Sorry,Website just for Viewing in portrait mode,Thank you.
Loading...
Loading...
Top

Personal Information Security and Privacy Protection

The company introduced the "ISO/IEC 27001 Information Security Management System" in order to protect the security of consumers' personal data, as well as passing the new version of BS 10012 and ISO/IEC 29100 privacy protection certification.

Set up a personal data and information security committee, with a 5G Chief Information Security Officer (CISO) as the Chairman who is responsible for establishing and maintaining the organization’s vision, strategy, and program to ensure information assets and technologies are well protected. We continue to invest a large amount of resources to strictly implement various management and control requirements, conduct internal and external audits every six months, review the implementation, and ensure the management standards. Its operations are as follows:

  1. Committee member configuration: the General Manager can assign Chairman of Committee and the Chief Executive Officers of each functional organization shall assign committee members.
  2. Meeting frequency: At least once every quarter. In case of major issues, a meeting is convened with the consent of the Chairman.
  3. The operation of all groups subordinate to the committee:
    • Operation maintenance team implements and researches and develops the personal information and information security measures, and holds a meeting at least quarterly.
    • Internal audit team is composed of the colleagues with the audit certificate and carries out internal audit every six months.
    • Emergency response team is composed of the related personnel convened by the Chairman of Committee according to the nature of the incident.
    • 5G information security team: Appointed by top managers from 5G technology and operations.

Planning of the four aspects - external defense of hackers-establishment of intrusion prevention, internal defense of loss-handling of data loss prevention surveillance, absorbing system planning establishment into security evaluation-establishment of system development security specification, system operating maintenance and monitoring precaution personnel information and information security incident-establishment of information security monitoring and control center in order to implement the user personnel data and internal sensitive information protection.

In the event that a request for customer information received from government or law enforcement agencies, TWM inspects and confirms whether such request complies with legal procedure and conditions, including but not limited to “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications Communication Record”, “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications User Information” and any other related regulations stipulated by the competent authority. If such request is not complied with legal procedure or conditions, TWM will refuse the request. We always do our best effort to maintain the balance between the protection of customer information /privacy and lawful assistance for public safety. Therefore, the percentage that TWM provides the customer information to response the request from the government or law enforcement agencies is 99.96%.