Information Security Management

With the popularization of computer use and the booming development of the internet, rapid and significant impacts have been brought on humans, changing the lifestyle of people. 

Along with the information convenience comes the information security issues that concern all. Therefore, we must implement robust information security measures and invest in costs to ensure that we can enjoy the benefits of information convenience while safeguarding information security. This is the correct attitude to address information security issues and prepare ourselves for greater impacts and challenges in the future.

Information Security Policy

 

The Company maintains the normal operation of the network information system, ensures the security of network information transmission of transactions, and secures the confidentiality and integrity of computer processing data for the security of information, system, equipment and network and follows the regulations of the Computer Processing Operation Cycle Procedure.

Information Security Management Framework

Shih Wei Navigation has always placed great importance on information security, an internal information security management team is established, with the head of the Administration Department as the convener, and the members are composed of the head of each department and the personnel in the IT Office. Discussion and review on various information security issues of the Company are regularly conducted. In addition, we also actively recruit full-time (part-time) information security supervisors and personnel.

Management and Implementation Methods

1. Computer Information Security Control

   For the control of data acquisition and maintenance, information system processing, computer equipment and system software, network system security, all the operations will be confirmed to be compliant with information security and relevant laws and regulations.

2. Personal Data and Confidentiality Management

   • In accordance with the Company’s Personal Data Protection Management Measures, the storage, distribution, transmission, and maintenance of personal data are strictly controlled to maintain the operational safety and interests of the Company. In addition, the Company’s competitive advantages, core technologies and control of business information will be strengthened.

   • The publicity and explanation will be strengthened to our associates in the education and training of new employees or when explaining the management regulations.

3. Strengthen the integration of the overall information system

4. Server Virtualization and enhanced security management

   The overall planning of the information system, hardware/software installation and maintenance, database backup and restoration drills, and the safety protection and control of systems are all well controlled. The server virtualization is introduced to achieve the effectiveness of environmental protection, energy conservation and reduction of maintenance costs by reducing the number of physical servers. Furthermore, the disaster prevention, information security, monitoring, notification mechanism, abnormality management and backup are strengthened, while training and regular drills are implemented.

5. Employee education and training is arranged from time to time for the employees to obtain relevant certificates. Through publicity and communication of information security concepts, employees can understand the importance of information security, which will enhance the employees’ awareness of information security and emergency response capabilities to make effective control of risks.

6. Regular internal and external audits are conducted for information circulation and information security to ensure the level of implementation of internal information security management measures so as to achieve continuous improvement of the control measures.

Ship Information Security

The Company is dedicated to the implementation of ship information security. The dedicated computer for Electronic Navigation Chart (ENC) and the data transmission are carried out through dedicated disk devices to avoid virus infection. In 2021, the update plan for the satellite network for ships started. By the end of 2023, it has been fully updated, with an achievement rate of 100%. With the network structure that can be online at all times, the anti-virus software can be updated in real-time to enhance security.In addition, with the firewall control of the ship and at the ground station, the network use of the ship can be more secure.

Investments in resources for
Information security management

In 2022, the Company invested approximately NT$1.8 million in ship computers, employee computer hosts, anti-virus software updates, mail security software and hardware maintenance, and the Company's website, and approximately NT$800 thousand in server room equipment updates and virtualization. The Company's IT office staff participated in cyber security engineer training courses of Industrial Technology Research Institute and obtained relevant certificates this year.

Additionally, the Company also started the update program for the ship's satellite system, network equipment, firewall, and anti-virus software in 2021. The Company had completed the program for 11 ships in 2021 ,and  16 ships in 2022 at a cost of about US$20 thousand per ship.

In addition to the annual internal control audit conducted by the Auditing Office, the Company also conducts annual information security circulation audit through the CPA firm, and responds with improvement actions according to the recommendations in the report.