Information Security Risk
In order to strengthen information security capabilities, SYSTEX has set up the “Crisis Resolution Team” for Information Security protection, which is responsible for information security risks and supporting the resolution of Information Security and personal info. incidents. Meanwhile, each business unit that has introduced ISO 27001 has set up an Information Security Task Force Committee to provide consultancy, technical services and Information Security training courses, establish an information security risk management framework, and formulate information security policies and specific management plans. There are 10 members of the Information Security Task Force Committee, including chief of strategy, the division head of IT division, legal division and business units, and other relevant supervisors and employees. The Committee holds a total of meetings in 2022.
The Information Security Protection Team holds regular meetings to check whether there has been Information Security incidents, assess the possible risks and negative impacts to propose improvement plans. SYSTEX conducts risk assessments and related reviews every 6 months. In 2022, no high-risk projects were found through continuous risk assessment. Meanwhile, the mid- and low-risk projects were handed over to the relevant operating units for processing, and were included in the follow-up tracking and reporting operations.
Unit |
Responsibility |
Crisis Resolution Team for Information Security |
|
Information Security Task Force Committee |
|