In Line with International Information Security Standards

 

In 2023, Giant aimed to obtain ISO 27001 certification. The company actively introduced ISO 27001 information security standards as the policy direction for Giant's information security management. An "Information Security Policy" and related procedural guidelines were established for all employees to follow. 


In the promotion and implementation of information security management, the company primarily relied on the establishment of the Information Security Management System (ISMS) and related mechanisms. This involved various aspects such as organizational structure, education and training, asset management, and risk management to manage and protect the company's critical information. 

 

 

 

 

Information Security Guidelines
Information Security Responsible Unit

Giant's "Information Security Promotion Committee" is led by the President, who serves as the "Chief Information Security Officer" (CISO), and includes the "Information Security Officer" and members of the "Information Security Audit Team." The CISO is also responsible for appointing members to the "Information Security Execution Team" and the task-oriented "Emergency Response Team." These three teams are responsible for auditing, promoting, executing, and advocating for Giant's information security management system, as well as handling and responding to security incidents. 

 

 

 

Information Security Risk Management

To effectively manage the risks associated with Giant's Information Security Management System (ISMS), the company established the "Risk Assessment and Management Procedure" in 2023.

Identification of Assets and Assessment of Asset Value.

 

 

Identification of Risks and Risk Assessment.

 

 

Calculation of Risk Values and Determination of Acceptable Risk Levels.

 

 

Risk Management.

 

 

Follow-up and Residual Risk Management.

 

 

 

 

Information Security Education and Training

Planned by the "Information Security Execution Team." Both internal and external personnel are required to participate in relevant training based on their job responsibilities. In 2023, Giant established the "Personnel Security and Education Training Procedure," which outlines the content, frequency, required training hours, and evaluation standards for information security training courses. The company is actively planning the implementation of these training programs. 

 

 

 

 

Software and Hardware Control

 

 

 

 

 

Information Security Incident Reporting Procedure

Giant employees are required to promptly report any security incidents to the responsible unit. The unit will assess whether the incident is a security issue and decide whether to report the findings to the discoverer or escalate the matter to the Chief Information Security Officer. Incidents are classified into four levels based on their severity and the impact on the company. Depending on the severity, the "Business Continuity Plan" may be activated, or the incident may be handled through standard procedures. After the incident is resolved, relevant regulations and operational procedures are reviewed to prevent similar incidents from recurring. Regular statistics and analysis of security incidents are conducted to reduce the frequency and impact of future incidents. 

 

 

 

diagram.png
Contact Us
info@jia-yun.com.tw
Download
Download
Latest Sustainability Report

External Link Disclaimer

You are about to leave Giant’s website. We have provided this link as a courtesy, but it is no way an endorsement by Giant, and we are responsible for its content. Please understand that when you leave our site, our Privacy Policy is no longer in effect.

Continue Close