Information Security Organization and Mechanisms
Cathay continues to follow Financial Supervisory Commission’s “Financial Information Security Action Plan” and take continuous steps to strengthen its defense against security threats, thereby ensuring the security, convenience, and continuity of financial services rendered. Cathay FHC has an Information Security Committee that formulates the group's information security policy and implements the management system. Cathay FHC, Cathay Life, CUB, and Cathay Century each have an independent information security unit and supervising officer responsible for planning, monitoring, and implementing information security management. The implementation status of information security in the previous year is reported to the Board of Directors annually.
Cathay FHC Information Security Organizational Chart
Cathay FHC has a cross-company FHC-level Information Security Communications Committee and FHC-level information security incident emergency response team, which is fully dedicated to information security management and quality improvement. Furthermore, Cathay FHC has established the Security Operation Center in 2020 that operates 24/7 to monitor and provide prompt alerts to information security risks. In addition, external consultants and emergency response team are leveraged, which are highly experienced in responding to information security incidents, to provide appropriate and professional recommendations and emergency response support.
Cathay FHC and its subsidiaries have all separately established information security policies, which are subject to approval by their respective board of directors, and all examine the confidentiality, completeness, availability, and compliance of information assets through annual inspections. Cathay FHC's major subsidiaries Cathay Life, CUB, and Cathay Century have all obtained the international certification ISO 27001:2013 Information Security Management System. As of the end of 2020, coverage of ISO 27001:2013 reached 96.5% of the group, and Cathay FHC will assist in promoting the ISO 27001:2013 framework in Cathay Securities, Cathay Futures, Cathay SITE, and Cathay SICE in 2021. This will complete the information security governance framework and management system, and reinforce information security incident warning, reporting, and response procedures to provide customers with safe financial services.
In order to ensure the information security of outsourced operations, the major subsidiaries, including Cathay United Bank, Cathay Life, Cathay Century, Cathay Securities, Cathay Futures, and Cathay Securities Investment Trust, will conduct regular audits on the entrusted institutions that handle customer information in cooperation with business units. We also verify information security risks and ensure legal compliance, in the aim to improve data security and reduce the risk of data leakage.