Information Security
Governance
Corporate Governance

Information Security

Cathay Life Insurance continuously establishes information security management systems, and has set up an independent information security department and chief information security officer responsible for planning, monitoring, and implementing information security management tasks, thereby creating a high-quality and secure financial service environment for customers, employees, shareholders, and stakeholders.
Scroll
  • The first insurance company to obtain BS10012 and ISO29100 certifications
  • No significant information security event was found in 2024, and as a result, Cathay Life won the BSI Information Resilience Excellence Award
  • ① Accumulation period 2024/1/1~2024/12/31
  • ② Accumulated until the end of 2024

Personal Data Security

  • Sound personal data management system
    Cathay Life developed a sound personal information management system, which passed the BSI and obtained the BS10012 Personal Information Management certification in 2014, and passed the reversion certification in 2018. Corresponding GDPR requirements, the Company was the first in the industry to introduce and pass the ISO29100 Information Technology - Security Techniques - Privacy Framework certification, and the first insurance company to obtain BS10012 and ISO29100 certifications.
  • Robust personal data management system
    To ensure the protection and reasonable use of customer data, we will continue to optimize the personal information management system, and strengthen system applications for the protection of personal data. To reduce the risk of personal information breaches, various protection mechanisms have been established, such as gateway data leakage prevention mechanism, the APP control mechanism. We also manage the use of personal information by personal information inventory of the Company’s PCs, and the establishment of a “Personal File Administration Classified Section”, so as to effectively prevent data leakage and achieve personal data protection.
  • Continually strengthen response measures to personal data incidents
    Cathay Life has formulated the Management Regulations on Personal Information Misuse Incidents which stipulated the emergency response procedures for personal information misuse incidents. To achieve better effectiveness of the response procedures, we refer to external case studies every year, plan scenarios, and strengthen emergency response capabilities through simulation drills. In 2022, there were no material personal information misuse incidents, and only 8 cases were the result of sales agents neglecting to inform customers of third parties. Meanwhile, we will continue to strengthen education, training, and promotion for service personnel, in order to reduce the incidents of personal information breaches.

Focus story

  • The first insurance company to obtain BS10012 and ISO29100 certifications
  • In 2024, there were no material personal information misuse incidents


View the sustainability report
TCFD
Climate-Related/Nature-Related Financial Disclosures

TCFD

Disclose Cathay Life Insurance's climate-related actions in terms of “Governance,” “Strategy,” “Risk Management,” and “Metrics and Targets”

See more
back to Empowerment

Want to know more
details about sustainability?

Cathay Life Sustainability Report
browse now