Due to the rapid development of information technology, the overall business environment is changing rapidly. In addition to working on the diversified development of our businesses, digital transformation is also accelerated to provide more complete and convenient data services. However, this is accompanied by increased information security risks. Therefore, Chunghwa Post established an Information Security Officer (concurrently held by the vice president or management of equivalent level), Cyber Security Office, and the Information Security & Personal Data Protection Committee to coordinate the promotion of information security and personal information solutions and maintain information security and the normal operation of information security and the personal information management system to ensure that our core cyber communication system can achieve the goals of confidentiality, integrity and availability, thereby safeguarding the customer privacy and reducing security risks. or management of equivalent level.

To ensure the information and information system of the postal savings and remittance system are properly protected, we have obtained the international standard information security management system (ISO 27001) verified by a third-party (BSI), and obtained the updated verification in July, 2024 to continuously strengthen the information security management mechanism. Chunghwa Post was honored with the Digital Trust and Sustainable Development Award by BSI in 2024 in recognition of our long-term efforts and achievements in digital transformation and corporate social responsibility. There are a total of 44 measurement indicators for the information security effectiveness of the postal savings and remittance system. The statistical results of relevant indicators in the 2024 measurement cycle have all reached the set goals.

Moreover, all information equipment has safety control measures, including regular update of password, allowing USB flash drive to read instead of to write, controlling the computer authority for software installing and so on. In addition, social engineering drills are held regularly, and phishing emails are sent to test our associates’ awareness of information security protection. A total of 4 social engineering drills were held in 2024 with 10 test emails sent to all employees at each drill, with the pass rate of 98.24%. Information security education and training are strengthened to those who failed the tests.

To protect the right of the person involved, the Personal Data Protection Management System (BS 10012) and the Privacy Information Management System (ISO 27701) have been certified by the third-party verification body (BSI) to maintain the validity of the certificate to reduce any possible impact and risk brought by a personal data infringement event. According to the statistical results in the measurement period in 2024, all the 8 indicators have reached the targets. There were no confirmed incidents of information leakage, theft, or loss of customer data in 2024.