Risk Management
In order to strengthen information security capabilities, SYSTEX has set up the “Crisis Resolution Team” for IS protection, which is responsible for information security risks and supporting the resolution of IS and personal info. incidents. Meanwhile, each business unit that has introduced ISO 27001 has set up an IS Task Force Committee to provide consultancy, technical services and IS training courses, establish an information security risk management framework, and formulate information security policies and specific management plans.
The IS Protection Team holds regular meetings to check whether there has been IS incidents, assess the possible risks and negative impacts to propose improvement plans. SYSTEX conducts risk assessments and related reviews every 6 months. In 2021, no high-risk projects were found through continuous risk assessment. Meanwhile, the mid- and low-risk projects were handed over to the relevant operating units for processing, and were included in the follow-up tracking and reporting operations.
|
Unit |
Responsibility |
|
Crisis Resolution Team for Information Security |
|
|
Information Security Task Force Committee |
|
For more details, please refer to “Information Security Policy and Management“.