Cybersecurity Commitment
A rock-solid secure ICT infrastructure is the foundation for any telecommunication services. Chunghwa Telecom (referred to as the Company hereinafter) aims to achieve its cybersecurity vision of “establishing the most valuable, secure, reliable, and trustworthy telecom service provider that meets international standards.” The Company formulated rigorous risk management and protection measures to uncover hidden, malicious behaviors and hunt down potential threats in time in the early stage of hacker attacks in a more proactively fashion. Meanwhile, with international cybersecurity standards introduced, it has established the joint defense mechanisms with governments and international cybersecurity organizations, effectively enhancing the overall cybersecurity defense and response capabilities of the Company and ensuring the security of operation and customer information.
Aiming for “zero tolerance,” we implement “Cybersecurity Policy” and “Privacy Protection Policy” right from the start. Pursuant to the spirit of ISO 27001 Information Security Management System and the Plan-Do-Check-Act (PDCA) cycle, we constantly review and improve in these regards before embedded into the everyday operations, so as to achieve the goal of ZERO occurrence in both major cybersecurity breach and privacy incidents.
➤ Check out our 《 Cybersecurity Policy 》
Cybersecurity Management Strategy and Structure
Cybersecurity Management Organizations
| Item | Description |
|---|---|
| Risk Management Committee established under the Board of Directors |
|
| Cybersecurity and Privacy Protection Management Committee |
|
| Regular meetings |
|
Cybersecurity Management Organizations at CHT – The 3-Level Structure and Responsibilities
Management Mechanisms
- Chunghwa Telecom has established the information security management system that meets international standards. Driven by the risk management principles, it updates its Cybersecurity Policy and related guidelines according to the external and internal risk assessment results every year.
- With the goal of “Attention & Implementation of Cybersecurity by All,” we have incorporated “Information Security” as a KPIs for employees. At present, our Information Security Management System (ISMS) and Personal Information Management System (PIMS) have obtained certifications for ISO 27001, ISO 27701, ISO 27017, ISO 27018, CSA STAR, BS 10012 etc. The certified scope covers our company's owned operations and 100% of IT infrastructures, including mobile communication networks, fixed-line networks, international long-distance networks, data networks, big data, ICT services, cloud services, customer service, enterprise business, research and development, education and training, and other major business.
- To ensure the security of “ICT systems” and “critical infrastructure,” with reference to the NIST Cybersecurity Framework (CSF), Chunghwa Telecom established “Cybersecurity and Privacy Protection Risk Management Framework” to put in place and effective measures for “cybersecurity” and “privacy protection” so as to prevent any potential cybersecurity risk.
- To support and achieve the strategies and goals of businesses, the Company has established the “Cybersecurity Policy” in line with the operational goals. CHT declares its commitment to achieving “Zero Tolerance” for cybersecurity incidents to all employees, customers, and suppliers.
- To enforce specific and effective measures for cybersecurity and privacy protection, including real-time incident report, critical infrastructure management, and third-party external cybersecurity testing, etc. Following the PDCA management cycle, the Company constantly improves management practices in cybersecurity and privacy protection on a rolling basis.
For more information, please refer to the company's annual report. ( access the company's annual report )
Cybersecurity and Privacy Protection Measures: Risk Identification; Defense & Detection; Rapid Response; Review and Correction
