Information Security and Personal Data Protection | Realizing Sustainability Governance | Common Good | Shin Kong Life Sustainability

Realizing Sustainability Governance

Shin Kong Life understands that only by treating each other with sincerity and establishing a complete mechanism for corporate governance, risk management, and information security can it operate in a stable manner, provide protection for many families, and protect each and every policyholder in a solid manner.

Information Security and Personal Data Protection

Information security strategy and resource investment

SKL is committed to providing customers with a sense of security and continuously promoting a culture of information security. In order to build a solid and trustworthy financial information security system, we have developed information security strategies from three aspects: "pre-incident protection", "during incident response" and "post-incident recovery". SKL continues to invest in building a complete information infrastructure, implementing information security management, monitoring, protection and other related budgets.

Information security action plan

  • Bolstering information security management
  • Strengthening talent cultivation
  • Strengthening talent cultivation
  • Customer data protection
  • Major scenario simulation drills

Information security incident reporting and handling

SKL has formulated the "Emergency Reporting Regulations", "Guidelines for Information Security Incident Reporting and Response Management", "Guidelines for Response to Personal Information Breaches", and other internal regulations, which stipulate that notification of a data security incident or personal information breach shall be completed on the same day to facilitate prompt response and handling. In the event of a material information security incident, relevant departments will be invited to convene emergency response meetings. If a personal information breach incident jeopardizes the rights and interests of a large number of parties, an external expert will be commissioned to conduct overall diagnosis and review of the mechanism on corrective and preventive measures.

Raise awareness of data security protection

2024 Information Security Themed Event Held

28

In addition to the legally required 3 hours of basic information security awareness training for employees every year, through the virtual-physical integration and diversified methods, SKL focuses on personal data protection and adds themed case studies; in 2024, a total of 28 themed activities were completed, with a training completion rate of 100%.

SDGs