Information Security Policy
Company Information Security Policy
- Ensure the confidentiality of the company’s trade secret (Business secret) and customer data
- Ensure the availability and integrity of the information applications of the core business operations and their support services and equipment
- Ensure the effectiveness and sustainability of the information security management mechanism
Information Security Policy Statement
In order to ensure the sustainable development of the company and fulfill customer commitments, the company had established the company’s information security policies, operating procedures and methods to improve information risk management, strengthen information security management mechanisms, implement information security protection, and improve the level of information security. Make relevant personnel and important partners of the company’s offices following these rules.
Information Security Organization and Responsibilities
- MPI set up an Information Security Organization to handle matters relating to information security and crisis management so as to prevent leakage of business secrets of not only our own, but also those of global partners and our precious customer base. When an emergency occurs, MPI will respond quickly and restore normal operation in the shortest and safest time possible to reduce damages that may occur.
- The Information Security Organization consists of the General Manager, the Information Security Committee, the Management Representative, the Information Security Incident Response, the Information Security Implementation Teams, and the Departmental Information Security Representatives. It also consults with external scholars, experts, and civil professional organizations to strengthen cooperation and experience.
-
- The General Manager serves as the convenor of the information security organization, assigning the Management Representative to oversee the operations of the Information Security Management System. The Management Representative reports to the convenor and the Information Security Committee on the execution details, including the annual operation of the Information Security Management System, plans, and other suggestions or ad hoc proposals.
- In 2023, the dedicated information security personnel are scheduled to convene 25 fortnightly information security meetings, report to the management representative, hold one information security management review meeting, and conduct one board meeting to assess the effectiveness of information security operations.
| Organization Name | Description of responsibility and authority |
|---|---|
| Convenor | Served by the General Manager, responsible for the approval, endorsement, and supervision of information security policies, the allocation and coordination of security responsibilities, and the oversight of information security operational effectiveness. |
| Management Representative | Served by the General Manager, this role is responsible for the approval, endorsement, and supervision of information security policies, along with the allocation and coordination of security responsibilities, and the oversight of the operational effectiveness of information security. |
| Information Security Committee | Comprising divisional managers from each business group as members, this team is responsible for coordinating the division of responsibilities for cross-unit information security matters and facilitating the discussion of annual information security objectives and plans. |
| Information Security Incident Response Team | Responsible for responding to information security incidents, coordinating with relevant units, and handling various aspects of information security. This includes developing and managing policies, plans, and measures, as well as evaluating, researching, and implementing security technologies. |
| Information Security Implementation Team | Responsible for continuously improving the operations of the information security system, coordinating planning efforts, and collaborating with representatives from various units to complete related operational tasks. |
| Departmental Information Security Representatives | Assigned by each department as seed personnel, they are responsible for carrying out the operations of the information security system in accordance with their duties. |
Based on ISO 27001 principles, MPI established an Information Security Management System with formal information security risk assessment and management processes. After establishing the above policies, procedures, and other security measures, MPI can ensure the appropriateness and effectiveness while continuously reviewing and evaluating cyber security regulations and procedures. In addition, our staff receive regular ongoing training in cyber security to maintain MPI’s leadership in security management.
