Taiwan Semiconductor Co., Ltd. (“TSC”) announced today that it has officially obtained the ISO 27001:2022 Information Security Management System (ISMS) international certification, signifying that the company’s information security governance and risk management capabilities have reached international standards.
“This certificate represents the collective effort of our entire team. From establishing systems and optimizing processes to scrutinizing and improving every detail, the project team has elevated TSC’s information security management to global standards, demonstrating our commitment to quality and security. However, achieving this certification is only the beginning. Moving forward, we will continue strengthening information security systems at all our manufacturing sites, as well as enhancing ongoing maintenance and management to ensure continuous improvement in our defenses.” the Chairman remarked at the certification ceremony.
Since 2022, TSC has been planning for ISMS implementation, officially launching the project in Q4 2024 with the support of professional consultants. The initiative has progressively completed information asset inventories, risk identification, and control measure planning and implementation. The project encompasses the following key areas:
- Information Security Governance: Establishment of an Information Security Management Committee, led by the Chief Information Security Officer (CISO), with functional subgroups to drive daily security operations.
- Technical Enhancements: Upgrades to firewalls, IDS/IPS, deployment of EDR systems, and company-wide adoption of multi-factor authentication (MFA).
- Business Continuity & Recovery: Development of comprehensive backup and disaster recovery (DR) mechanisms to reduce operational disruption risks.
- Internal Security Awareness: Completion of company-wide security training and social engineering simulation exercises.
TSC emphasized that information security has been integrated into the core of corporate governance, with the guiding principle: “No service interruption, no data loss, and no leakage of personal information.” The company is committed to safeguarding business continuity and protecting customer privacy. As of the end of 2024, TSC had not experienced any security incidents or customer data breaches.
Looking ahead, TSC will continue to adhere to international standards and regulatory requirements, advancing ISMS implementation across all facilities in phases. Through continuous review and optimization, the company aims to further enhance its information security governance and provide global customers with stable, reliable, and secure services.
TSC achieves ISO 27001 Information Security Management System Certification from TUV NORD Taiwan
TSC Chairman Mr. Hsiu-Ting Wang (right) receives the ISO 27001 certification from Mr. Cheng-Chih Yeh (left), Vice President of TUV NORD Greater China and General Manager of TUV NORD Taiwan.