GC has established an information security management system and asset security practices that have been audited and certified according to international cyber-related standards, especially ISO/IEC 27001:2022 and ISO/IEC 27701:2019. These supplementary standards cover the security of personal information in terms of external recruitment process to build confidence in security and protection of personal rights for job applicants.

GC also conducts reviews and audits systems and practices relating to information security and personal data management by a third-party entity on an annual basis. Based on the assessment of the past year, GC’s information and cyber processes and infrastructures were in compliance with relevant standards while no non-conformities were detected.

Moreover, GC has managed and organized cyber threats with NIST framework to enhance cybersecurity for entire organization. The NIST could be divided in the following five aspects.

NIST Framework and Outstanding Information and Cybersecurity Projects in 2023

No. Process Detail
1. Identify

GC conducted an evaluation of cyber security controls in accordance with the Zero Trust Security in collaboration with Microsoft using the CIS Control Framework and Microsoft Security SOM Model. GC obtained a CIS Maturity score of 3.2 out of 4. The average scores of the general industry category and the factory category are 3 and 2, respectively.

2. Protect
  • GC has installed the Web Application Firewall (WAF) to increase security and reduce the risk of being attacked by any ill-intentioned parties, providing both on-premise and cloud protection.
  • GC has developed the Cybersecurity E-learning to support and encourage employees to learn about cybersecurity. 99% of employees were able to finish the course within 2 months.
  • GC has developed the Phishing Test Campaign to assess awareness and knowledge in dealing with cyber threats through a total of 10 Phishing Email tests. Compared to 2022, the phishing rate dropped by 0.56% while the reporting rate upon encountering phishing emails rose by 4.21%.
3. Detect GC has installed the Attack Surface Management system to detect and analyze the likelihood of being attacked via GC’s service channels which are accessible from the internet.
4. Respond GC has performed the Corporate Crisis Management Exercise on both the Information Technology (IT) and Operational Technology (OT) systems by simulating a ransomware attack.
5. Recover
  • GC has conducted Backup & Recovery drills twice a year and was able to meet the data recovery target.
  • GC has made preparations for and initiated the Cybersecurity Insurance

Information & Cybersecurity Performance

Year Target
2020 2021 2022 2023 2023
No. of cybersecurity incidents 0 0 0 0 0
No. of complaints about information insecurity 0 0 0 0 0
Total Number of Information Security Breachee 0 0 0 0 0
Total number of clients, customers and employees affected by the breaches 0 0 0 0 0