensure that our core cyber communication system can achieve the goals of confidentiality, integrity and availability, thereby safeguarding the customer privacy and reducing security risks.

To ensure the information and information system of the postal savings and remittance system are properly protected, we have imported the international standard information security management system (ISO 27001) verified by a third-party (BSI) and continue to maintain the validity of the certificate. Chunghwa Post was honored with the Excellence for Information Resilience Award by BSI in 2023 in recognition of our continuous improvement of information resilience based on the foundation of information security management. There are a total of 43 measurement indicators for the information security effectiveness of the postal savings and remittance system. The statistical results of relevant indicators in the 2023 measurement cycle have all reached the set goals.

Moreover, all information equipment has safety control measures, including regular update of password, allowing USB flash drive to read instead of to write, controlling the computer authority for software installing and so on. In addition, social engineering drills are held regularly, and phishing emails are sent to test our associates’ awareness of information security protection.
A total of 4 social engineering drills were held in 2023 with 10 test emails sent to all employees at each drill, with the pass rate of 99.28%. Information security education and training are strengthened to those who failed the tests.

To comply with the requirements in the Personal Data Protection Act and to protect the right of the person involved, the third-party verification (BSI) of the Personal Data Protection Management System (BS 10012) and the International Standard Privacy Information Management System (ISO 27701) have been introduced to maintain the validity of the certificate to reduce any possible impact and risk brought by a personal data infringement event. According to the statistical results in the measurement period in 2023, all the 8 indicators have reached the targets. There were no confirmed incidents of information leakage, theft, or loss of customer data in 2023.