Information Safety

Information Security Management

Information Safety

Information Security Action Plans

The “Information Security Policy” and “Management Rules for Technical and Confidential Information” were drawn up by Winbond to protect confidential company information such as trade secrets and IP, and ensure proper protection of customer privacy. ISO 27001 ISMS was introduced in 2020 as part of Winbond’s information security management overhaul and certification was granted in February 2021.

ISO 27001 Information Security Management system  
Winbond conducted an inventory of each unit’s information assets in 2020 based on theISO 27001:2013 Information Security Management structure. These included a risk assessment, consolidation of all internal controls and existing documentati on, establishment of a complete information secur ity environment, an d compliance with all of the standard’s requirements. Certification by an external body was obtained in February 25th, 2021(Valid date of certification:2024/2/24). Winbond is continuing to pursue the three main goals in information security :
(Confidentiality) ‒ Data
(Integrity) ‒ Data and Systems
(Availability) ‒ Systems and Services

Winbond in accordance with the implementation procedure for “Information Security Policy.” The body is responsible for the company’s information security control activities including recommendations, deployment, promotion, and audits. Regular meetings are convened to discuss and make decisions on information security topics in HR, physical security, information security, and logical security. Extraordinary meetings are held for major reforms or when an information security incident takes place. Winbond continues to communicate the importance of information security to employees through education, training and bulletins every year. Data protection exercises are also held at least once every 6 months by switching to the backup system for read/write testing.

To keep important company and product information secure, Winbond has strengthened our access control, security surveillance, information system access permissions management, as well as the recording and reviewing of access logs. Personnel and data access are both rigorously controlled to prevent unauthorized access and tampering as well as the theft and leakage of trade secrets and intellectual property.

Information Security Handling Process

Information Security Handling Process
  • Coordinate the response to information security events (cross-department coordination and release of public information)
  • Direct the appropriate level of responses to the information security event, and report to the superior based on the information security event level
  • Conduct an information security meeting every quarter to review performance
  • Once an event report received, assess the scope and severity of impact
  • Carry out information security incident report procedure
  • Isolate problem system and devise solution
  • Report to superior once event has been resolved
  • Assess and analyze the cause of the event then devise a preventive strategy
  • Provide resources and solutions

2022 Information Security Management Performance

Information Security Education and Training Monthly issuance of information security advocacy
Quarterly information security education and training (social engineering training)
Information Security Performance management Implementation rate of social engineering education and
training courses reached more than 97%
A total of 7 information security advocacy were issued
A total of 7 new systems were launched in 2022, the high-risk code correction and improvement rate was 100%, and the program coverage rate of source code
scanning was 100%
Passed High-Level Information Security Certification  
In November 2015, Winbond ’s TrustMETM and its associating operating environment received EAL 5+ certification from the international organization Common Criteria. The certification indicated that Winbond ’s product information security controls complied with the requi rements of Common Criteria. Winbond was therefore certified to produce t rusted security products that comply with international standards for the protection of custo mer information and assets. Common Criteria ’s validation of TrustMETM memory products encompassed the Desig n & Development, Production, and Delivery phases. The new Jhubei bu ilding was commissioned in 2020 and a remote audit was conducted due to COVID-19. The audi t found that all of relevant procedures and environments met the requirements of Common Crit eria EAL 5+.

securitySupplier Information Security Management

Permissions-based control has been implemented by Winbond through our internal information security system to protect the privacy of our suppliers. Physical documents are centrally stored in the purchasing document management database. Information security clauses are attached to all orders for information security management at our suppliers. Suppliers must conduct a self-assessment on information security management during the annual audit for review by Winbond’s Information Security department. An on-site audit is also conducted at suppliers every two years. During the 2020 supplier's conference, we invited suppliers to share their experience on preventive measures in information security and on information security management.

Information Security Clauses for Suppliers  
ISO Products delivered by suppliers should not harbor potential information security threats such as viruses, back doors or Trojan horses that may impact Winbond operations.
The necessary patches and safety updates must be provided to ensure that are no information security vulnerabilities.
If there is an information security event, a swift and effective solution must be provided. Corrective and prevention measures must also be proposed to minimize the damage.

security Protection of Customer Privacy

Winbond Electronics strictly manages customer information. All business information, such as documents and information on customer interactions, are stored in Winbond’s internal highly-protected system. Winbond approves and release work access rights for our employees based on the relevant operational guidelines and procedures. In order to ensure that the Winbond is able to protect customer privacy and prevent business secrets and intellectual property rights from being stolen or leaked, Winbond has in 2022 obtained the ISO 27001 Information Security Management Systems certification, establishing a comprehensive information security protection system.

Winbond Electronics has already made the required adjustments to remain compliant with the European Union’s General Data Protection Regulations (GDPR) which came into effect in May 2018, amending the Winbond’s official website and re-inspecting the information of all website members. The GDPR has also been included in online courses on the Personal Data Protection Act. In 2022, 3,052 employees participated in these training courses, where 100% of them passed the training exam. In total, 1,526 training hours were provided.

In 2022, Winbond continued to have no reported incidents where Winbond violated customer privacy or lost customer information, or where Winbond was fined for violating product liability laws and regulations.

Contact us

Copyright © Winbond All Rights Reserved.

This website uses cookies to ensure you get the best experience on our website. Learn more