Through hardware architecture planning, software development design, and the execution of information system cycles, BES protects the confidentiality, integrity, availability, and legality of internal data. These efforts are intended to prevent threats from external illicit network attacks. Internal and external review mechanisms are employed to ensure the Company’s information security, thereby enhancing customer confidence in the Company.
The information security management policy of the Company uses ISO 27001 as the reference, which perfects the requirement of all control fields based on international standards, for the basic control measure of daily operation for protecting Company data. The Company also further ensures the completeness of the information security management framework to meet the requirements of customers, clients and related laws and regulations as well as the latest development of the information business.
1. Personnel Management
Through continuous training, awareness of information security is enhanced among employees and internalized into various operations, thereby implementing human-centered information security at its core.
2. Information Security Monitoring
Regularly update firewall device firmware and blocking rule settings. Through the joint monitoring of the Security Monitoring Center, both internal and external abnormal activities are observed to establish a robust security barrier.
3. Process Management
Segregate software development responsibilities and program modification processes through information system cycles. Manage system documentation, program and data access control to ensure data preservation and proper information security management.
4. Internal Control Management
Conduct regular information cycle and information security audits by the internal audit unit each year to ensure the implementation of internal security measures and the continuous improvement of control measures.
5. External Audits
Engage external audit organizations to conduct annual audits on information processes, information security controls, and third-party recommendations, thereby optimizing and enhancing information security year by year.
6. Regular Reporting
The personnel reports the implementation of information security management project to the Board of Directors and conducts reviews on a regular basis.
Apart from the regular information security measure, different risk management measures are applied based on different risk levels to ensure the information security of the Company.
・ Rigorously execute data backup plans
・ Regularly update the Company’s business continuity plan
・ Perform disaster response drill on a regular basis
Through hardware architecture planning, software development design, and the execution of information system cycles, BES protects the confidentiality, integrity, availability, and legality of internal data. These efforts are intended to prevent threats from external illicit network attacks. Internal and external review mechanisms are employed to ensure the Company’s information security, thereby enhancing customer confidence in the Company.
The information security management policy of the Company uses ISO 27001 as the reference, which perfects the requirement of all control fields based on international standards, for the basic control measure of daily operation for protecting Company data. The Company also further ensures the completeness of the information security management framework to meet the requirements of customers, clients and related laws and regulations as well as the latest development of the information business.
1. Personnel Management
Through continuous training, awareness of information security is enhanced among employees and internalized into various operations, thereby implementing human-centered information security at its core.
2. Information Security Monitoring
Regularly update firewall device firmware and blocking rule settings. Through the joint monitoring of the Security Monitoring Center, both internal and external abnormal activities are observed to establish a robust security barrier.
3. Process Management
Segregate software development responsibilities and program modification processes through information system cycles. Manage system documentation, program and data access control to ensure data preservation and proper information security management.
4. Internal Control Management
Conduct regular information cycle and information security audits by the internal audit unit each year to ensure the implementation of internal security measures and the continuous improvement of control measures.
5. External Audits
Engage external audit organizations to conduct annual audits on information processes, information security controls, and third-party recommendations, thereby optimizing and enhancing information security year by year.
6. Regular Reporting
The personnel reports the implementation of information security management project to the Board of Directors and conducts reviews on a regular basis.
Apart from the regular information security measure, different risk management measures are applied based on different risk levels to ensure the information security of the Company.
・ Rigorously execute data backup plans
・ Regularly update the Company’s business continuity plan
・ Perform disaster response drill on a regular basis