Customer Care

Cybersecurity Policy

Issue Date:2024/01/30

Cybersecurity Commitment

A rock-solid secure ICT infrastructure is the foundation for any telecommunication services. Chunghwa Telecom (referred to as the Company hereinafter) aims to achieve its cybersecurity vision of “establishing the most valuable, secure, reliable, and trustworthy telecom service provider that meets international standards.” The Company formulated rigorous risk management and protection measures to uncover hidden, malicious behaviors and hunt down potential threats in time in the early stage of hacker attacks in a more proactively fashion. Meanwhile, with international cybersecurity standards introduced, it has established the joint defense mechanisms with governments and international cybersecurity organizations, effectively enhancing the overall cybersecurity defense and response capabilities of the Company and ensuring the security of operation and customer information.

Aiming for “zero tolerance,” we implement “Cybersecurity Policy” and “Privacy Protection Policy” right from the start. Pursuant to the spirit of ISO 27001 Information Security Management System and the Plan-Do-Check-Act (PDCA) cycle, we constantly review and improve in these regards before embedded into the everyday operations, so as to achieve the goal of ZERO occurrence in both major cybersecurity breach and privacy incidents.

Check out our “Cybersecurity Policy” 

Cybersecurity Management Strategy and Structure

Cybersecurity Management Organizations

Our company has established the Risk Management Committee (Board level), comprised of directors with various areas of expertise, including ICT, legal expertise, risk management, auditing, and cybersecurity. The committee oversees the execution of risk management activities, including cybersecurity and privacy protection risk management, and provides necessary recommendations for improvement.

To ensure an effective operation of cybersecurity management, “Cybersecurity and Privacy Protection Management Committee” has been established at Chunghwa Telecom. The Chairman represents the Board of Directors to oversee the Cybersecurity Policy. Meanwhile, the President has been appointed as the convener, and a SEVP as the Chief Information Security Officer (CISO), dedicated to the supervision of matters concerning the Company’s internal cybersecurity. The CHT SOC, established in 2013, is seasoned with experiences in large-scale hacking and defense scenarios. A department dedicated to ICT security management, Cybersecurity Department, has been set up in 2016 as the executive secretariat.

Meetings of “Cybersecurity Working Group” and “Privacy Protection Working Group” are held regularly. Results of cybersecurity and privacy protection governance are reported to the Board of Directors by the President.

Cybersecurity Management Organizations at CHT – The 3-Level Structure and Responsibilities

Management Mechanisms

Aside from establishing an information security management system in line with international standards, with risk management at the core, we evaluate the maturity levels of cybersecurity management and amend “Cybersecurity Policy” and relevant regulations in accordance with the results of external and internal risk assessments as appropriate on an annual basis.

With the goal of “Attention & Implementation of Cybersecurity by All,” we have incorporated “Information Security” as a KPIs for employees. At present, our Information Security Management System(ISMS) and Personal Information Management System(PIMS) have obtained certifications for ISO 27001, ISO 27701, ISO 27017, ISO 27018, CSA STAR, BS 10012 etc. The certified scope covers our company's owned operations and 100% of IT infrastructures, including mobile communication networks, fixed-line networks, international long distance networks, data networks, big data, ICT services, cloud services, customer service, enterprise business, research and development, education and training, and other major business.

In addition, to ensure the security of “ICT systems” and “critical infrastructure,” with reference to the NIST Cybersecurity Framework (CSF) and in pursuance of the standards and regulations, domestically and internationally, Chunghwa Telecom established “Cybersecurity and Privacy Protection Risk Management Framework” to put in place specific and effective measures for cybersecurity and privacy protection so as to prevent any potential cybersecurity risk.

To fully support and achieve the strategies and goals of various businesses, the Company established the “Cybersecurity Policy” in line with the operational goals, which has been approved by the Chairman and published on the Enterprise Information Portal (EIP) and the corporate website to demonstrate Chunghwa Telecom’s commitment to “Zero Tolerance” for cybersecurity incidents to all employees, customers, and suppliers. We have implemented specific and effective measures for cybersecurity and privacy protection, including Diversity and Defense-in-Depth for cybersecurity protection and management, intelligent security operation center, and cybersecurity threat detection and warning, critical infrastructure and ICT system operation continuity management, real-time incident report and rapid response mechanism, third-party external cybersecurity testing and diagnostics, etc. Following the Plan-Do-Check-Act (PDCA) management cycle, the Company constantly improves management practices in cybersecurity and privacy protection on a rolling basis. (Go to Annual Report


Cybersecurity and Privacy Protection Measures: Risk Identification; Defense & Detection; Rapid Response; Review and Correction