資訊安全管理政策 Information Security Management Policy
Since its establishment in 1999, Hotai Finance Corporation has demonstrated financial expertise by continuously improving and innovating diverse financial products. Hotai Finance Corporation has accumulated nearly three million customer cases. To ensure the safety of our customers’ personal data and minimize information security risks, we are committed to strengthening our information safety system and hence issue the Information Security Management Policy. The policy aims to provide employees a clear conduct to follow, and Hotai Finance Corporation expects each employee to participate and advocate for the policy to ensure the smooth operation of data, information systems, equipment, and the internet.
Implement information security, and strengthen service quality
ISMS shall be followed by all employees. All information safety-related measures shall ensure the confidentiality, integrity, and availability of sales information, to prevent the risk of disclosure, damage or loss of information, and appropriate measures shall be taken to minimize risks. Hotai Finance Corporation shall continue to supervise, review and audit the tasks of ISMS to strengthen service quality.
Strengthen information safety training, and ensure operation efficiency
Hotai Finance Corporation has adapted the following in response:
- a.Through diverse training and communication channels, continue to strengthen employees’ awareness of information safety. For example: employees must undergo mandatory training on information safety to prevent personal data safety breaches.
- b.Information safety audits are conducted annually, to raise employee awareness and strengthen emergency response.
Ensure emergency response for quick recovery
Establish a recovery plan in case of security breaches on important asset and businesses-related information, and conduct regular drills for smooth operation and recovery to minimize damages in the case of system errors or disasters.
和潤企業自1999年成立至今,以金融專業能力為根本,一方面以專業持續改善、創新的各項金融商品,以超越顧客期待。至今已累近積300萬筆顧客資料,為了保障客戶資料的安全及有效降低網路安全風險,我們持續精進及強化資訊安全系統,特頒布資訊安全管理政策。本政策旨在讓同仁於日常工作時有一明確指導原則,所有同仁皆有義務積極參與推動資訊安全管理政策,以確保本公司所有員工資料、資通系統、設備及網路之安全維運,並期許全體同仁均能了解、實施與維持,以達資通系統業務流程持續營運的目標。
落實資訊安全,強化服務品質
由全體同仁貫徹執行ISMS,所有資通作業相關措施,應確保業務資料之機密性、完整性及可用性,免於因外在之威脅或內部人員不當的管理,遭受洩密、破壞或遺失等風險,選擇適切的保護措施,將風險降至可接受程度持續進行監控、審查及稽核「資訊安全管理制度(ISMS)」的工作,強化服務品質,提升服務水準。
加強資安訓練,確保持續營運
防護系統並非萬能,鑒於駭客攻擊手法不斷更新,因此在資安意識的提升上,有下列作法:
- a.透過多元化形式的教育訓練及溝通宣導,持續深化每位同仁的資安意識。例如:針對全體同仁,每年需接受資安教育訓練與測驗,以減少因不清楚資安規定,引發資安事件或外洩機敏資料。
- b.每年進行資安稽核,落實全體同仁資訊安全管理工作,建立「資訊安全、人人有責」的觀念,促使同仁瞭解資訊安全之重要性,促其遵守資訊安全規定,藉此提高資訊安全智能及緊急應變能力,降低資訊安全風險,達持續營運之目標。
落實資訊安全,強化服務品質
訂定重要資訊資產及關鍵性業務之緊急應變計畫及災害復原計畫,並定期執行各項緊急應變流程的演練,以確保資通系統失效或重大災害事件發生時能迅速復原,確保關鍵性業務持續運作,並將損失降至最低。
Green Corporation of Hotai Finance Corporation 和潤企業的綠色使命
Through environmental protection, bettering corporate governance, and strengthening corporate social responsibility, we strive to become an eco-friendly green enterprise. 在追求公司成長同時,我們也兼顧環境友善,朝綠色企業之目標邁進,並以組織化的方式推行和潤的永續管理