Information Security Management
Information Safety
Information Security Action Plans
The “Information Security Policy” and “Management Rules for Technical and Confidential Information” were drawn up by Winbond to protect confidential company information such as trade secrets and IP, and ensure proper protection of customer privacy. ISO 27001 ISMS was introduced in 2020 as part of Winbond’s information security management overhaul and certification was granted in February 2021.
Winbond in accordance with the implementation procedure for “Information Security Policy.” The body is responsible for the company’s information security control activities including recommendations, deployment, promotion, and audits. Regular meetings are convened to discuss and make decisions on information security topics in HR, physical security, information security, and logical security. Extraordinary meetings are held for major reforms or when an information security incident takes place. Winbond continues to communicate the importance of information security to employees through education, training and bulletins every year. Data protection exercises are also held at least once every 6 months by switching to the backup system for read/write testing.
To keep important company and product information secure, Winbond has strengthened our access control, security surveillance, information system access permissions management, as well as the recording and reviewing of access logs. Personnel and data access are both rigorously controlled to prevent unauthorized access and tampering as well as the theft and leakage of trade secrets and intellectual property.
Information Security Handling Process

|
|
|
|
2020 Information Security Management Performance
Information Security Education and Training | 2,667 people received information security training and completion rate was 100% |
2,531 people received Personal Information Protection Act training and completion rate was 100% | |
Information Security exercises | 1 social engineering training and test |
1 FAB virus exercise | |
1 vulnerability scan |
Passed High-Level Information Security Certification | |
In November 2015, Winbond ’s TrustMETM and its associating operating environment received EAL 5+ certification from the international organization Common Criteria. The certification indicated that Winbond ’s product information security controls complied with the requi rements of Common Criteria. Winbond was therefore certified to produce t rusted security products that comply with international standards for the protection of custo mer information and assets. Common Criteria ’s validation of TrustMETM memory products encompassed the Desig n & Development, Production, and Delivery phases. The new Jhubei bu ilding was commissioned in 2020 and a remote audit was conducted due to COVID-19. The audi t found that all of relevant procedures and environments met the requirements of Common Crit eria EAL 5+. |
Supplier Information Security Management
Permissions-based control has been implemented by Winbond through our internal information security system to protect the privacy of our suppliers. Physical documents are centrally stored in the purchasing document management database. Information security clauses are attached to all orders for information security management at our suppliers. Suppliers must conduct a self-assessment on information security management during the annual audit for review by Winbond’s Information Security department. An on-site audit is also conducted at suppliers every two years. During the 2020 supplier's conference, we invited suppliers to share their experience on preventive measures in information security and on information security management.
Information Security Clauses for Suppliers | |||||||
![]() |
|
Protection of Customer Privacy
Customer-related information are closely controlled by Winbond. All customer commercial information such as customer correspondence and data are retained in Winbond’s secure internal systems. The approval and authorization of internal personnel permissions all adhere to the relevant operating guidelines and procedures. All Winbond employees have been required to pass the “Information Security Awareness” course since 2013. The personal smartphones of employees at our Jhubei office building must all be registered and install a camera management that disables the camera on company premises to keep R&D and production data secure. Metal detectors are installed at the entrances of foundries and fabs to control the movement of IT devices on the production line; AI technology is used to manage contractor access to the site through facial recognition. These measures Winbond’s proper protection of customer privacy and defense against the theft or leakage of trade secrets and IP. The ISO 27001 Information Security Management System certification obtained in 2020 was used to improve the integrity of the information security system.
The EU “General Data Protection Regulation” (GDPR) took effect in May, 2018. Winbond has updated our website, reviewed our online membership details and made appropriate adjustments in accordance with the requirements of GDPR. The relevant regulations of GDPR were also incorporated into the Personal Information Protection Act online course.