Move to Main Content

ESG Sustainability-B ESG Sustainability-W

:::
Search
Taiwan International Ports Corporation
中文
::: MenuButtonText
:::
To skip this submenu, press [Enter], to continue, press [Tab]

Strengthening Information Security Protection

:::

2024 Performance Highlights (G)

  • No incidents of dat a breaches, the_, or loss of customer information were reported in any of the issues gathered at the port business forums.
  • Certified to ISO 27001:2022 through third party verification.
  • TIPC has incorporated cyber security regulations into the model contract in or der to control cybersecurity risks in the rental area.
  • Chief Cyber Security Officer hosted one management review meeting, in which various indicators of ISMS(IS-TW-04-003) validity measure were met, and indicators for 2025 (IS-TW-04-003-ISMS) were determined as well.
  • Operational Technology (OT) system administrators and their immediate supervisors attended the ‘Joint Cour se on Competency Mapping for Industrial Control Systems(ICS) Cybersecurity in Transportation Sector’ with a total of 48 participants, and 41 of whom w ere certified, representing an achievement rate of 85%.
  • There were no cases of customer privacy violation.

Comply with the SDGs

  • SDG9【SDG 9.c】
  • SDG17【SDG 17.17】

Management Policy

Covered material topics

  • Information Security and Customer Privacy
  • Customer Service Quality

Policy

  • Information Structure
  • Cybersecurity Education and Training【Customer Feedback Management】

Management Evaluation System

  • Cybersecurity Management
  • Cybersecurity Education and Training【Customer Feedback Management】

Information Structure

TIPC respects the customer privacy and comply with 'Personal Data Protection Act' promulgated in 2023 and 'Cyber Security Management Act' promulgated in 2018 in the collection, processing and use of customer data. TIPC keeps on strengthening its cyber security protection and defense capability, establishes a comprehensive cyber security policy, appoints Cyber Security Officer, and organizes Cyber Security Management Committee. Besides, the corporate has adopted the revised ISO 27001:2022 certification in 2024, and through the implementation of ISO 27001 international information security standard, we will continue to refine our information security management system and effectively implement internal control mechanisms in order to fulfill our responsibility to protect customer privacy. The information security status is regularly reviewed and reported to the President on a quarterly basis and to the Board of Directors on a semi-annual basis.

Information Security Policy

  • Implementation of program management
  • Regulatory Compliance
  • Prevention is more important than response
  • Ensure information security

Information Security Management Committee

Information Security Management Committee

Cybersecurity Management

TIPC conducts internal and external audits annually in accordance with the ISO 27001 standard. The Chief Cyber Security Officer convenes the Cyber Security Management Committee to conduct an annual management review meeting to review the implementation of information security indicators and establish targets for the following year to ensure the continuous improvement of the management system.

As a specific non-governmental agency under 'Cyber Security Management Act', TIPC is subject to legal regulation. Any violation of Articles 20 or 21 will result in a fine imposed by the Ministry of Transportation. For the purpose of reducing cyber security risks, relevant cyber security regulations have been incorporated into the lease agreement template since 2022 to enforce the cyber security responsibilities of leaseholders.

Annual cyber security risk assessments are conducted. In response to the digitalization of customer application and billing processes, the Port Corporation conducts asset inventory and risk assessments in accordance with ISMS standards, covering the three major aspects of availability, integrity, and confidentiality. For identified risks exceeding acceptable thresholds, risk mitigation plans are established and implemented to reduce potential impacts and enhance the protection of customer data and transaction privacy. In 2024, no privacy-related complaints were received, indicating the effective implementation of the cyber security management system.

TIPC has established information and communication security terms and conditions for outsourcing as guidelines for internal procurement of information and technology (IT) equipment, software, and services. These terms and conditions clearly stipulate the information security regulations that vendors must comply with, including the following:

Time of incident

Countermeasure

After acknowledging cybersecurity incidents such as

suspected privacy data breaches

Notify the company within the specified time and complete the

process.

Information received by vendors while providing

The application form must be completed in accordance with the regulations, and operations must be accompanied or monitored by a designated representative from the port authority

Information received by vendors while providing support services without port authorization

No disclosure to third parties

Termination or cancellation of the agency relationship between the two parties

Vendors should confirm that they have returned, handed over, deleted,

or destroyed the data held for the purpose of fulfilling the contract,

thereby adequately protecting customer privacy

The 'Global Information Network' established in accordance with the privacy policy allows visitors to feel secure with the services and information provided. The website is obligated to protect the privacy of applicants and will not modify or delete any personal data or files without prior consent, thereby granting visitors a secure browsing experience.

Cybersecurity Education and Training

TIPC conducts cyber security education and training in accordance with the 'Cyber Security Management Act'. In 2024, Cyber Security Officer received at least 12 hours of professional cybersecurity training each year, while information personnel other than cyber security officers received at least three hours. Meanwhile, general users and supervisors received an average of three hours of training annually. By 2024, the training completion rate reached 100%, strengthening cybersecurity and reducing the impact of personal data breaches. There were no substantiated incidents of customer data breaches, theft, or loss in 2024.

Customer Feedback Management

TIPC adheres to the policy of 'enhancing interaction with operators and policy communication', and manages customer feedback and service quality through the following measures:

  • Track and manage customer feedback and handle it appropriately.
  • Implement customer feedback management and ensure that customer data is secure with no incidents of information disclosure, theft, or loss of customer data.
  • Each branch collects issues related to 'customer health and safety' through regular forum meetings and record reviews.

In 2024, there were no major customer complaints. TIPC has organized 10 port seminars and addressed seven issues related to customer health and safety, all of which have been resolved. None of the issues were related to information leakage, theft, or loss of customer data. Cybersecurity regulatory practices in 2024 were adjusted on an rolling basis in accordance with guidance from the competent authority.

Last Updated:2025-09-08
Top