Information Security Risk Management

UMC is well aware that Cyberattacks may not only expose the Company to the risks of data leakage and ransom threats, but also interrupt the production system, causing serious operating losses or even damaging the reputation of the Company. Facing the ever-changing and diverse external threats, it is critical to strengthen corporate information security. Correctly responding to the changing environment with limited resources is an important task.



Information Security Policy Implementation

1. To establish Information Security Management rules in accordance to customer requirements,

2. To reach a consensus that information security is everyone’s responsibility through full awareness,

3. To protect information confidentiality, integrity, and availability for the Company and customers, and

4. To provide a safe production environment to ensure sustainable operation of the Company’s business.



Information Security Committee Organization

“Enterprise Information Security Committee” is responsible for information security management system planning, establishing and maintenance. The Independent Board Director Jyuo-Min Shyu oversees information security and cyber security strategy. Mr. Shyu was the Minister of the Ministry of Science and Technology and the President of Cloud Computing & IoT Association in Taiwan, and led multiple information security projects such as National Information & Communication Security Taskforce as Vice Chairperson and IoT Information Security SIG (Special Interest Group) initiation.

The vice president of the Digital Function serves as the Chief Information Security Officer (CISO), who is responsible for establishing and maintaining the information security strategy and processes that protect information assets.

umc_csr_information_security_en.jpg (62 KB)



Countermeasures for Information Security Risks

1. Strengthen information security protection capability:

    Conduct information security system testing and implement patch regularly. We have business continuity plans in place and test them continually. Establish a network security incident contingency plan and take escalation and recovery actions.

2. Improve information security management procedures:

    UMC has complied with information security-related certifications such as ISO 15408, ISO 22301, and ISO 27001, and carried out continuous improvement through annual recertification.

3. Risk control:

    UMC has purchased information security insurance to transfer risks of information security threats, protecting the Company from cyberattacks and minimizing potential losses.

4. Education and training:

    Company-wide information security training and social engineering phishing tests are conducted to implant information security awareness in every employee.



We value your privacy
Our website uses cookies to enhance user experience and functionality, and to analyze how this site is used in order to make future improvements. Select “Allow All Cookies” to continue, or go to “Manage Cookies” to set your preferences.
Allow All Cookies
Manage Cookies
We value your privacy
For the best user experience, select "Allow All" to consent to the use of all cookies. You can also choose to disable performance & functional cookies below. For more detail about the type of cookies used by UMC and third parties on this website, please refer to our Cookie Policy .
Allow All
Manage Consent Preferences
  • Essential Cookies
    Always Active
    These cookies are essential in order to enable you to move around the website and use its features, such as setting your privacy preferences, logging in or filling in forms. Without these cookies, services requested through usage of our website cannot be properly provided. Essential cookies do not require consent from the user under applicable law. You may configure your web browser to block strictly necessary cookies, but you might then not be able to use the website’s functionalities as intended.
  • Functionality & Performance Cookies
    These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and how visitors move around the site. They help us to improve the user friendliness of a website and therefore enhance the user's experience.