Honesty and Integrity
Information Security
Information Security Risks Management Framework
OSE officially established the Information Security Governance Committee in August 2023 to guide, evaluate and monitor the company’s information security. The chief security officer(CSO) of OSE , approved by OSE board of directors, is the senior deputy general manager of the information center, who manages and reviews the information security system. An information security manager is also set to implement the security plan, inspection and improvement of OSE’s system.
Facing the severe Internet environment, the importance of information security has been highly increased. Therefore, OSE considered the future of information security regulations and situations, established the Information Security Management Department in November 2023, and set more than 2 coordinators according to Taiwan’s regulation, responsible of OSE’s information security affairs. The department’s duties include alarm management, vulnerability management, information security system and equipment management, incident monitoring, and identification of information security incidents, etc.
Information Security Management
OSE officially obtained ISO 27001:2022 certification in 2023 and passed the review in 2024 to continuously maintain the effectiveness of the information security management policy. OSE will continue to improve its information management capabilities according to this standard every year, reducing the impact of risks related to information security. In addition, in August 2023, we conducted a Business Impact Analysis (BIA) and proposed relevant recovery and improvement strategies based on the diagnosis and analysis results. These strategies were implemented and practiced in 2024 to shorten disaster recovery time, meet the needs of business continuity, and pragmatically assess relevant insurance information. The link to the ISO 27001:2022 certificate is as follow: OSE Certificate.
OSE information security’s dedicated unit regularly produces information security reports, reporting weekly to the Chief Information Security Officer (CISO), biweekly to the General Manager, and monthly by the CISO to the Chairman. The information security reports include but are not limited to network usage status, antivirus software detection status and anomaly handling, firewall detection and blocking records, and social engineering exercise results. In 2024, OSE did not experience any major information security incidents.
Information Security Achievements
