Process and Infrastructure
GC has established an information security management system that also includes data privacy that have been audited and certified according ISO/IEC 27001:2022 and ISO/IEC 27701:2019.
GC also conducts reviews and audits systems and practices relating to information security and data privacy management by an internal audits function at least four times per year and external audits (a third-party entity) on an annual basis to test for vulnerabilities in information security. Based on the assessment of the past year, GC’s information and cyber processes and infrastructures were in compliance with relevant standards while no non-conformities were detected. In addition, the Company performs information security vulnerability testing at least once a month and conducts penetration testing at least once a year.
Moreover, GC has managed and organized cyber threats with NIST framework to enhance cybersecurity for entire organization. The NIST could be divided in the following six aspects.
NIST Framework and Outstanding Information and Cybersecurity Projects in 2024
No. | Process | Detail |
---|---|---|
1. | Govern |
|
2. | Identify | Develop a project to assess the cybersecurity framework for third-party management in order to evaluate the governance standards for external service providers involved in the use, connection to, or access of the company’s information systems. This will be benchmarked against the draft Third-Party Management guidelines issued by the National Cybersecurity Agency (NCSA). |
3. | Protect |
|
4. | Detect |
|
5. | Respond | GC continuously enhances its preparedness for abnormal situations by conducting crisis management and business continuity exercises. These exercises simulate corporate-level Information Technology (IT) and Operational Technology (OT) security attack scenarios. In addition, the Company regularly reviews and updates its Cybersecurity Incident Response Plan to ensure effective response and mitigation of potential incidents. |
6. | Recover |
|
Information & Cybersecurity Performance
Year | Target | |||||
---|---|---|---|---|---|---|
2021 | 2022 | 2023 | 2024 | 2024 | ||
No. of cybersecurity incidents | 0 | 0 | 0 | 0 | 0 | |
No. of complaints about information insecurity | 0 | 0 | 0 | 0 | 0 | |
Total Number of Information Security Breach | 0 | 0 | 0 | 0 | 0 | |
Total number of clients, customers and employees affected by the breach | 0 | 0 | 0 | 0 | 0 |