Corporate sustainability

> Sustainable Development

> Letter from the Chairman

> Sustainable Highlights

> Sustainable Business

> Corporate Governance

> Caring for Employee

> Tech for Good

> Supply Chain Management

> Environment Sustainability

> Downloads

Risk Management

Climate-Related Risk

Information Security Risk

Human Rights Risk

Health Risk

In order to strengthen information security capabilities, SYSTEX Group has formulated the “SYSTEX Group Information Security Policy “, “SYSTEX Group Information Security Management Measures” and other related guidelines, regulations, procedures and operating rules. SYSTEX has established the “Information Security Technology Department” in December 2023 as the dedicated information security management unit and allocated a supervisor and 2 dedicated staff members in regulatory compliance with the “Regulations Governing Establishment of Internal Control Systems by Public Companies“, and then finished the application to the competent authority before the end of 2023. The “Information Security Technology Department” also functions as the “Crisis Resolution Team for Information Events,” serving as the task unit under the Risk Management Committee, and is responsible for reporting the implementation effectiveness to the Committee. Additionally, SYSTEX has formed the “Information Security Taskforce Committee” for providing consulting services on information security management issues. The Taskforce is composed of about 15 members, including the division head of IT division, legal division and business units, and other relevant supervisors and employees, and held a total of 12 project meetings in 2023.

In addition to overall management of the group’s information security management affairs, the Information Security Technology Department is also responsible for supporting the information security and personal information incident processing of business units that have introduced ISO 27001. Meanwhile, each business unit that has introduced ISO 27001 has set up an Information Security Task Force Committee to provide consultancy and technical services, establish an information security risk management framework, and formulate information security policies and specific management plans.

The Information Security Taskforce Committee holds regular meetings to check whether there has been Information Security incidents, assess the possible risks and negative impacts to propose improvement plans. SYSTEX conducts risk assessments and related reviews every 6 months. In 2023, no high-risk projects were found through continuous risk assessment. Meanwhile, the mid- and low-risk projects were handed over to the relevant operating units for processing, and were included in the follow-up tracking and reporting operations.

Unit Responsibility

Information Security Technology Department
  • Develop and implement the Information Security policy, rules, measures and related operation actions.
  • Implement the Group’s related drills of Information Security and Personal Data Protection,and develop corresponding actions.
  • Plan the Group’s information security education and trainings.
  • Continuously improve information security defense management control.
Crisis Resolution Team for Information Security
  • As one of the task teams under the Risk Management Committee, the Crisis Resolution Team for Information Security is responsible for regularly reporting the effectiveness of information security risk management to the Risk Management Committee.
Information Security Task Force Committee
  • Establish IS strategy Blueprint of SYSTEX Group and jointly invest in IS-related business with partners.
  • Establish security operations and service of Cyber Center.
  • Assist in the IS defense and protection of SYSTEX Group.
  • Cultivate IS-related technology talents of SYSTEX Group.
For more details, please refer to “Information Security Policy and Management“.