- 繁中

About TCC
Low-Carbon Construction Materials
- Global Carbon Competitiveness
- R&D and Certifications
- Low-carbon Products
  Portland Limestone Cement
  
  Portland Limestone Cement Concrete
  
  Product Attributes & Safety
  
  Ultra-High Performance Concrete (UHPC)
  
  UHPC EnergyArk
- Performances of Low-carbon Products
  TCC C. F. Koo Building
  
  Performance of Low-Carbon Construction Materials
- CIMPOR
- OYAK
Resource Recycling
Green Energy
AI Transformation
ESG
Investors
Investors Overview
- Financial Information
  Financial Statements
  
  Annual Report
  
  Investor Conference
  
  Event Calendar
  
  Simplified Tender Offer for NHOA Shares
- Equity Investor
  Stock Price Information
  
  Dividend Distribution
  
  Shareholders' Meeting
  
  Research-Reporting Brokers
  
  Market Observation Post System
- Bond Investor
  Debt Summary
  
  Credit Rating Summary
  
  Sustainable Finance
- Corporate Governance
  Management Team
  
  Board of Directors
  
  Director Profiles
  
  Director's Professional Knowledge and Independence Status
  
  Board Performance Evaluation
  
  Board Member Diversity
  
  Functional Committees
  
  Audit Committee
  
  Remuneration Committee
  
  Risk Management Committee
  
  Corporate Sustainable Development Committee
  
  Nomination Committee
  
  Information Security Management Committee
  
  Communications Between the Independent Directors and CPAs
  
  Management Team Remuneration Policy
  
  Corporate Governance Operations
  
  Corporate Governance Status
  
  Appointment of Corporate Governance Officer
  
  Internal Audit
  
  Employee Training Courses
  
  Risk Management
  
  Ethical management
  
  Information Security
  
  Intellectual Property Rights
  
  Company Regulations
- Contact Us
  Basic FAQ
  
  Investor Relations Contact
Recruitment
Recruitment Overview
Latest News

Search

Information Security

Information Security Policy & Purpose

In the face of business competition and globalization, information security and the protection of operational data are important cornerstones for sustainable development and maintaining core competitiveness. To ensure the stability, security, and availability of information systems, TCC is committed to strengthening information security management mechanisms and defense capabilities, establishing a secure and reliable computerized operating environment, ensuring the security of systems, data, equipment, and networks to protect the Company's important information assets and ensure the normal operation of information systems.

TCC Group Information Security Policy

Personal Data Protection and Management Policy

The Scope and Target of Information Security

Applicable to all domestic and overseas subsidiaries and other entities under TCC’s effective control, and applying to every site employee and any outsourced, contracted, or dispatched vendor with access to internal information.

Information Security Management Framework

Applicable to all domestic and overseas subsidiaries and other entities under TCC’s effective control, and applying to every site employee and any outsourced, contracted, or dispatched vendor with access to internal information.

	Establish an information security management system and cross-departmental information security committee In 2020, TCC established and implemented an information security management system based on the ISO/IEC 27001:2013 international standard, adopting the PDCA cycle operation model. The President convened and formed a cross-departmental Information Security Management Committee, which meets annually to review the effectiveness of information security planning and implementation, make key decisions, and coordinate the necessary resource allocation. In 2024, it was elevated to a functional committee, and report to the BOD. The committee comprises three independent directors, including Ruu-Tian Chang, who brings expertise in cybersecurity and AI.
	Information Security Management Team Under the Information Security Management Committee, an Information Security Management Team is established, which is mainly responsible for planning, establishing, implementing, maintaining, reviewing, and continuously improving the information security management system, and reporting related issues to the Information Security Management Committee.
	Regular reviews and reporting The Information Security Management Team regularly meets to review implementation and annually reports the results and reviews to the Board of Directors.
	Strengthen information security system On April 11, 2022, the Board of Directors resolved and announced the establishment of the Chief Information Security Officer position and the Information Security Department. The Department consists of five members, 100% of whom hold four internationally recognized information security certifications. Their primary responsibilities include the overall information security structure, managing operations and monitoring, and handling internal and external information security incident response and investigation for the TCC Group. They regularly report work progress to the Chief Information Security Officer, who in turn reports to the Chairman and President of TCC Group. In response to the development of AI, TCC has referred to the Bletchley Declaration and the Frontier AI Safety Commitments, and has been closely following the outcomes of the AI Action Summit to continuously improve and refine its AI policy.

Performance

Taiwan and Mainland China cement operations, subsidiaries OYAK CEMENT, and Molicel have obtained ISO 27001 certification.
Zero critical information security incidents occurred in 2024.
TCC requires 100% of new recruits worldwide to sign an information-security declaration. It also occasionally holds expert courses and distributes security policies and protective measures to enhance cybersecurity awareness among all employees. CIMPOR augments these efforts with CyberReady automated training and six SOC-led sessions each year for high-risk staff. Employee information security education and training reached 3,259 hours and 3,555 participants in 2024.
In 2024, a total of 11 information security health checks and 16 social engineering drills were completed, recording an overall violation rate of 2 percent. TCC maintains a management target of keeping violations below 3 percent.

Information Security Objectives and Management Program

Information Security Objectives

Maintain the stability of TCC Group Holdings' business operations, avoiding operational losses caused by system interruptions or other information security incidents.
Implement appropriate protective measures for sensitive data such as TCC Group Holdings' trade secrets to minimize the impact and risk of information security incidents including damage, theft, leakage, tampering, misuse, and infringement.
Continuously enhance the confidentiality, integrity, and availability of various information assets within the TCC Group Holdings.

Management Program

TCC has established Information Business Continuity Plans at all sites to keep critical systems running and restore operations quickly after a disaster or unexpected event. To validate each plan, sites in Taiwan and Mainland China test it at least every six months, while OYAK CEMENT and CIMPOR test at least once a year, continually sharpening response capabilities and execution.
In 2024, TCC has five dedicated information security personnel and 30 information security support team members. Regular information security education, training, and social engineering drills are conducted to raise awareness among all TCC Group members, ensuring that all employees develop a strong sense of security responsibility.
In 2024, a total of 44 weekly security meetings, 8 monthly security meetings, and 4 quarterly security meetings have been held, actively discussing security tool applications, the current status of security projects, and security personnel allocation.

Information Security Control Measures

TCC Group Holdings has established the TCC Group Information Security Policy, which is available in the

「Investors - Company Regulations」section.

TCC Group Holdings Information Security Related Certificates

ISO/IEC 27001:2022