Information Security

The Company's information security policy aims to ensure smooth company operations, integrity of information data, and the safety of corporate secrets to protect the company's reputation and maintain the credibility of delivering client projects.

Information Security Policy


The implementation of information security work at WITS (Wistron ITS) is fundamentally key to providing a stable and sustainable information environment for the company. To ensure that various information security management systems of the Company are thoroughly implemented, effectively operated, supervised, and continuously improved, we strive to protect the confidentiality, integrity, and availability of various forms of information generated in operations, ensuring they are safe from malicious or accidental intrusions, destruction, and leaks. Information assets are critical for the continuity of the Company's daily operations. Protecting information assets based on their importance with different priority levels and in conjunction with the implementation of the Company's information security work is essential for the effective use of resources and achieving the maximum effect of information security. The Company's information security policy aims to ensure smooth company operations, integrity of information data, and the safety of corporate secrets to protect the company's reputation and maintain the credibility of delivering client projects.



Policy Objectives

  1. Operational aspect: Preventing the occurrence of information security risks and mitigating the impact of information security incidents.
  2. Confidentiality aspect: Ensuring data confidentiality is not breached and preventing improper use and access.
  3. System aspect: Enhancing the availability of information equipment and systems to ensure normal operation of information systems.
  4. Awareness aspect: Ensuring all employees understand their responsibilities and obligations regarding the information security system.



Information Security Management System


The Company's Information Security Management System (ISMS) is based on the continuous improvement P.D.C.A. cycle process management model established by the International Standards Organization, integrating and strengthening the information security management system. It establishes a systematic, documented, and institutionalized management mechanism. Through continuous supervision and review of management performance, we implement the concept of information security management and business continuity, ensuring the confidentiality, integrity, and availability of the Company’s information assets. We comply with relevant legal and regulatory requirements, protecting them from internal and external deliberate or accidental threats, while safeguarding the rights and interests of the Company's employees and clients, achieving the following purposes:

  1. Implementing the information security management policy.
  2. Complying with regulatory requirements.
  3. Strengthening information security response capabilities.
  4. Cultivating professional capabilities of information personnel in information security.
  5. Achieving effective measurement indicators for information security management.

WITS obtained the international standard ISO/IEC 27001:2005 certification for its information security management system in December 2008 and upgraded to ISO/IEC 27001:2022 certification in 2023. This demonstrates WITS’ continuous efforts and commitment to improving performance in the field of information security. To ensure the company's implementation of the ISO 27001 management mechanism, we also carry out the recertification process every three years. The current certification is valid until December 17, 2026, maintaining an effective ISO 27001 certification.