search
Search
繁中

Customer Care

Cybersecurity Policy

Issue Date:2024/01/30

Cybersecurity Commitment

A rock-solid secure ICT infrastructure is the foundation for any telecommunication services. Chunghwa Telecom (referred to as the Company hereinafter) aims to achieve its cybersecurity vision of “establishing the most valuable, secure, reliable, and trustworthy telecom service provider that meets international standards.” The Company formulated rigorous risk management and protection measures to uncover hidden, malicious behaviors and hunt down potential threats in time in the early stage of hacker attacks in a more proactively fashion. Meanwhile, with international cybersecurity standards introduced, it has established the joint defense mechanisms with governments and international cybersecurity organizations, effectively enhancing the overall cybersecurity defense and response capabilities of the Company and ensuring the security of operation and customer information.

Aiming for “zero tolerance,” we implement “Cybersecurity Policy” and “Privacy Protection Policy” right from the start. Pursuant to the spirit of ISO 27001 Information Security Management System and the Plan-Do-Check-Act (PDCA) cycle, we constantly review and improve in these regards before embedded into the everyday operations, so as to achieve the goal of ZERO occurrence in both major cybersecurity breach and privacy incidents.

Check out our “Cybersecurity Policy” 

Cybersecurity Management Strategy and Structure

Cybersecurity Management Organizations

Our company has established the Risk Management Committee (Board level), comprised of directors with various areas of expertise, including ICT, legal expertise, risk management, auditing, and cybersecurity. The committee oversees the execution of risk management activities, including cybersecurity and privacy protection risk management, and provides necessary recommendations for improvement.

To ensure an effective operation of cybersecurity management, “Cybersecurity and Privacy Protection Management Committee” has been established at Chunghwa Telecom. The Chairman represents the Board of Directors to oversee the Cybersecurity Policy. Meanwhile, the President has been appointed as the convener, and a SEVP as the Chief Information Security Officer (CISO), dedicated to the supervision of matters concerning the Company’s internal cybersecurity. The CHT SOC, established in 2013, is seasoned with experiences in large-scale hacking and defense scenarios. A department dedicated to ICT security management, Cybersecurity Department, has been set up in 2016 as the executive secretariat.

Meetings of “Cybersecurity Working Group” and “Privacy Protection Working Group” are held regularly. Results of cybersecurity and privacy protection governance are reported to the Board of Directors by the President.

Cybersecurity Management Organizations at CHT – The 3-Level Structure and Responsibilities
 

Management Mechanisms

Aside from establishing an information security management system in line with international standards, with risk management at the core, we evaluate the maturity levels of cybersecurity management and amend “Cybersecurity Policy” and relevant regulations in accordance with the results of external and internal risk assessments as appropriate on an annual basis.

With the goal of “Attention & Implementation of Cybersecurity by All,” we have incorporated “Information Security” as a KPIs for employees. At present, our Information Security Management System(ISMS) and Personal Information Management System(PIMS) have obtained certifications for ISO 27001, ISO 27701, ISO 27017, ISO 27018, CSA STAR, BS 10012 etc. The certified scope covers our company's owned operations and 100% of IT infrastructures, including mobile communication networks, fixed-line networks, international long distance networks, data networks, big data, ICT services, cloud services, customer service, enterprise business, research and development, education and training, and other major business.

In addition, to ensure the security of “ICT systems” and “critical infrastructure,” with reference to the NIST Cybersecurity Framework (CSF) and in pursuance of the standards and regulations, domestically and internationally, Chunghwa Telecom established “Cybersecurity and Privacy Protection Risk Management Framework” to put in place specific and effective measures for cybersecurity and privacy protection so as to prevent any potential cybersecurity risk.

To fully support and achieve the strategies and goals of various businesses, the Company established the “Cybersecurity Policy” in line with the operational goals, which has been approved by the Chairman and published on the Enterprise Information Portal (EIP) and the corporate website to demonstrate Chunghwa Telecom’s commitment to “Zero Tolerance” for cybersecurity incidents to all employees, customers, and suppliers. We have implemented specific and effective measures for cybersecurity and privacy protection, including Diversity and Defense-in-Depth for cybersecurity protection and management, intelligent security operation center, and cybersecurity threat detection and warning, critical infrastructure and ICT system operation continuity management, real-time incident report and rapid response mechanism, third-party external cybersecurity testing and diagnostics, etc. Following the Plan-Do-Check-Act (PDCA) management cycle, the Company constantly improves management practices in cybersecurity and privacy protection on a rolling basis. (Go to Annual Report

 

Cybersecurity and Privacy Protection Measures: Risk Identification; Defense & Detection; Rapid Response; Review and Correction

     
     
     
     
     
ESG Content Quick Links
Sustainable Governance
Sustainable Development Vision UN SDGs Sustainable Development Organization Stakeholders Engagement Material ESG Issues
Materiality Material ESG Performances
Corporate Governance
Board of Directors Ethical Management Tax Strategy Risk & Crisis Management Human Rights Management
Excellence & Innovation
Innovation Management Telecommunication Laboratories
Sustainable Supply Chain
Telecom Industry Value Chain CHT Sustainable Supply Chain Initiatives Supplier Anti Corruption Supplier ESG Program Supplier Selection Mechanism
Supplier Development Program
Customer Care
Customer Relationship Management Cybersecurity Privacy Protection Stable Network Services
Happy Workplace
Workforce Structure Diversity & Equality Anti-discrimination & Anti-harassment Remuneration & Incentives Benefits
Training & Development Occupational Health & Safety
Environmental Sustainability
Environmental Strategy & Goal Climate Strategy TCFD Energy Management GHG Emissions
Resource Management 5G Green Enterprise Biodiversity
Social Inclusion
Corporate Citizenship / Philanthropy Strategies 5I SDGs Initiative 5G Plastic Free Day Digital Inclusion
Interaction
Latest News Multimedia Surveys Contact Us Newsletter Subscription
Chunghwa Telecom CSR Fan Page
ESG Report
Sustainability ESG Report SASB Report TCFD Report

© Chunghwa Telecom Co., Ltd. No.21-3, Sec. 1, Xinyi Rd., Zhongzheng Dist., Taipei City 100, Taiwan Internet Browser Compatibility

BACK TO TOP

We use cookies to provide customized content and improve user experience. To find out more, please see our privacy policy.By using this site, you have agreed to our use of cookies in accordance with our policy.