Information Security Management

With the popularization of computer use and the booming development of the internet, rapid and significant impacts have been brought on humans, changing the lifestyle of people. 

Along with the information convenience comes the information security issues that concern all. Therefore, we must implement robust information security measures and invest in costs to ensure that we can enjoy the benefits of information convenience while safeguarding information security. This is the correct attitude to address information security issues and prepare ourselves for greater impacts and challenges in the future.

Information Security Policy

 

Our company operates in accordance with the procedures outlined in the Information Operations Cycle Manual, the Regulations Governing Information Security Organizations and Management, the Information Business Continuity Plan, and the Personal Data Protection Management Regulations. These procedures are aimed at maintaining the normal operation of our network information systems, ensuring the security of network information transmission and transactions, safeguarding the confidentiality and integrity of computer-handled data, and ensuring the security of data, systems, equipment, and networks.

Information Security Management Framework

Shih Wei Navigation has always placed great importance on information security and has established a cybersecurity management team. Chaired by the head of the IT department, the team includes compliant cybersecurity executives, dedicated cybersecurity personnel, and representatives from various departments who convene regularly to discuss and review various cybersecurity issues concerning the company.

Management and Implementation Methods

1. Computer Information Security Control

   For the control of data acquisition and maintenance, information system processing, computer equipment and system software, network system security, all the operations will be confirmed to be compliant with information security and relevant laws and regulations.

2. Personal Data and Confidentiality Management

   • In accordance with the Company’s Personal Data Protection Management Measures, the storage, distribution, transmission, and maintenance of personal data are strictly controlled to maintain the operational safety and interests of the Company. In addition, the Company’s competitive advantages, core technologies and control of business information will be strengthened.

   • The publicity and explanation will be strengthened to our associates in the education and training of new employees or when explaining the management regulations.

3. Strengthen the integration of the overall information system

4. Server Virtualization and enhanced security management

   The overall planning of the information system, hardware/software installation and maintenance, database backup and restoration drills, and the safety protection and control of systems are all well controlled. The server virtualization is introduced to achieve the effectiveness of environmental protection, energy conservation and reduction of maintenance costs by reducing the number of physical servers. Furthermore, the disaster prevention, information security, monitoring, notification mechanism, abnormality management and backup are strengthened, while training and regular drills are implemented.

5. Employee education and training is arranged from time to time for the employees to obtain relevant certificates. Through publicity and communication of information security concepts, employees can understand the importance of information security, which will enhance the employees’ awareness of information security and emergency response capabilities to make effective control of risks.

6. Regular internal and external audits are conducted for information circulation and information security to ensure the level of implementation of internal information security management measures so as to achieve continuous improvement of the control measures.

Ship Information Security

The Company is dedicated to the implementation of ship information security. The dedicated computer for Electronic Navigation Chart (ENC) and the data transmission are carried out through dedicated disk devices to avoid virus infection. In 2021, the update plan for the satellite network for ships started. By the end of 2023, it has been fully updated, with an achievement rate of 100%. With the network structure that can be online at all times, the anti-virus software can be updated in real-time to enhance security.In addition, with the firewall control of the ship and at the ground station, the network use of the ship can be more secure.

Investments in resources for
Information security management

In the fiscal year 2023, updates were carried out across various areas to enhance cybersecurity measures. This included updates to ship and employee computer hosts, antivirus software, email protection software and hardware maintenance, as well as updates to company websites and equipment in the data center, all aimed at continuously improving cybersecurity defenses.

Additionally, in the fiscal year 2021, an update plan was initiated for ship satellite systems and network equipment, firewall, and antivirus software. These updates were successfully completed in accordance with the plan by the fiscal year 2023.