Information Security Management
Information Safety
Information Security Action Plans
The “Information Security Policy” and “Management Rules for Technical and Confidential Information” were drawn up by Winbond to protect confidential company information such as trade secrets and IP, and ensure proper protection of customer privacy. ISO 27001 ISMS was introduced in 2020 as part of Winbond’s information security management overhaul and certification was granted in February 2021.
Winbond in accordance with the implementation procedure for “Information Security Policy.” The body is responsible for the company’s information security control activities including recommendations, deployment, promotion, and audits. Regular meetings are convened to discuss and make decisions on information security topics in HR, physical security, information security, and logical security. Extraordinary meetings are held for major reforms or when an information security incident takes place. Winbond continues to communicate the importance of information security to employees through education, training and bulletins every year. Data protection exercises are also held at least once every 6 months by switching to the backup system for read/write testing.
To keep important company and product information secure, Winbond has strengthened our access control, security surveillance, information system access permissions management, as well as the recording and reviewing of access logs. Personnel and data access are both rigorously controlled to prevent unauthorized access and tampering as well as the theft and leakage of trade secrets and intellectual property.
Information Security Handling Process
|
|
|
|
2022 Information Security Management Performance
Information Security Education and Training | Monthly issuance of information security advocacy |
Quarterly information security education and training (social engineering training) | |
Information Security Performance management | Implementation rate of social engineering education and training courses reached more than 97% |
A total of 7 information security advocacy were issued | |
A total of 7 new systems were launched in 2022, the high-risk code correction and improvement rate was 100%, and the program coverage rate of source code scanning was 100% |
Passed High-Level Information Security Certification | |
In November 2015, Winbond ’s TrustMETM and its associating operating environment received EAL 5+ certification from the international organization Common Criteria. The certification indicated that Winbond ’s product information security controls complied with the requi rements of Common Criteria. Winbond was therefore certified to produce t rusted security products that comply with international standards for the protection of custo mer information and assets. Common Criteria ’s validation of TrustMETM memory products encompassed the Desig n & Development, Production, and Delivery phases. The new Jhubei bu ilding was commissioned in 2020 and a remote audit was conducted due to COVID-19. The audi t found that all of relevant procedures and environments met the requirements of Common Crit eria EAL 5+. |
Supplier Information Security Management
Permissions-based control has been implemented by Winbond through our internal information security system to protect the privacy of our suppliers. Physical documents are centrally stored in the purchasing document management database. Information security clauses are attached to all orders for information security management at our suppliers. Suppliers must conduct a self-assessment on information security management during the annual audit for review by Winbond’s Information Security department. An on-site audit is also conducted at suppliers every two years. During the 2020 supplier's conference, we invited suppliers to share their experience on preventive measures in information security and on information security management.
Information Security Clauses for Suppliers | |||||||
|
Protection of Customer Privacy
Winbond Electronics strictly manages customer information. All business information, such as documents and information on customer interactions, are stored in Winbond’s internal highly-protected system. Winbond approves and release work access rights for our employees based on the relevant operational guidelines and procedures. In order to ensure that the Winbond is able to protect customer privacy and prevent business secrets and intellectual property rights from being stolen or leaked, Winbond has in 2022 obtained the ISO 27001 Information Security Management Systems certification, establishing a comprehensive information security protection system.
Winbond Electronics has already made the required adjustments to remain compliant with the European Union’s General Data Protection Regulations (GDPR) which came into effect in May 2018, amending the Winbond’s official website and re-inspecting the information of all website members. The GDPR has also been included in online courses on the Personal Data Protection Act. In 2022, 3,052 employees participated in these training courses, where 100% of them passed the training exam. In total, 1,526 training hours were provided.
In 2022, Winbond continued to have no reported incidents where Winbond violated customer privacy or lost customer information, or where Winbond was fined for violating product liability laws and regulations.