Information Security Organization and Mechanisms
Cathay FHC has an Information Security Committee that formulates the group's information security policy and implements the information security management system. Cathay FHC, Cathay Life, CUB, and Cathay Century each have an independent information security unit and departmental head responsible for planning, monitoring, and implementing information security management. The implementation and management status of information security in the previous year is reported to the Board of Directors in the first quarter of each year. Cathay FHC has a cross-company FHC-level Information Security Communications Committee and FHC-level information security incident response team, which fully dedicated to information security management and quality improvement.
Cathay FHC Information Security Organizational Chart
Cathay FHC and its subsidiaries have all separately established information security policies, which are subject to approval by their respective board of directors. These policies, reviewed annually, secure the confidentiality, completeness, availability, and compliance of information assets. Cathay FHC's subsidiaries including Cathay Life, CUB, and Cathay Century have all obtained the international certification ISO 27001:2013 Information Security Management System. As of the end of 2019, coverage of ISO 27001:2013 reached 94.88% of the group’s information system. In addition, reinforced information security incident warning, reporting, and response procedures are in place to provide customers with safe financial services.