Cybersecurity Commitment

A rock-solid secure ICT infrastructure is the foundation for any telecommunication services. The cybersecurity vision at Chunghwa Telecom (referred to as the Company hereinafter) is  to “strengthen cybersecurity resilience and enhance privacy protection, creating a top-tier technology group that meets international standards for safety, reliability, and customer trust.” The Company formulated rigorous risk management and protection measures to uncover hidden, malicious behaviors and hunt down potential threats in time in the early stage of hacker attacks in a more proactively fashion. Meanwhile, with international cybersecurity standards introduced, it has established the joint defense mechanisms with governments and international cybersecurity organizations, effectively enhancing the overall cybersecurity defense and response capabilities of the Company and ensuring the security of operation and customer information. 

Aiming for “zero tolerance,” we implement “Cybersecurity Policy” and “Privacy Protection Policy” right from the start. Pursuant to the spirit of ISO 27001 Information Security Management System and the Plan-Do-Check-Act (PDCA) cycle, we constantly review and improve in these regards before embedded into the everyday operations, so as to achieve the goal of ZERO occurrence in both major cybersecurity breach and privacy incidents.

➤ Check out our 《 Cybersecurity Policy

Cybersecurity Management Strategy and Structure

Cybersecurity Management Organizations

Item Description
Risk Management Committee established under the Board of Directors
  • All seats on the Committee are Independent or Non-executive Directors (the Chairperson is an Independent Director, and over 50% of the seats are Independent Directors). The Committee is composed of Directors with diverse capabilities, including expertise in ICT, legal, risk management and auditing, and cybersecurity. Among the members, Dr. Jer-Liang Yeh was responsible for risk governance of government ICT systems, including procurement risk, cloud service risk, and cybersecurity risk, with a focus on ensuring that risk controls were operationally implemented at scale rather than remaining at a purely policy level. (For the complete professional experience, please refer to “Board Industry Experience” 
  • The scope of oversight encompasses the execution of ICT security and privacy protection risk management.
  • Regularly reviews management performance and provides necessary recommendations for improvement.
  • Material risk issues are submitted to the Risk Management Committee or reported directly to the Board of Directors.
Cybersecurity and Privacy Protection Management Committee
  • The Chairman represents the Board of Directors to oversee the Cybersecurity Policy.
  • The President serves as the convener, and the Advisor of Chairman Office and Vice President of Cyber Security Department as the Chief Information Security Officer (CISO).The CISO reports on matters such as cybersecurity governance, risk profiles, and major incidents to the President and relevant board-level committees (e.g., the Risk Management Committee) on a regular or timely basis, ensuring that the senior executive management maintains timely grasp of cybersecurity risks.
  • Responsible for the supervision of matters concerning the Company’s internal cybersecurity
  • The Cybersecurity Department at the Headquarters serves as the executive secretary, and CHT SOC has been established, to monitor and track the effectiveness of cybersecurity management and protection.
Regular meetings
  • The meetings of "Cybersecurity Working Group" and the "Privacy Protection Working Group" are held at least semi-annually.
  • Matters concerning cybersecurity and privacy protection governance are reported to the Board of Directors by the President, such as the implementation achievements of cybersecurity governance, material cybersecurity risk incidents, and internal and external audit results, facilitating the Board's ongoing oversight of our cybersecurity and personal data governance.
     

Cybersecurity Management Organizations at CHT

 

Management Mechanisms

  • Chunghwa Telecom has established the information security management system that meets international standards. Driven by the risk management principles, it updates its Cybersecurity Policy and related guidelines according to the external and internal risk assessment results every year.
  • To ensure the security of “ICT systems” and “critical infrastructure,” with reference to the NIST Cybersecurity Framework (CSF 2.0), Chunghwa Telecom established “Cybersecurity and Privacy Protection Risk Management Framework” to put in place and effective measures for “cybersecurity” and “privacy protection” so as to prevent any potential cybersecurity risk.
  • To support and achieve the strategies and goals of businesses, the Company has established the “Cybersecurity Policy” in line with the operational goals. CHT declares its commitment to achieving “Zero Tolerance” for cybersecurity incidents to all employees, customers, and suppliers.
  • To enforce specific and effective measures for cybersecurity and privacy protection, including real-time incident report, critical infrastructure management, and third-party external cybersecurity testing, etc. Following the PDCA management cycle, the Company constantly improves management practices in cybersecurity and privacy protection on a rolling basis.

 

For more information, please refer to the company's annual report. ( access the company's annual report )

 

Cybersecurity and Privacy Protection Measures: Risk Identification; Defense & Detection; Rapid Response; Review and Correction

ESG Content Quick Links
Excellence & Innovation
Sustainable Revenues
Interaction
Latest News Surveys Contact Us Newsletter Subscription Chunghwa Telecom CSR Fan Page

BACK TO TOP