Levelling Up on Information Security in the Digital Era: BenQ Materials Accredited with ISO 27001

May 27, 2022

Microsoft’s CEO has said that COVID-19 accelerated enterprise digital transformation by more than five years. With the rapid take-up of smart technologies in business operations, including the implementation of the Internet of Things (IoT), cloud systems, and artificial intelligence (AI) in business processes, corporate information security is under pressure and severely challenged. 

Research by Deloitte Taiwan found that 69% of companies encountered an increase in the frequency of cyber-attacks in 2021 compared to the previous year. The findings point to cyber-attacks targeting specific industries, notably semiconductors, electronics and 3C product-manufacturing industries, as well as online retail and cloud services.

Following the outbreak of a number of major information security incidents among listed companies in the past few years, Taiwan’s government started to amend its relevant laws and regulations. In December 2021, the government published its "Guidelines on Information Security Control for Listed Companies" to advise on improvements to information security mechanisms, strengthening of operational management, and required companies to have a certain percentage of information security personnel proportionate to their scale of operation.

At BenQ Materials, information security management is included as part of risk management in our ESG strategy. As our business becomes more automated, future-proofed, data-driven and digitally transformed, so has our information security strategies under the auspices of the Information Technology Division’s information security unit in charge of strengthening our information security management operations.

The unit has started to implement ISO 27001, a certification which BenQ Materials received from the British Standards Institute (BSI) in April 2022. ISO 27001 is a global standard that specifies the requirements for establishing, implementing, maintaining, and continually improving information security management systems within the context of the organization.

Leading up to the ISO accreditation, our information security unit established the Information Security Framework to conduct risk assessment from different perspectives, assisting the company to understand possible threats for the overall effectiveness of internal information systems. According to the level of relevant risk, resources have been invested to improve the infrastructure of security governance and technologies, strengthening information security defense equipment, and providing education and training, thereby comprehensively improving the robustness of our information security framework.

In the electronic manufacturing industry, nothing strikes greater fear than an abnormal Office Automation (OA) system in the factory, which may cause production line downtime or the inability to use the internal network and mailbox, thus affecting the company's operation. Therefore, BenQ Materials’ information security management is incorporated in its enterprise resource planning (ERP) and the manufacturing systems of its three Taiwan plants, namely in Taoyuan, Longke and Yunlin. Document management standardization ensures consistent information security-oriented process management, software and hardware management, and further optimizes the maturity of the company's information security.

Accelerated digital transformation requires focused resilience, agility, and operational efficiency. Companies have prioritized information security management to safeguard digital assets and to stay vigilant against a growing number of threats in a competitive marketplace. Previous technical regulations and audit systems are insufficient and need to be upgraded. At the same time, to prevent risks at an early stage, all employees are trained to identify risks, understand protocols, and empowered to speak up when a suspicious activity arises. With official accreditation of our robust information security management system, our ISO 27001 certification is another stepping stone as we further optimize our capabilities for information security.