Cybersecurity Commitment

A rock-solid secure ICT infrastructure is the foundation for any telecommunication services. Chunghwa Telecom (referred to as the Company hereinafter) aims to achieve its cybersecurity vision of “establishing the most valuable, secure, reliable, and trustworthy telecom service provider that meets international standards.” The Company formulated rigorous risk management and protection measures to uncover hidden, malicious behaviors and hunt down potential threats in time in the early stage of hacker attacks in a more proactively fashion. Meanwhile, with international cybersecurity standards introduced, it has established the joint defense mechanisms with governments and international cybersecurity organizations, effectively enhancing the overall cybersecurity defense and response capabilities of the Company and ensuring the security of operation and customer information.

Aiming for “zero tolerance,” we implement “Cybersecurity Policy” and “Privacy Protection Policy” right from the start. Pursuant to the spirit of ISO 27001 Information Security Management System and the Plan-Do-Check-Act (PDCA) cycle, we constantly review and improve in these regards before embedded into the everyday operations, so as to achieve the goal of ZERO occurrence in both major cybersecurity breach and privacy incidents.

➤ Check out our 《 Cybersecurity Policy

Cybersecurity Management Strategy and Structure

Cybersecurity Management Organizations

Item Description
Risk Management Committee established under the Board of Directors
  • Comprises directors with various areas of expertise, including ICT, legal expertise, risk management, auditing, and cybersecurity.
  • Supervises the execution of risk management activities, including cybersecurity and privacy protection risk management.
  • Proposes necessary recommendations for improvement.
Cybersecurity and Privacy Protection Management Committee
  • The Chairman represents the Board of Directors to oversee the Cybersecurity Policy.
  • The President serves as the convener, and the Advisor of Chairman Office and Vice President of Cyber Security Department as the Chief Information Security Officer (CISO)
  • Responsible for the supervision of matters concerning the Company’s internal cybersecurity
  • The CHT SOC has been established in 2013. A department dedicated to ICT security management, Cybersecurity Department, has been set up in 2016 as the executive secretariat.
Regular meetings
  • Meetings of “Cybersecurity Working Group” and “Privacy Protection Working Group” are held regularly.
  • Results of cybersecurity and privacy protection governance are reported to the Board of Directors by the President.

Cybersecurity Management Organizations at CHT – The 3-Level Structure and Responsibilities

 

Management Mechanisms

  • Chunghwa Telecom has established the information security management system that meets international standards. Driven by the risk management principles, it updates its Cybersecurity Policy and related guidelines according to the external and internal risk assessment results every year.
  • With the goal of “Attention & Implementation of Cybersecurity by All,” we have incorporated “Information Security” as a KPIs for employees. At present, our Information Security Management System (ISMS) and Personal Information Management System (PIMS) have obtained certifications for ISO 27001, ISO 27701, ISO 27017, ISO 27018, CSA STAR, BS 10012 etc. The certified scope covers our company's owned operations and 100% of IT infrastructures, including mobile communication networks, fixed-line networks, international long-distance networks, data networks, big data, ICT services, cloud services, customer service, enterprise business, research and development, education and training, and other major business.
  • To ensure the security of “ICT systems” and “critical infrastructure,” with reference to the NIST Cybersecurity Framework (CSF), Chunghwa Telecom established “Cybersecurity and Privacy Protection Risk Management Framework” to put in place and effective measures for “cybersecurity” and “privacy protection” so as to prevent any potential cybersecurity risk.
  • To support and achieve the strategies and goals of businesses, the Company has established the “Cybersecurity Policy” in line with the operational goals. CHT declares its commitment to achieving “Zero Tolerance” for cybersecurity incidents to all employees, customers, and suppliers.
  • To enforce specific and effective measures for cybersecurity and privacy protection, including real-time incident report, critical infrastructure management, and third-party external cybersecurity testing, etc. Following the PDCA management cycle, the Company constantly improves management practices in cybersecurity and privacy protection on a rolling basis.

 

For more information, please refer to the company's annual report. ( access the company's annual report )

 

Cybersecurity and Privacy Protection Measures: Risk Identification; Defense & Detection; Rapid Response; Review and Correction

Excellence & Innovation
Innovation Management
Interaction
Latest News Surveys Contact Us Newsletter Subscription Chunghwa Telecom CSR Fan Page

BACK TO TOP