Information Security and Privacy Protection
Information Security and Privacy Protection
- 8
Information Security
In order to ensure the confidentiality, integrity, usability and legality of information assets, Qisda formulates the Information Security Policy in accordance with the ISO 27001 international information security standards, forms an information security management committee, and organizes information security online education courses for all employees to improve colleagues’ information security awareness. We have maintained a SecurityScorecard score of over 95 in the past three years (out of 100; the average score in the industry is 85).
In order to reduce the loss of the company,Qisda has taken out corporate information security risk management insurance with insurance claims for related expenses (such as operation interruption, forensics) when information security incidents occur.
Information security risk analysis
Privacy Protection
Qisda values and strives to protect privacy and personal data.Referencing to local laws and regulations related to protection of the right to privacy of each operation location along with the EU “General Data Protection Regulation (GDPR),” we have established the Privacy Policy of Qisda Corporation to protect all personal data.We also required the subsidiaries, joint ventures, suppliers, contractors, external consultancies and subcontractors to meet the policies in the hope of protecting the right of the personal data owner.
In 2023, no complaint was received due to the occurrence of incidents related to data loss or leak.
Personal data leaks
Customer Privacy Management Framework
Data Protection
- Access rights are established, and access to data by unrelated personnel requires approval through supervisor endorsement before partial permissions are granted.
- Documents downloaded are labeled with the word 'Confidential' to remind users of their sensitive nature.
Internal Controls
- Periodically educate employees on the importance of information security.
System Management
- Customers with account credentials can access system website data but only within the scope of relevant business.
- New account passwords are sent to customers through system-generated messages, ensuring that internal personnel do not have access to them. This ensures that the account is used solely by the applicant.
Number of complaints about personal data leaks | 2023 | 2022 | 2021 | 2020 |
|---|---|---|---|---|
External agency | 0 | 0 | 0 | 0 |
Customers reflection | 0 | 0 | 0 | 0 |
Unit:Number of complaints
Want to know more detailed content?
Read Report Contents